Heating.txt

Card Set Information

Author:
potrykusg
ID:
219310
Filename:
Heating.txt
Updated:
2013-05-12 19:24:35
Tags:
Heating
Folders:

Description:
Heating
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user potrykusg on FreezingBlue Flashcards. What would you like to do?


  1. QUESTION NO: 1 All of the following are basic components of a security policy EXCEPT the definition of the issue and statement of relevant terms. Statement of roles and responsibilities statement of applicability and compliance requirements. Statement of performance of characteristics and requirements.
  2. Answer: D Explanation: Policies are considered the first and highest level of documentation, from which the lower level elements of standards, procedures, and guidelines flow. This order, however, does not mean that policies are more important than the lower elements. These higher-level policies, which are the more general policies and statements, should be created first in the process for strategic reasons, and then the more tactical elements can follow. -Ronald Krutz The CISSP PREP Guide (gold edition) pg. 13
  3. QUESTION NO: 2 A security policy would include all of the following EXCEPT Background Scope statement Audit requirements Enforcement
  4. Answer: B Explanation :
  5. QUESTION NO: 3 Which one of the following is an important characteristic of an information security policy? Identifies major functional areas of information. Quantifies the effect of the loss of the information. Requires the identification of information owners. Lists applications that support the business function.
  6. Answer: A Explanation: Information security policies area high-level plans that describe the goals of the procedures. Policies are not guidelines or standards, nor are they procedures or controls. Policies describe security in general terms, not specifics. They provide the blueprints for an overall security program just as a specification defines your next product - Roberta Bragg CISSP Certification Training Guide (que) pg. 206
  7. QUESTION NO: 4 Ensuring the integrity of business information is the PRIMARY concern of Encryption Security Procedural Security. Logical Security On-line Security
  8. QUESTION NO: 212Which one of the following access control models associates every resource and every user of a resource with one of an ordered set of classes? Take-Grant model Biba model Lattice model Clark-Wilson model
    • Answer: C Explanation: With a lattice model you first have to define a set of security classes that can be assigned to users or objects...After you have defined set of security classes, you define a set flow operations showing when information can flow from one class to another - Roberta Bragg CISSP Certification Training Guide (que) pg. 23
    • QUESTION NO: 213What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples? Bella Lattice Clark-Wilson Bell-LaPadula
    • Answer: C Explanation: Separation of duty is necessarily determined by conditions external to the computer system. The Clark-Wilson scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples. Enforcement is on a per-user basis, using the user ID from the access control triple.
    • QUESTION NO: 214The access matrix model consists of which of the following parts? (Choose all that apply)A. A function that returns an objects type. 100
    • A list of subjects. A list of objects.
    • Answer: A,B,C Explanation: The access matrix model consists of four major parts: A list of objects A list of subjects A function T that returns an object's type The matrix itself, with the objects making the columns and the subjects making the rows Note: This question seems to confuse access control matrix, Harris, 3rd Ed, p 169 with access control types, Ibid, p 188ff"An access control matrix is a table of subjects and objects indicating what actions ... subjects can take upon ... objects", Harris, 3rd Ed, p 169.It would be right if item “A” was “a function that returned an access right”
    • QUESTION NO: 215The access matrix model has which of the following common implementations? Access control lists and capabilities. Access control lists. Capabilities. Access control list and availability.
    • Answer: A Explanation: The two most used implementations are access control lists and capabilities. Access control lists are achieved by placing on each object a list of users and their associated rights to that object.
    • QUESTION NO: 216The lattice-based model aims at protecting against: Illegal attributes. None of the choices. Illegal information flow among the entities. Illegal access rights
    • Answer: C Explanation: The lattice-based model aims at protecting against illegal information flow among the entities. One security class is given to each entity in the system. A flow relation among the security classes is defined to denote that information in one class can flow into another class.
    • QUESTION NO: 217Which of the following are the components of the Chinese wall model? Conflict of interest. All of the choices. Subject Company Datasets.
