Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
|
In addition to providing an audit trail required by auditors, logging can be used to
A. provide backout and recovery information B. prevent security violations C. provide system performance statistics D. identify fields changed on master files. |
Answer: B
Auditing tools are technical controls that track activity within a network on a network device or on a specific computer. Even though auditing is not an activity that will deny an entity access to a network or computer, it will track activities so a network administrator can understand the types of access that took place, identify a security breach, or warn the administrator of suspicious activity. This can be used to point out weakness of their technical controls and help administrators understand where changes need to be made to preserve the necessary security level within the environment. |
|
|
Which of the following should NOT be logged for performance problems?
A. CPU load. B. Percentage of use. C. Percentage of idle time. D. None of the choices |
Answer: D
Explanation: The level of logging will be according to your company requirements. Below is a list of items that could be logged, please note that some of the items may not be applicable to all operating systems. What is being logged depends on whether you are looking for performance problems or security problems. However you have to be careful about performance problems that could affect your security. |
|
|
Which of the following should be logged for security problems?
A. Use of mount command. B. Percentage of idle time. C. Percentage of use. D. None of the choices. |
Answer: A
|
|
|
Which of the following services should be logged for security purpose?
A. bootp B. All of the choices. C. sunrpc D. tftp |
Answer: B
Explanation: Request for the following services should be logged: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs. |
|
|
The auditing method that assesses the extent of the system testing, and identifies specific program logic that has
not been tested is called A. Decision process analysis B. Mapping C. Parallel simulation D. Test data method |
Answer: D
"Testing of software modules or unit testing should be addressed when the modules are being designed. Personnel separate from the programmers should conduct this testing. The test data is part of the specifications. Testing should not only check the modules using normal and valid input data, but it should also check for incorrect types, out-of-range values, and other bounds and/or conditions |
|
|
Which of the following correctly describe the use of the collected logs?
A. They are used in the passive monitoring process only. B. They are used in the active monitoring process only. C. They are used in the active and passive monitoring process. D. They are used in the archiving process only. |
Answer: C
Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time. |
|
|
Logs must be secured to prevent:
A. Creation, modification, and destruction. B. Modification, deletion, and initialization. C. Modification, deletion, and destruction. D. Modification, deletion, and inspection. |
Answer: C
|
|
|
Which of the following are security events on Unix that should be logged?
A. All of the choices. B. Use of Setgid. C. Change of permissions on system files. D. Use of Setuid. |
Answer: A
Explanation: The following file changes, conditions, and events are logged: .rhosts. UNIX Kernel. /etc/password. rc directory structure. bin files. lib files. Use of Setuid. Use of Setgid. Change of permission |
|
|
What types of computer attacks are most commonly reported by IDSs?
A. System penetration B. Denial of service C. System scanning D. All of the choices |
Answer: D
Explanation: Three types of computer attacks are most commonly reported by IDSs: system scanning, denial of service (DOS), and system penetration. These attacks can be launched locally, on the attacked machine, or remotely, using a network to access the target. An IDS operator must understand the differences between these types of attacks, as each requires a different set of responses |
|
|
Configuration Management controls what?
A.) Auditing of changes to the Trusted Computing Base B.) Control of changes to the Trusted Computing Base C.) Changes in the configuration access to the Trusted Computing Base D.) Auditing and controlling any changes to the Trusted Computing Base |
Answer: D
|
|
|
Which set of principal tasks constitutes configuration management?
A. Program management, system engineering, and quality assurance. B. Requirements verification, design, and system integration and testing. C. Independent validation and verification of the initial and subsequent baseline. D. Identification, control, status accounting, and auditing of changes. |
Answer: D
Configuration management is the process of tracking and approving changes to a system. It involves identifying, controlling, and auditing all changes made to the system. |
|
|
Which of the following are functions that are compatible in a properly segregated
environment? A.) Security administration and quality assurance B.) Security administration and data entry C.) Security administration and application programming D.) Application programming and data entry |
Answer: A
Explanation: Security Administration and Quality Assurance are the most similar tasks. Administrative Management |
|
|
What set of principles is the basis for information systems controls?
