topic 2.security operation adimnistration
A 'Pseudo flaw' is which of the following?
A.
An apparent loophole deliberately implanted in an operating system program as a trap
for intruders.
B.
An omission when generating Psuedo-code.
C.
Used for testing for bounds violations in application programming.
D.
A normally generated page fault causing the system to halt.
An apparent loophole deliberately implanted in an operating system program as a trap
for intruders.
A Pseudo flaw is something that looks like it is vulnerable to attack, but really
acts as an alarm or triggers automatic actions when an intruder attempts to exploit the flaw.
The following answers are incorrect:
An omission when generating Psuedo-code. Is incorrect because it is a distractor.
Used for testing for bounds violations in application programming. Is incorrect, this is a
testing methodology.
A normally generated page fault causing the system to halt. This is incorrect because it is
distractor.
Which of the following is the MOST important aspect relating to employee termination?
A.
The details of employee have been removed from active payroll files.
B.
Company property provided to the employee has been returned.
C.
User ID and passwords of the employee have been deleted.
D.
The appropriate company staff are notified about the termination.
The appropriate company staff are notified about the termination.
Even though Logical access to information by a terminated employee is
possible if the ID and password of the terminated employee has not been deleted this is
only one part of the termination procedures. If user ID is not disabled or deleted, it could be
possible for the employee without physical access to visit the companies networks remotely
and gain access to the information. Please note that this can also be seen in a different way: the most important thing to do
could also be to inform others of the person's termination, because even if user ID's and
passwords are deleted, a terminated individual could simply socially engineer their way
back in by calling an individual he/she used to work with and ask them for access. He could
intrude on the facility or use other weaknesses to gain access to information after he has
been terminated.
By notifying the appropriate company staff about the termination, they would in turn intitiate
account termination, ask the employee to return company property, and all credentials
would be withdrawn for the individual concerned. This answer is more complete than
simply disabling account.
It seems harsh and cold when this actually takes place , but too many companies have
been hurt by vengeful employees who have lashed out at the company when their positions
were revoked for one reason or another. If an employee is disgruntled in any way, or the
termination is unfriendly, that employee’s accounts should be disabled right away, and all
passwords on all systems changed.
For your exam you should know the information below:
Employee Termination Processes
Employees join and leave organizations every day. The reasons vary widely, due to
retirement,reduction in force, layoffs, termination with or without cause, relocation to
another city, careeropportunities with other employers, or involuntary transfers.
Terminations may be friendly or unfriendly and will need different levels of care as a result.
Friendly Terminations
Regular termination is when there is little or no evidence or reason to believe that the
termination is not agreeable to both the company and the employee. A standard set of
procedures, typically maintained by the human resources department, governs the
dismissal of the terminated employee to ensure that company property is returned, and all
access is removed. These procedures may include exit interviews and return of keys,
identification cards, badges, tokens, and cryptographic keys. Other property, such as
laptops, cable locks, credit cards, and phone cards, are also collected. The user manager
notifies the security department of the termination to ensure that access is revoked for all
platforms and facilities. Some facilities choose to immediately delete the accounts, while
others choose to disable the accounts for a policy defined period, for example, 30 days, to
account for changes or extensions in the final termination date. The termination process
should include a conversation with the departing associate about their continued
responsibility for confidentiality of information Unfriendly Terminations
Unfriendly terminations may occur when the individual is fired, involuntarily transferred, laid
off,or when the organization has reason to believe that the individual has the means and
intention to potentially cause harm to the system. Individuals with technical skills and higher
levels of access, such as the systems administrators, computer programmers, database
administrators, or any individual with elevated privileges, may present higher risk to the
environment. These individuals could alter files, plant logic bombs to create system file
damage at a future date, or remove sensitive information. Other disgruntled users could
enter erroneous data into the system that may not be discovered for several months. In
these situations, immediate termination of systems access is warranted at the time of
termination or prior to notifying the employee of the termination. Managing the people
aspect of security, from pre-employment to postemployment, is critical to ensure that
trustworthy, competent resources are employed to further the business objectives that will
protect company information. Each of these actions contributes to preventive, detective, or
corrective personnel controls.
The following answers are incorrect:
The other options are less important.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 99
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 129). McGraw-
Hill. Kindle Edition.
The security of a computer application is most effective and economical in which of the
following cases?
A.
The system is optimized prior to the addition of security.
B.
The system is procured off-the-shelf.
C.