    • Answer: B Explanation: The model has the following component: COMPONENT EXAMPLE Subject Analyst Object Data item for a single client Company Datasets Give for each company its own company dataset Conflict of interest classes Give for each object companies that have a conflict of interest Labels Company dataset + conflict of interest class Sanitized information No access restriction
    • QUESTION NO: 218Enforcing minimum privileges for general system users can be easily achieved through the use of: TSTEC RBAC TBAC IPSEC
    • Answer: B Explanation: Ensuring least privilege requires identifying what the user's job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with those privileges and nothing more. By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges couldn't be used to circumvent the organizational security policy. Although the concept of least privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system administrator. Through the use of RBAC, enforced minimum privileges for general system users can be easily achieved.
    • QUESTION NO: 219What is necessary for a subject to have write access to an object in a Multi-Level Security Policy? The subject’s sensitivity label must dominate the object’s sensitivity label The subject’s sensitivity label subordinates the object’s sensitivity label The subject’s sensitivity label is subordinated by the object’s sensitivity label The subject’s sensitivity label is dominated by the object’s sensitivity label
    • Answer: A Explanation: The correct answer is: The subject's sensitivity label must dominate the object's sensitivity label. With a Multi-level security policy you have information that has different sensitivity labels. In order to read an object the subject's sensitivity label must be equal to or greater than that of the object. So it would be considered to dominate it, no read up. The following answers are incorrect: The subject's sensitivity label subordinates the object's sensitivity label. Is incorrect because if the subject's sensitivity label subordinates the object's sensitivity label that would mean it is lower and the subject should not have read access to the object. The subject's sensitivity label is subordinated by the object's sensitivity label. Is incorrect because the this would not allow for read access if the sensitivity labels were equal. So the subject's sensitivity label is not subordinated by the object's sensitivity label, the subject's label must dominate the object's label. Remember dominate means equal to or greater than where subordinate means less than. The subject's sensitivity label is dominated by the object's sensitivity label. Is incorrect because if the object's sensitivity label dominates the subject's sensitivity label then the subject should not have access, it is the subject that must dominate the object and not the other way around. Remember dominate means equal to or greater than so this would mean that the object's sensitivity label is equal to or greater than the subject. According to the OIG, Multi-level security is defined as a class of system-containing information with different sensitivities that simultaneously permits access by users with different security clearances and need-to-know, but prevents users from obtaining access to information for which they lack authorization. The Subject's sensitivity label must be equal to or greater than the object's sensitivity label in order for the subject to have read access to it, no read up.
    • QUESTION NO: 220Which of the following security modes of operation involved the highest risk? Compartmented Security Mode Multilevel Security Mode System-High Security Mode Dedicated Security Mode
    • Answer: B Explanation: “Security Modes In a secure environment, information systems are configured to process information in one of four security modes. These modes are set out by the Department of Defense as follows: Systems running compartmental security mode may process two or more types of compartmented information. All system users must have an appropriate clearance to access all information processed by the system but do not necessarily have a need to know all of the information in the system. Compartments are subcategories or compartments within the different classification levels and extreme care is taken to preserve the information within the different compartments. The system may be classified at the Secret level but contain five different compartments, all classified Secret. If a user has only the need to know about two of the five different compartments to do their job, that user can access the system but can only access the two compartments. Compartmented systems are usually dedicated systems for each specific compartment to prevent the chance of any errors, because compartmentalization is the most secret of all the secrets. Systems running in the dedicated security mode are authorized to process only a specific classification level at a time, and all system users must have clearance and a need to know that information. Systems running in multilevel security mode are authorized to process information at more than one level of security even when all system users do not have appropriate clearances or a need to know for all information processed by the system. Systems running in system-high security mode are authorized to process only information that all system users are cleared to read and to have a valid need to know. These systems are not trusted to maintain separation between security levels, and all information processed by these systems must be handled as if it were classified at the same level as the most highly classified information processed by the system. ”Pg. 234 Tittel: CISSP Study Guide
    • QUESTION NO: 221Controlled Security Mode is also known as: Multilevel Security Mode Partitioned Security Mode Dedicated Security Mode System-high Security Mode
    • Answer: A Reference: pg. 264 Krutz: CISSP Prep Guide: Gold Edition
    • QUESTION NO: 222The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity level, or different need-to-know, is called data Contamination Seepage Aggregation Commingling
    • Answer: A Explanation: WOW if you are reading these comments then you know I have disagreed with a bunch of the original answers! Well here is another. The original was Seepage. I think it is Contamination. “The intermixing of data at different sensitivity and need-to-know levels. The lower-level data is said to be contaminated by the higher-level data; thus contaminating (higher-level) data might not receive the required level of protection" -Ronald Krutz The CISSP PREP Guide (gold edition) pg. 890
    • QUESTION NO: 223Which one of the following should be employed to protect data against undetected corruption? Non-repudiation Encryption Authentication Integrity
    • Answer: D Explanation:
    • QUESTION NO: 224Which of the following is a communication path that is not protected by the system’s normal security mechanisms? A trusted path A protection domain A covert channel A maintenance hook
    • Answer: C Explanation:
    • QUESTION NO: 225A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?Covert channel Overt channel Opened channel Closed channel
    • Answer: B Explanation: "An overt channel is a channel of communication that was developed specifically for communication purposes. Processes should be communicating through overt channels, not covert channels." Pg. 237 Shon Harris: All-In-One CISSP Certification Guide.
