Читаем CISSP Practice полностью

d. Corrective control

311. b. Password management is an example of preventive controls in that passwords deter unauthorized users from accessing a system unless they know the password through some other means.

312. Which one of the following access control policy uses an access control matrix for its implementation?

a. Discretionary access control (DAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Access control lists (ACLs)

312. a. A discretionary access control (DAC) model uses access control matrix where it places the name of users (subjects) in each row and the names of objects (files or programs) in each column of a matrix. The other three choices do not use an access control matrix.

313. Access control mechanisms include which of the following?

a. Directive, preventive, and detective controls

b. Corrective, recovery, and preventive controls

c. Logical, physical, and administrative controls

d. Management, operational, and technical controls

313. c. Access control mechanisms include logical (passwords and encryption), physical (keys and tokens), and administrative (forms and procedures) controls. Directive, preventive, detective, corrective, and recovery controls are controls by action. Management, operational, and technical controls are controls by nature.

314. Which one of the following access control policy uses security labels?

a. Discretionary access control (DAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Access control lists (ACLs)

314. b. Security labels and interfaces are used to determine access based on the mandatory access control (MAC) policy. A security label is the means used to associate a set of security attributes with a specific information object as part of the data structure for that object. Labels could be designated as proprietary data or public data. The other three choices do not use security labels.

315. Intrusion detection and prevention systems serve as which of the following?

a. Barrier mechanism

b. Monitoring mechanism

c. Accountability mechanism

d. Penetration mechanism

315. b. Intrusion detection and prevention systems (IDPS) serve as monitoring mechanisms, watching activities, and making decisions about whether the observed events are suspicious. IDPS can spot attackers circumventing firewalls and report them to system administrators, who can take steps to prevent damage. Firewalls serve as barrier mechanisms, barring entry to some kinds of network traffic and allowing others, based on a firewall policy.

316. Which of the following can coexist in providing strong access control mechanisms?

a. Kerberos authentication and single sign-on system

b. Kerberos authentication and digital signature system

c. Kerberos authentication and asymmetric key system

d. Kerberos authentication and digital certificate system

316. a. When Kerberos authentication is combined with single sign-on systems, it requires establishment of and operating the privilege servers. Kerberos uses symmetric key cryptography, and the other three choices are examples of asymmetric key cryptography.

317. Uses of honeypots and padded cells have which of the following?

a. Social implications

b. Legal implications

c. Technical implications

d. Psychological implications

317. b. The legal implications of using honeypot and padded cell systems are not well defined. It is important to seek guidance from legal counsel before deciding to use either of these systems.

318. From security and safety viewpoints, safety enforcement is tied to which of the following?

a. Job rotation

b. Job description

c. Job enlargement

d. Job enrichment

318. b. Safety is fundamental to ensuring that the most basic of access control policies can be enforced. This enforcement is tied to the job description of an individual employee through access authorizations (e.g., permissions and privileges). Job description lists job tasks, duties, roles, and responsibilities expected of an employee, including safety and security requirements.

The other three choices do not provide safety enforcements. Job rotation makes an employee well-rounded because it broadens an employee’s work experience, job enlargement adds width to a job, and job enrichment adds depth to a job.