The system is customized to meet the specific security threat.
D.
The system is originally designed to provide the necessary security.
The system is originally designed to provide the necessary security.
The earlier in the process that security is planned for and implement thecheaper it is. It is also much more efficient if security is addressed in each phase of the
development cycle rather than an add-on because it gets more complicated to add at the
end. If security plan is developed at the beginning it ensures that security won't be
overlooked.
The following answers are incorrect:
The system is optimized prior to the addition of security. Is incorrect because if you wait to
implement security after a system is completed the cost of adding security increases
dramtically and can become much more complex.
The system is procured off-the-shelf. Is incorrect because it is often difficult to add security
to off-the shelf systems.
The system is customized to meet the specific security threat. Is incorrect because this is a
distractor. This implies only a single threat
When considering an IT System Development Life-cycle, security should be:
A.
Mostly considered during the initiation phase.
B.
Mostly considered during the development phase.
C.
Treated as an integral part of the overall system design.
D.
Added once the design is completed.
Treated as an integral part of the overall system design.
Explanation: Security must be considered in information system design. Experience has
shown it is very difficult to implement security measures properly and successfully after a
system has been developed, so it should be integrated fully into the system life-cycle
process. This includes establishing security policies, understanding the resulting security
requirements, participating in the evaluation of security products, and finally in the
engineering, design, implementation, and disposal of the system.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology
(NIST), NIST Special Publication 800-27, Engineering Principles for Information
Technology Security (A Baseline for Achieving Security), June 2001 (page 7).
Which of the following does not address Database Management Systems (DBMS)
Security?
A.
Perturbation
B.
Cell suppression
C.
Padded cells
D.
Partitioning
Padded cells
Padded cells complement Intrusion Detection Systems (IDSs) and are not
related to DBMS security. Padded cells are simulated environments to which IDSs
seamlessly transfer detected attackers and are designed to convince an attacker that the
attack is going according to the plan. Cell suppression is a technique used against
inference attacks by not revealing information in the case where a statistical query
produces a very small result set. Perturbation also addresses inference attacks but
involves making minor modifications to the results to a query. Partitioning involves splitting
a database into two or more physical or logical parts; especially relevant for multilevel
secure databases.
Source: LaROSA, Jeanette (domain leader), Application and System Development Security
CISSP Open Study Guide, version 3.0, January 2002.
An Architecture where there are more than two execution domains or privilege levels is
called:
A.
Ring Architecture.
B.
Ring Layering
C.
Network Environment.
D.
Security Models
Ring Architecture.
Explanation: In computer science, hierarchical protection domains, often called protection
rings, are a mechanism to protect data and functionality from faults (fault tolerance) and
malicious behavior (computer security). This approach is diametrically opposite to that of
capability-based security.
Computer operating systems provide different levels of access to resources. A protection
ring is one of two or more hierarchical levels or layers of privilege within the architecture of
a computer system. This is generally hardware-enforced by some CPU architectures that
provide different CPU modes at the hardware or microcode level. Rings are arranged in a
hierarchy from most privileged (most trusted, usually numbered zero) to least privileged
(least trusted, usually with the highest ring number). On most operating systems, Ring 0 is
the level with the most privileges and interacts most directly with the physical hardware
such as the CPU and memory.
Special gates between rings are provided to allow an outer ring to access an inner ring's
resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating
access between rings can improve security by preventing programs from one ring or
privilege level from misusing resources intended for programs in another. For example,
spyware running as a user program in Ring 3 should be prevented from turning on a web
camera without informing the user, since hardware access should be a Ring 1 function
reserved for device drivers. Programs such as web browsers running in higher numbered
rings must request access to the network, a resource restricted to a lower numbered ring.
Ring Architecture All of the other answers are incorrect because they are detractors.
References:
OIG CBK Security Architecture and Models (page 311)
and
https://en.wikipedia.org/wiki/Ring_%28computer_security%29
The Information Technology Security Evaluation Criteria (ITSEC) was written to address
which of the following that the Orange Book did not address?
A.
integrity and confidentiality.
B.
confidentiality and availability.
C.
integrity and availability.
D.
none of the above.
integrity and availability.
TCSEC focused on confidentiality while ITSEC added integrity and
availability as security goals.
The following answers are incorrect:
integrity and confidentiality. Is incorrect because TCSEC addressed confidentiality.
confidentiality and availability. Is incorrect because TCSEC addressed confidentiality.
none of the above. Is incorrect because ITSEC added integrity and availability as security
goals.