    • QUESTION NO: 226Covert channel is a communication channel that can be used for: Hardening the system. Violating the security policy. Protecting the DMZ. Strengthening the security policy.
    • Answer: B Explanation: Covert channel is a communication channel that allows transfer of information in a manner that violates the system's security policy.
    • QUESTION NO: 227What is an indirect way to transmit information with no explicit reading of confidential information? Covert channels Backdoor Timing channels Overt channels
    • Answer: A Explanation: Covert channels: indirect ways for transmitting information with no explicit reading of confidential information. This kind of difficulties induced some researcher’s tore-think from scratch the whole problem of guaranteeing security in computer systems.
    • QUESTION NO: 228Which one of the following describes a covert timing channel? Modulated to carry an unintended information signal that can only be detected by special, sensitive receivers. Used by a supervisor to monitor the productivity of a user without their knowledge. Provides the timing trigger to activate a malicious program disguised as a legitimate function. D. Allows one process to signal information to another by modulating its own use of system resources.
    • Answer: D Explanation: A covert channel in which one process signals information to another by modulating its own use of system resources (for example, CPU time) in such a way that this manipulation affects the real response time observed by the second process. - Shon Harris All-in-one CISSP Certification Guide pg. 929
    • QUESTION NO: 229Covert channel analysis is required for Systems processing Top Secret or classified information. A Trusted Computer Base with a level of trust B2 or above. A system that can be monitored in a supervisor state. Systems that use exposed communication links.
    • Answer: B Explanation: Table 6.6 Standards ComparisonB2 Structured Protection (covert channel, device labels, subject sensitivity labels, trusted path, trusted facility management, configuration management) F4+E4 EAL5 - Roberta Bragg CISSP Certification Training Guide (que) pg. 370
    • QUESTION NO: 230In multi-processing systems, which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication? Storage channels Covert channels Timing channels Object channels
    • Answer: B Explanation: Covert channel - A communication path that enables a process to transmit information in a way that violates the system's security policy. - Shon Harris All-in-one CISSP Certification Guide pg. 929
    • QUESTION NO: 231What security risk does a covert channel create? A process can signal information to another process. It bypasses the reference monitor functions. A user can send data to another user. Data can be disclosed by inference.
    • Answer: B Explanation: The risk is not that a process can signal another process. The risk is that the signaling bypasses the reference monitor functions(i.e. the communication is not screened by the security kernel that implements the reference monitor).
