Вы находитесь на странице: 1из 6

1. What is the final stage in the change control management process? A. Configure the hardware properly. B.

Update documentation and manuals. C. Inform users of the change. D. Report the change to management. answer: D Shon Harris: A common CISSP theme is to report to management, get management s buy in, get management s approval, and so on. The change must first be approved by th e project or program manager. Once the change is completed, it is reported to se nior management, usually as a status report in a meeting or a report that addres ses several things at one time, not necessarily just this one item. 2. Which best describes a logic bomb? A. Used to move assets from one computer to another B. Action triggered by a specified condition C. Self-replicating D. Performs a useful action and a malicious action answer: B Shon Harris: A logic bomb is a program that has been coded to carry out some typ e of activity when a certain event takes place, or when a time and date are met. For example, an attacker may have a computer attack another computer on Michela ngelo s birthday, the logic bomb may be set to execute in two weeks and three minu tes, or it may initiate after a user strikes specific keys in a certain sequence . 3. An application is downloaded from the Internet to perform disk cleanup and to delete unnecessary temporary files. The application is also recording network l ogin data and sending it to another party. This application is best described as which of the following? A. Virus B. Trojan horse C. Worm D. Logic bomb answer: B Shon Harris: A Trojan horse looks like an innocent and helpful program, but in t he background it is carrying out some type of malicious activity unknown to the user. The Trojan horse could be corrupting files, sending the user s password to a n attacker, or attacking another computer. 4. Why are macro viruses so prevalent? A. They replicate quickly. B. They infect every platform in production. C. The languages used to write macros are very easy to use. D. They are activated by events that happen commonly on each system. answer: C Shon Harris: A macro language is written specifically to allow nonprogrammers to program macros. Macros are sequences of steps that can be executed with one key stroke, and they were developed to reduce the repetitive activities of users. Th e language is very simplistic, which is why macro viruses are so easy to write. 5. Which action is not part of configuration management?

A. Submitting a formal request B. Operating system configuration and settings C. Hardware configuration D. Application settings and configuration answer: A Shon Harris: Submitting a formal request would fall under the change control umb rella. Most environments have a change control process that dictates how all cha nges will be handled, approved, and tested. Once the change is approved, there n eeds to be something in place to make sure the actual configurations that are im plemented to carry out this change take place properly. This is the job of confi guration management. 6. Expert systems are used to automate security log review for what purpose? A. To develop user behavioral models B. To ensure best access methods C. To detect intrusion D. To provide statistics that will not be used for baselines answer: C Shon Harris: An IDS can be based on an expert system or have an expert system co mponent. The job of the expert system is to identify patterns that would represe nt an intrusion or an attack that an IDS without this component may not pick up on. The expert system will look at a history of events and identify a pattern th at would be otherwise very hard to uncover. 7. Which form of malware has a purpose of reproducing itself utilizing system re sources? A. Worm B. Virus C. Trojan horse D. Multipart virus answer: A Shon Harris: A worm does not need a host to replicate itself, but it does need a n environment, which would be an operating system and its resources. A virus req uires a host, which is usually a specific application. 8. Expert systems use each of the following items except for _______________. A. Automatic logical processing B. General methods of searching for problem solutions C. Inference engine D. Cycle-based reasoning answer: D Shon Harris: An expert system attempts to reason like a person by using logic th at works with the gray areas in life. It does this by using a knowledge base, au tomatic logical processing components, general methods of searching for solution s, and an inference engine. It carries out its logical processing with rule-base d programming. 9. Which of the following replicates itself by attaching to other programs? A. Worm B. Virus C. Trojan horse D. Malware answer: B

Shon Harris: As stated in an earlier answer, a virus requires a host to replicat e, which is usually a specific application. 10. What is the importance of inference in an expert system? A. The knowledge base contains facts, but must also be able to combine facts to derive new information and solutions. B. The inference machine is important to fight against multipart viruses. C. The knowledge base must work in units to mimic neurons in the brain. D. The access must be controlled to prevent unauthorized access. answer: A Shon Harris: The whole purpose of an expert system is to look at the data that i t has to work with and what the user presents to it and to come up with new or d ifferent solutions. It basically performs data-mining activities, identifies pat terns and relationships the user could not see, and provides solutions. This is the same reason you would go to a human expert. You would give her your informat ion, and she would combine it with the information she knows and give you a solu tion or advice, which is not necessarily the same data you gave her. 11. A system has been patched many times and has recently become infected with a dangerous virus. If antivirus software indicates that disinfecting a file may d amage it, what is the correct action? A. Disinfect the file and contact the vendor. B. Back up the data and disinfect the file. C. Replace the file with the file saved the day before. D. Restore an uninfected version of the patched file from backup media. answer: D Shon Harris: Some files cannot be properly sanitized by the antivirus software w ithout destroying them or affecting their functionality. So, the administrator m ust replace such a file with a known uninfected file. And the administrator need s to make sure he has the patched version of the file, or else he could be intro ducing other problems. Answer C is not the best answer because the administrator may not know that the file was clean yesterday, so just restoring yesterday s fil e may get him into the same boat. 12. Which of the following centrally controls the database and manages different aspects of the data? A. Data storage B. Database C. Data dictionary D. Access control answer: C Shon Harris: A data dictionary holds the schema information about the database. This schema information is represented as metadata. When the database administra tor modifies the database attributes, he is modifying the data dictionary becaus e it is the central component that holds this type of information. When a user a ttempts to access the database, the data dictionary will be consulted to see if this activity is deemed appropriate. 13. What is the purpose of polyinstantiation? A. To restrict lower-level subjects from accessing low-level information B. To make a copy of an object and modify the attributes of the second copy C. To create different objects that will react in different ways to the same inp