What does "System Integrity" mean?
A.
The software of the system has been implemented as designed.
B.
Users can't tamper with processes they do not own.
C.
Hardware and firmware have undergone periodic testing to verify that they are
functioning properly.
D.
Design specifications have been verified against the formal top-level specification.
Hardware and firmware have undergone periodic testing to verify that they are
functioning properly.
System Integrity means that all components of the system cannot be
tampered with by unauthorized personnel and can be verified that they work properly.
The following answers are incorrect:
The software of the system has been implemented as designed. Is incorrect because this
would fall under Trusted system distribution.
Users can't tamper with processes they do not own. Is incorrect because this would fall
under Configuration Management.
Design specifications have been verified against the formal top-level specification. Is
incorrect because this would fall under Specification and verification.
References:
AIOv3 Security Models and Architecture (pages 302 - 306)
DOD TCSEC - http://www.cerberussystems.com/INFOSEC/stds/d520028.htm
Which of the following embodies all the detailed actions that personnel are required to
follow?
A.
Standards
B.
Guidelines
C.
Procedures
D.
Baselines
Procedures
Procedures are step-by-step instructions in support of of the policies, standards, guidelines and baselines. The procedure indicates how the policy will be
implemented and who does what to accomplish the tasks."
Standards is incorrect. Standards are a "Mandatory statement of minimum requirements
that support some part of a policy, the standards in this case is your own company
standards and not standards such as the ISO standards"
Guidelines is incorrect. "Guidelines are discretionary or optional controls used to enable
individuals to make judgments with respect to security actions."
Baselines is incorrect. Baselines "are a minimum acceptable level of security. This
minimum is implemented using specific rules necessary to implement the security controls
in support of the policy and standards." For example, requiring a password of at leat 8
character would be an example. Requiring all users to have a minimun of an antivirus, a
personal firewall, and an anti spyware tool could be another example.
References:
CBK, pp. 12 - 16. Note especially the discussion of the "hammer policy" on pp. 16-17 for
the differences between policy, standard, guideline and procedure.
AIO3, pp. 88-93.
Which of the following would provide the BEST stress testing environment taking under
consideration and avoiding possible data exposure and leaks of sensitive data?
A.
Test environment using test data.
B.
Test environment using sanitized live workloads data.
C.
Production environment using test data.
D.
Production environment using sanitized live workloads data.
Test environment using sanitized live workloads data.
The best way to properly verify an application or system during a stress test
would be to expose it to "live" data that has been sanitized to avoid exposing any sensitive
information or Personally Identifiable Data (PII) while in a testing environment. Fabricated
test data may not be as varied, complex or computationally demanding as "live" data. A production environment should never be used to test a product, as a production
environment is one where the application or system is being put to commercial or
operational use. It is a best practice to perform testing in a non-production environment.
Stress testing is carried out to ensure a system can cope with production workloads, but as
it may be tested to destruction, a test environment should always be used to avoid
damaging the production environment. Hence, testing should never take place in a
production environment. If only test data is used, there is no certainty that the system was
adequately stress tested.
The control of communications test equipment should be clearly addressed by security
policy for which of the following reasons?
A.
Test equipment is easily damaged.
B.
Test equipment can be used to browse information passing on a network.
C.
Test equipment is difficult to replace if lost or stolen.
D.
Test equipment must always be available for the maintenance personnel.
Test equipment can be used to browse information passing on a network.
Test equipment must be secured. There are equipment and other tools that if
in the wrong hands could be used to "sniff" network traffic and also be used to commit
fraud. The storage and use of this equipment should be detailed in the security policy for
this reason.
The following answers are incorrect:
Test equipment is easily damaged. Is incorrect because it is not the best answer, and from
a security point of view not relevent.
Test equipment is difficult to replace if lost or stolen. Is incorrect because it is not the best
answer, and from a security point of view not relevent.
Test equipment must always be available for the maintenance personnel. Is incorrect
because it is not the best answer, and from a security point of view not relevent.
References:
OIG CBK Operations Security (pages 642 - 643)
External consistency ensures that the data stored in the database is:
A.
in-consistent with the real world.
B.
remains consistant when sent from one system to another.
C.
consistent with the logical world.
D.
consistent with the real world.
consistent with the real world.
External consistency ensures that the data stored in the database is
consistent with the real world.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, page 33.
Page 29 out of 88 Pages |
Previous |