    • QUESTION NO: 232What is the essential difference between a self-audit and an independent audit? Tools used Results Objectivity Competence
    • Answer: C Explanation:
    • QUESTION NO: 233What is called the formal acceptance of the adequacy of a system’s overall security by the management? Certification Acceptance Accreditation Evaluation
    • Answer: C Explanation:
    • QUESTION NO: 234FIPS-140 is a standard for the security of: Cryptographic service providers Smartcards Hardware and software cryptographic modules Hardware security modules
    • Answer: C Topic 3, Access
    • QUESTION NO: 235Which of the following will you consider as the MOST secure way of authentication? Biometric Password Token Ticket Granting
  9. QUESTION NO: 573According to the Minimum Security Requirements (MSR) for Multi-User Operating Systems (NISTIR 5153) document, which of the following statements pertaining to audit data recording is incorrect? The system shall provide end-to-end user accountability for all security-relevant events The system shall protect the security audit trail from unauthorized access For maintenance purposes, it shall be possible to disable the recording of activities that require privileges. The system should support an option to maintain the security audit trail data in encrypted format
    • Answer: C Explanation:
    • QUESTION NO: 574Which of the following questions is less likely to help in assessing controls over audit trails? Does the audit trail provide a trace of user actions? Are incidents monitored and tracked until resolved? Is access to online logs strictly controlled? Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?
    • Answer: B Explanation:
    • QUESTION NO: 575You should keep audit trail on which of the following items? Password usage. All unsuccessful logon. All of the choices. All successful logon.
    • Answer: C Explanation: Keep audit trail of password usage; log all Successful logon, Unsuccessful logon, Date, Time, ID, Login name. Control maximum logon attempt rate where possible. Where possible users must be automatically logged off after 30 minutes of inactivity.
    • QUESTION NO: 576In addition to providing an audit trail required by auditors, logging can be used to provide back out and recovery information prevent security violations provide system performance statistics identify fields changed on master files.
    • Answer: B Explanation: Auditing tools are technical controls that track activity within a network on a network device or on a specific computer. Even though auditing is not an activity that will deny an entity access to a network or computer, it will track activities so a network administrator can understand the types of access that took place, identify a security breach, or warn the administrator of suspicious activity. This can be used to point out weakness of their technical controls and help administrators understand where changes need to be made to preserve the necessary security level within the environment. . - Shon Harris All-in-one CISSP Certification Guide pg 179-180
    • QUESTION NO: 577Which of the following should NOT be logged for performance problems? CPU load. Percentage of use. Percentage of idle time. None of the choices.
    • Answer: D Explanation: The level of logging will be according to your company requirements. Below is a list of items that could be logged, please note that some of the items may not be applicable to all operating systems. What is being logged depends on whether you are looking for performance problems or security problems. However you have to be careful about performance problems that could affect your security.
    • QUESTION NO: 578Which of the following should be logged for security problems? Use of mount command. Percentage of idle time. Percentage of use. None of the choices.
    • Answer: A Explanation: The level of logging will be according to your company requirements. Below is a list of items that could be logged, please note that some of the items may not be applicable to all operating systems. What is being logged depends on whether you are looking for performance problems or security problems. However you have to be careful about performance problems that could affect your security.
    • QUESTION NO: 579Which of the following services should be logged for security purpose? bootp All of the choices. sunrpc tftp
    • Answer: B Explanation: Request for the following services should be logged: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs.
    • QUESTION NO: 580The auditing method that assesses the extent of the system testing, and identifies specific program logic that has not been tested is called Decision process analysis Mapping Parallel simulation Test data method
    • Answer: D Explanation: “Testing of software modules or unit testing should be addressed when the modules are being designed. Personnel separate from the programmers should conduct this testing. The test data is part of the specifications. Testing should not only check the modules using normal and valid input data, but it should also check for incorrect types, out-of-range values, and other bounds and/or conditions. Live or actual field data is not recommended for use in the testing procedures because both data types might not cover out-of-range situations and the correct outputs of the test are unknown. Special test suites of data that exercise all paths of the software to the fullest extent possible and whose corrected resulting outputs are known beforehand should be used.” Pg. 345 Krutz: The CISSP Prep Guide: Gold Edition.
    • QUESTION NO: 581Who should NOT have access to the log files? Security staff. Internal audit staff. System administration staff. Manager’s secretary.
    • Answer: D Explanation: Logs must be secured to prevent modification, deletion, and destruction. Only authorized persons should have access or permission to read logs. A person is authorized if he or she is a member of the internal audit staff, security staff, system administration staff, or he or she has a need for such access to perform regular duties.
