Читаем CISSP Practice полностью

124. What is the best way to handle bot attacks in an organization?

a. Install antivirus software.

b. Install antispyware software.

c. Update software with patches.

d. Develop and train a white team.

124. d. A white team is an internal team that initiates action to respond to security incidents on an emergency basis. The scope of a white team’s work includes diagnosing attacks, profiling attacks, notifying law enforcement authorities and the Internet service provider (ISP), measuring the impact of the attack on customer service, and developing application systems to filter the bogus incoming data packets. There is no single preventive solution to handle the bot attack problems because new bots are created all the time. The best method is to respond on an after-the-fact basis with a white team supplemented by installing antivirus and spyware software and updating software with patches and fixes.

125. Which of the following models is used for formally specifying and verifying protocols?

a. Markov model

b. Finite state machine model

c. Protocol stack

d. Protocol data unit

125. b. The finite state machine (FSM) model is used for formally specifying and verifying protocols. In the FSM model, mathematical techniques are used in specifying and verifying the protocol correctness because it defines or implements the control structure of a system.

The other three choices do not deal with formally specifying and verifying protocols. The Markov model is used to model a system regarding its failure states to evaluate the reliability, safety, and availability of the system. A protocol stack is a list of protocols used by a system (e.g., TCP/IP suite). A protocol data unit is a unit of data specified in a protocol and includes user data and other information.

126. Which of the following cannot provide effective security at the endpoints of a network?

a. Antimalware software

b. Personal firewalls

c. Strong password policies

d. Host-based intrusion detection and prevention system

126. c. Password policies, even if they are strong, are difficult to implement and enforce at the personal computer and workstation levels due to unpredictable behavior of end users. If password policies are implemented incorrectly or used poorly, an attacker can undermine the best security configuration. The other three choices provide effective security at the endpoints of a network because they are technical security controls and do not deal with end users.

127. Both Internet Protocol security (IPsec) and a virtual private network (VPN) can be implemented with which of the following?

1. Using the symmetric cryptography

2. Protecting the data

3. Using the asymmetric cryptography

4. Authenticating the parties

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

127. d. VPNs can use both symmetric and asymmetric forms of cryptography. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. Most IPsec implementations use both symmetric and asymmetric cryptography. Asymmetric cryptography is used to authenticate the identities of both parties, whereas symmetric encryption is used for protecting the actual data because of its relative efficiency.

128. Which of the following is used to encrypt the bulk of the data being sent over a virtual private network (VPN)?

1. Symmetric cryptography

2. Private key cryptography

3. Asymmetric cryptography

4. Public key cryptography

a. 1 only

b. 3 only

c. 4 only

d. 1 and 2

128. d. Symmetric cryptography (also known as private key cryptography) is generally more efficient and requires less processing power than asymmetric cryptography, which is why it is typically used to encrypt the bulk of the data being sent over a VPN. One problem with symmetric cryptography is with the key exchange process; keys must be exchanged out-of-band to ensure confidentiality. Out-of-band refers to using a separate communications mechanism to transfer information. For example, the VPN cannot be used to exchange the keys securely because the keys are required to provide the necessary protection. Asymmetric cryptography (also known as public key cryptography) uses two separate keys to exchange data.