ut D. To create different objects that will take on inheritance attributes from the ir class answer: B Shon Harris: Instantiation is what happens when an object is created from a clas s. Polyinstantiation is when more than one object is made, and the other copy is modified to have different attributes. This can be done for several reasons. Th e example that was given in the chapter was a way to use polyinstantiation for s ecurity purposes, to ensure that a lower-level subject could not access an objec t at a higher level. 14. When a database detects an error, what enables it to start processing at a d esignated place? A. Checkpoint B. Data dictionary C. Metadata D. Data-mining tool answer: A Shon Harris: Savepoints and checkpoints are similar in nature. A savepoint is us ed to periodically save the state of the application and the user s information. A checkpoint saves data held in memory to a temporary file. Both are used so that if the application endures a glitch, it has the necessary tools to bring the us er back to his working environment without losing any data. You experience this with a word processor when it asks you if you want to review the recovered versi on of a file you were working on. 15. Database views provide what type of security control? A. Detective B. Corrective C. Preventive D. Administrative answer: C Shon Harris: A database view is put into place to prevent certain users from vie wing specific data. This is a preventive measure, because the administrator is p reventing the users from seeing data that is not meant for them. This is one con trol to use to prevent inference attacks. 16. If one department can view employees work history and another group cannot vi ew their work history, what is this an example of? A. Context-dependent access control B. Content-dependent access control C. Separation of duties D. Mandatory access control answer: B Shon Harris: Content-dependent access control carries out its restrictions based upon the sensitivity of the data. Context-dependent control reviews the previou s access requests and makes an access decision based on the previous activities. 17. Which of the following is used to deter database inference attacks? A. B. C. D. Partitioning, cell suppression, and noise and perturbation Controlling access to the data dictionary Partitioning, cell suppression, and small query sets Partitioning, noise and perturbation, and small query sets

answer: A Shon Harris: Partitioning means to logically split the database into parts. View s then dictate what users can view specific parts. Cell suppression means that s pecific cells are not viewable by certain users. And noise and perturbation is w hen bogus information is inserted into the database to try to give potential att ackers incorrect information. 18. What is a disadvantage of using content-dependent access control on database s? A. It can access other memory addresses. B. It can cause concurrency problems. C. It increases processing and resource overhead. D. It can cause deadlock situations. answer: C Shon Harris: Relative to other types of access control, content-dependent contro l requires a lot of overhead and processing, because it makes decisions based on the sensitivity of the data instead of purely on the identity of the requesting subject. 19. If security was not part of the development of a database, how is it usually handled? A. Cell suppression B. Trusted back end C. Trusted front end D. Views answer: C Shon Harris: A trusted front end can be developed to implement more security tha t the database itself is lacking. It can require a more granular and stringent a ccess control policy by requiring tighter identification and authorization piece s than those that are inherent in the database. Front ends can also be developed to provide more user friendliness and interoperability with other applications. 20. What is an advantage of content-dependent access control in databases? A. Processing overhead B. Ensures concurrency C. Disallows data locking D. Granular control answer: D Shon Harris: As stated in an earlier answer, content-dependent access control ba ses its access decision on the sensitivity of the data. This provides more granu lar control, which almost always means that more processing is required. 21. Which of the following is used in the Distributed Computing Environment tech nology? A. Globally unique identifier (GUID) B. Universal unique identifier (UUID) C. Universal global identifier (UGID) D. Global universal identifier (GUID) answer: B Shon Harris: A universal unique identifier (UUID) is used by DCE, and a globally unique identifier (GUID) is used by DCOM. DCE and DCOM both need a naming struc ture to keep track of their individual components, which is what these different

naming schemes provide. 22. When should security first be addressed in a project? A. During requirements development B. During integration testing C. During design specifications D. During implementation answer: A Shon Harris: The trick to this question, and any one like it, is that security s hould be implemented at the first possible phase of a project. Requirements are gathered and developed at the beginning of a project, which is project initiatio n. The other answers are steps that follow this phase, and security should be in tegrated right off the bat instead of in the middle or at the end. 23. Online application systems that detect an invalid transaction should do whic h of the following? A. Roll back and rewrite over original data. B. Terminate all transactions until properly addressed. C. Write a report to be reviewed. D. Checkpoint each data entry. answer: C Shon Harris: This can seem like a tricky question. It is asking you if the syste m detected an invalid transaction, which is most likely a user error. This error should be logged so that it can be reviewed. After the review, the supervisor, or whoever makes this type of decision, will decide whether or not it was a mist ake and investigate it as needed. If the system had a glitch, power fluctuation, hangup, or any other software- or hardware-related error, that would not be an invalid transaction, and in that case the system would carry out a rollback func tion. 24. What is the final phase of the system development life cycle? A. Certification B. Unit testing C. Development D. Accreditation answer: D Shon Harris: Out of this list, the last phase is accreditation, which is where m anagement formally approves of the product. The question could have had differen t answers. For example, if it had listed disposal, that would be the right answe r because that would be the last phase listed. 25. Which of the following are rows and columns within relational databases? A. Rows and tuples B. Attributes and rows C. Keys and views D. Tuples and attributes answer: D Shon Harris: In a relational database, a row is referred to as a tuple, and a co lumn is referred to as an attribute.