    • QUESTION NO: 582Which of the following correctly describe the use of the collected logs? They are used in the passive monitoring process only. They are used in the active monitoring process only. They are used in the active and passive monitoring process. They are used in the archiving process only.
    • Answer: C Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time. This period of time will be determined by your company policies. This allows the use of logs for regular and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.
    • QUESTION NO: 583All logs are kept on archive for a period of time. What determines this period of time? Administrator preferences. MTTR Retention polices MTTF
    • Answer: C Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time. This period of time will be determined by your company policies. This allows the use of logs for regular and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.
    • QUESTION NO: 584Logs must be secured to prevent: Creation, modification, and destruction. Modification, deletion, and initialization. Modification, deletion, and destruction. Modification, deletion, and inspection.
    • Answer: C Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time. This period of time will be determined by your company policies. This allows the use of logs for regular and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.
    • QUESTION NO: 585To ensure dependable and secure logging, all computers must have their clock synchronized to: A central timeserver. The log time stamp. The respective local times. None of the choices.
    • Answer: A Explanation: The following pre-requisite must be met to ensure dependable and secure logging: All computers must have their clock synchronized to a central timeserver to ensure accurate time on events being logged. If possible all logs should be centralized for easy analysis and also to help detect patterns of abuse across servers. Logging information traveling on the network must be encrypted if possible. Log files are stored and protected on a machine that has a hardened shell. Log files must not be modifiable without a trace or record of such modification.
    • QUESTION NO: 586To ensure dependable and secure logging, logging information traveling on the network should be: Stored Encrypted Isolated Monitored
    • Answer: B Explanation: The following pre-requisite must be met to ensure dependable and secure logging: All computers must have their clock synchronized to a central timeserver to ensure accurate time on events being logged. If possible all logs should be centralized for easy analysis and also to help detect patterns of abuse across servers. Logging information traveling on the network must be encrypted if possible. Log files are stored and protected on a machine that has a hardened shell. Log files must not be modifiable without a trace or record of such modification.
    • QUESTION NO: 587The activity that consists of collecting information that will be used for monitoring is called: Logging Troubleshooting Auditing Inspecting
    • Answer: A Explanation: Logging is the activity that consists of collecting information that will be used for monitoring and auditing. Detailed logs combined with active monitoring allow detection of security issues before they negatively affect your systems.
    • QUESTION NO: 588How often should logging be run? Once every week. Always Once a day. During maintenance.
    • Answer: B Explanation: Usually logging is done 24 hours per day, 7 days per week, on all available systems and services except during the maintenance window where some of the systems and services may not be available while maintenance is being performed.
    • QUESTION NO: 589Which of the following are security events on Unix that should be logged? All of the choices. Use of Setgid. Change of permissions on system files. Use of Setuid.
    • Answer: A Explanation: The following file changes, conditions, and events are logged: rhosts. UNIX Kernel. /etc/password.rc directory structure. bin files.lib files. Use of Setuid.Use of Setgid.Change of permission on system or critical files.
    • QUESTION NO: 590Which of the following are potential firewall problems that should be logged? Reboot All of the choices. Proxies restarted. Changes to configuration file.
    • Answer: B Explanation: The following firewall configuration problem are logged: Reboot of the firewall. Proxies that cannot start (e.g. Within TIS firewall). Proxies or other important services that have died or restarted. Changes to firewall configuration file.A configuration or system error while firewall is running.
    • QUESTION NO: 591Which of the following is required in order to provide accountability? Authentication Integrity Confidentiality Audit trails
    • Answer: A Reference: pg 5 Tittel: CISSP Study Guide
    • QUESTION NO: 592The principle of accountability is a principle by which specific action can be traced back to:A policy An individual A group A manager
    • Answer: B Explanation: The principle of accountability has been described in many references; it is a principle by which specific action can be traced back to an individual. As mentioned by Idrach, any significant action should be traceable to a specific user. The definition of "Significant" is entirely dependent on your business circumstances and risk management model. It was also mentioned by Rino that tracing the actions of a specific user is fine but we must also be able to ascertain that this specific user was responsible for the uninitiated action.

What would you like to do?

Home > Flashcards > Print Preview