A. Authentication, audit trails, and awareness briefings B. Individual accountability, auditing, and separation of duties C. Need to know, identification, and authenticity D. Audit trails, limited tenure, and awareness briefings |
Answer: C
"In addition to the CIA Triad, there is a plethora of other security-related concepts, principles, and tenants that should be considered and addressed when designing a security policy and deploying a security solution. This section discusses privacy, identification, authentication, authorization, accountability, nonrepudiation, and auditing |
|
|
An audit trail is a category of what control?
A. System, Manual B. Detective, Technical C. User, Technical D. Detective, Manual |
Answer: B
Explanation: Detective Technical Controls warn of technical Access Control violations. Under this category you would find the following: Audit trails Violation reports Intrusion detection system Honeypot |
|
|
Technical controls such as encryption and access control can be built into the operating
system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A.) Preventive/Administrative Pairing B.) Preventive/Technical Pairing C.) Preventive/Physical Pairing D.) Detective/Technical Pairing |
Answer: B
|
|
|
Which one of the following can be identified when exceptions occur using operations
security detective controls? A. Unauthorized people seeing confidential reports. B. Unauthorized people destroying confidential reports. C. Authorized operations people performing unauthorized functions. D. Authorized operations people not responding to important console messages. |
Answer: C
C is the one that makes the most sence. [Operation Security] Detective Controls are used to detect an error once it has occurred. Unlike preventative controls, these controls operate after the fact and can be used to track an unauthorized transaction for prosecution, or to lessen an error's impact on the system by identifying it quickly. An example of this type of control is an audit trail. |
|
|
Which of the following is not an example of an operation control?
A.) backup and recovery B.) audit trails C.) contingency planning D.) operations procedures |
Answer: C
"Operation controls are the mechanisms and daily procedures that provide protection for systems." When designing a protection scheme for resources, it is important to keep the following aspects or elements of the IT infrastructure in mind: Communication hardware/software Boundary devices Processing equipment Password files Application program libraries Application source code Vendor software Operating System System Utilities Directories and address tables |
|
|
Access control allows you to exercise directing influence over which of the following aspects
of a system? A. Behavior, user, and content provider. B. Behavior, use, and content. C. User logs and content. D. None of the choices. |
Explanation:
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system. |
|
|
The ability to do something with a computer resource can be explicitly enabled or
restricted through: A. Physical and system-based controls. B. Theoretical and system-based controls. C. Mental and system-based controls. D. Physical and trap-based controls. |
Answer: A
Explanation: Access is the ability to do something with a computer resource (e.g., use, change, or view). Access control is the means by which the ability is explicitly enabled or restricted in some way (Usually through physical and system-based controls). |
|
|
Which of the following is not a detective technical control?
A. Intrusion detection system B. Violation reports C. Honeypot D. None of the choices. |
Answer: D
Explanation: Detective Technical Controls warn of technical Access Control violations. Under this category you would find the following: Audit trails Violation reports Intrusion detection system Honeypot |
|
|
Operation controls are
|
the mechanisms and daily procedures that provide protection for
systems." |
|
|
By technical controls we mean some or all of the following:
|
Access Control software
Antivirus Software Passwords Smart Cards Encryption Call-back systems Two factor authentication |
|
|
Which of the following is not a form of detective administrative control?
A.) Rotation of duties B.) Required vacations C.) Separation of duties D.) Security reviews and audits |
Answer: C
|
|
|
Which of the following is NOT a type of access control?
A. Intrusive B. Deterrent C. Detective D. Preventive |
Answer: A
Explanation: There are different types of access control. Access controls can be categorized as follows: Preventive (in order to avoid occurrence) Detective (in order to detect or identify occurrences) Deterrent (in order to discourage occurrences) Corrective (In order to correct or restore controls) Recovery (in order to restore resources, capabilities, or losses) |
|
|
What are the benefits of job rotation?
A. All of the choices. B. Trained backup in case of emergencies. C. Protect against fraud. D. Cross training to employees. |
Answer: A
|
|
|
Which of the following control pairing include organizational policies and procedures,
pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks in? A.) Preventive/Administrative Pairing B.) Preventive/Technical Pairing C.) Preventive/Physical Pairing D.) Detective/Administrative Pairing |
Answer: A
|
|
|
Which of the following are functions that are compatible in a properly segregated
environment? A.) Application programming and computer operation B.) Systems programming and job control analysis C.) Access authorization and database administration D.) Systems development and systems maintenance |
Answer: D
|
|
|
Which of the following are functions that are compatible in a properly segregated
environment? A.) Security administration and quality assurance B.) Security administration and data entry C.) Security administration and application programming D.) Application programming and data entry |
Answer: A
Security Administration and Quality Assurance are the most similar tasks Another example:computer operator versus the functions of a system administrator. |
|
|
Which of the following are functions that are compatible in a properly segregated environment?
A.) Data entry and job scheduling B.) Database administration and systems security C.) Systems analyst and application programming D.) Security administration and systems programming |
Answer: A
The two most similar jobs are Data Entry and Job Scheduling...a programmer should not be the one to test her own code. |
|
|
Which of the following are functions that are compatible in a properly segregated
environment? A.) Application programming and computer operation B.) Systems programming and job control analysis C.) Access authorization and database administration D.) System development and systems maintenance |
Answer: C
Access Authorization and Database Administration are the most similar tasks of all the choices |
|
|
A timely review of system access audit records would be an example of which of the basic
security functions? A.) avoidance B.) deterrence C.) prevention D.) detection |
Answer: D
|
|
|
A security control should
A. Allow for many exceptions. B. Cover all contingencies. C. Not rely on the security of its mechanism. D. Change frequently. |
Answer: C
|
|
|
What set of principles is the basis for information systems controls?
A. Authentication, audit trails, and awareness briefings B. Individual accountability, auditing, and separation of duties C. Need to know, identification, and authenticity D. Audit trails, limited tenure, and awareness briefings |
Answer: C
"In addition to the CIA Triad, privacy, identification, authentication, authorization, accountability, nonrepudiation, and auditing |
|
|
An audit trail is a category of what control?
A. System, Manual B. Detective, Technical C. User, Technical D. Detective, Manual |
Answer: B
Detective Technical Controls warn of technical Access Control violations. Under this category you would find the following: Audit trails Violation reports Intrusion detection system Honeypot |
|
|
Which one of the following can be identified when exceptions occur using operations
security detective controls? A. Unauthorized people seeing confidential reports. B. Unauthorized people destroying confidential reports. C. Authorized operations people performing unauthorized functions. D. Authorized operations people not responding to important console messages. |
Answer: C
Detective Controls are used to detect an error once it has occurred. Unlike preventative controls, these controls operate after the fact and can be used to track an unauthorized transaction for prosecution, or to lessen an error's impact on the system by identifying it quickly. An example of this type of control is an audit trail. |
|
|
Which of the following is not an example of an operational control?
A.) backup and recovery B.) audit trails C.) contingency planning D.) operations procedures |
Answer: B
Audit Trails are under Operations Security Auditing opposed to Operations Security Operations Controls. "Operations Controls embody the day-to-day procedures used to protect computer operations. The concepts of resource protection, hardware/software control, and privileged entity must be understood by the CISSP candidate |
|
|
Access control allows you to exercise directing influence over which of the following aspects
of a system? A. Behavior, user, and content provider. B. Behavior, use, and content. C. User logs and content. D. None of the choices. |
Answer: B
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. |
|
|
There are several different categories of access control. The main categories are:
--Physical Access Control --Administrative Access Control --Logical Access Control --Data Access Control |
L.A.P.D
|
|
|
Which of the following is not a detective technical control?
A. Intrusion detection system B. Violation reports C. Honeypot D. None of the choices |
Answer: D
Explanation: Detective Technical Controls warn of technical Access Control violations. Under this category you would find the following: Audit trails Violation reports Intrusion detection system Honeypot |
|
|
A two factor authentication method is considered a:
A. Technical control B. Patching control C. Corrective control D. Logical control |
Answer: a
Explanation: By technical controls we mean some or all of the following: Access Control software Antivirus Software Passwords Smart Cards Encryption Call-back systems Two factor authentication |
|
|
Which of the following is not a form of detective administrative control?
A.) Rotation of duties B.) Required vacations C.) Separation of duties D.) Security reviews and audits |
Answer: C
|
