Bookmark and Share

Front Back
1. What is the final stage in the change control management process? A. Configure the hardware properly. B. Update documentation and manuals. C. Inform users of the change. D. Report the change to management.
1. D. A common CISSP theme is to report to management, get management’s buy in, get management’s approval, and so on. The change must first be approved by the project or program manager. Once the change is completed, it is reported to senior management, usually as a status report in a meeting or a report that addresses several things at one time, not necessarily just this one item.
2. Which best describes a logic bomb? A. It’s used to move assets from one computer to another. B. It’s an action triggered by a specified condition. C. It’s self-replicating. D. It performs both a useful action and a malicious action.
2. B. A logic bomb is a program that has been coded to carry out some type of activity when a certain event takes place, or when a time and date are met. For example, an attacker may have a computer attack another computer on Michelangelo’s birthday, the logic bomb may be set to execute in two weeks and three minutes, or it may initiate after a user strikes specific keys in a certain sequence.
3. An application is downloaded from the Internet to perform disk cleanup and to delete unnecessary temporary files. The application is also recording network login data and sending it to another party. This application is best described as which of the following? A. A virus B. A Trojan horse C. A worm D. A logic bomb
3. B. A Trojan horse looks like an innocent and helpful program, but in the background it is carrying out some type of malicious activity unknown to the user. The Trojan horse could be corrupting files, sending the user’s password to an attacker, or attacking another computer.
4. Why are macro viruses so prevalent? A. They replicate quickly. B. They infect every platform in production. C. The languages used to write macros are very easy to use. D. They are activated by events that happen commonly on each system.
4. C. A macro language is written specifically to allow nonprogrammers to program macros. Macros are sequences of steps that can be executed with one keystroke, and were developed to reduce the repetitive activities of users. The language is very simplistic, which is why macro viruses are so easy to write.
5. Which action is not part of configuration management? A. Submitting a formal request B. Operating system configuration and settings C. Hardware configuration D. Application settings and configuration
5. A. Submitting a formal request would fall under the change control umbrella. Most environments have a change control process that dictates how all changes will be handled, approved, and tested. Once the change is approved, there needs to be something in place to make sure the actual configurations implemented to carry out this change take place properly. This is the job of configuration management.
7. Which form of malware is designed to reproduce itself by utilizing system resources? A. A worm B. A virus C. A Trojan horse D. A multipart virus
7. A. A worm does not need a host to replicate itself, but it does need an environment, which would be an operating system and its resources. A virus requires a host, which is usually a specific application.
8. Expert systems use each of the following items except for _______________. A. Automatic logical processing B. General methods of searching for problem solutions C. An inference engine D. Cycle-based reasoning
8. D. An expert system attempts to reason like a person by using logic that works with the gray areas in life. It does this by using a knowledge base, automatic logical processing components, general methods of searching for solutions, and an inference engine. It carries out its logical processing with rule-based programming.
9. Which of the following replicates itself by attaching to other programs? A. A worm B. A virus C. A Trojan horse D. Malware
9. B. As stated in an earlier answer, a virus requires a host to replicate, which is usually a specific application.
10. What is the importance of inference in an expert system? A. The knowledge base contains facts, but must also be able to combine facts to derive new information and solutions. B. The inference machine is important to fight against multipart viruses. C. The knowledge base must work in units to mimic neurons in the brain. D. The access must be controlled to prevent unauthorized access.
10. A. The whole purpose of an expert system is to look at the data it has to work with and what the user presents to it and to come up with new or different solutions. It basically performs data-mining activities, identifies patterns and relationships the user can’t see, and provides solutions. This is the same reason you would go to a human expert. You would give her your information, and she would combine it with the information she knows and give you a solution or advice, which is not necessarily the same data you gave her.
11. A system has been patched many times and has recently become infected with a dangerous virus. If antivirus software indicates that disinfecting a file may damage it, what is the correct action? A. Disinfect the file and contact the vendor. B. Back up the data and disinfect the file. C. Replace the file with the file saved the day before. D. Restore an uninfected version of the patched file from backup media.
11. D. Some files cannot be properly sanitized by the antivirus software without destroying them or affecting their functionality. So, the administrator must replace such a file with a known uninfected file. Plus, the administrator needs to make sure he has the patched version of the file, or else he could be introducing other problems. Answer C is not the best answer because the administrator may not know the file was clean yesterday, so just restoring yesterday’s file may put him right back in the same boat
12. Which of the following centrally controls the database and manages different aspects of the data? A. Data storage B. The database C. A data dictionary
12. C. A data dictionary holds the schema information about the database. This schema information is represented as metadata. When the database administrator modifies the database attributes, she is modifying the data dictionary because it is the central component that holds this type of information. When a user attempts to access the database, the data dictionary will be consulted to see if this activity is deemed appropriate.
13. What is the purpose of polyinstantiation? A. To restrict lower-level subjects from accessing low-level information B. To make a copy of an object and modify the attributes of the second copy C. To create different objects that will react in different ways to the same input D. To create different objects that will take on inheritance attributes from their class
13. B. Instantiation is what happens when an object is created from a class. Polyinstantiation is when more than one object is made, and the other copy is modified to have different attributes. This can be done for several reasons. The example given in the chapter was a way to use polyinstantiation for security purposes, to ensure that a lower-level subject could not access an object at a higher level.
14. When a database detects an error, what enables it to start processing at a designated place? A. A checkpoint B. A data dictionary C. Metadata D. A data-mining tool
14. A. Savepoints and checkpoints are similar in nature. A savepoint is used to periodically save the state of the application and the user’s information, while a checkpoint saves data held in memory to a temporary file. Both are used so that if the application endures a glitch, it has the necessary tools to bring the user back to his working environment without losing any data. You experience this with a word processor when it asks you if you want to review the recovered version of a file you were working on.
15. Database views provide what type of security control? A. Detective B. Corrective C. Preventive D. Administrative
15. C. A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks.
16. If one department can view employees’ work history and another group cannot view their work history, what is this an example of? A. Context-dependent access control B. Content-dependent access control C. Separation of duties D. Mandatory access control
16. B. Content-dependent access control carries out its restrictions based upon the sensitivity of the data. Context-dependent control reviews the previous access requests and makes an access decision based on the previous activities.
17. Which of the following is used to deter database inference attacks? A. Partitioning, cell suppression, and noise and perturbation B. Controlling access to the data dictionary C. Partitioning, cell suppression, and small query sets D. Partitioning, noise and perturbation, and small query sets
17. A. Partitioning means to logically split the database into parts. Views then dictate what users can view specific parts. Cell suppression means that specific cells are not viewable by certain users. And noise and perturbation is when bogus information is inserted into the database to try to give potential attackers incorrect information.
18. What is a disadvantage of using context-dependent access control on databases? A. It can access other memory addresses. B. It can cause concurrency problems. C. It increases processing and resource overhead. D. It can cause deadlock situations.
18. C. Relative to other types of access control, context-dependent control requires a lot of overhead and processing, because it makes decisions based on many different variables.
19. If security was not part of the development of a database, how is it usually handled? A. Through cell suppression B. By a trusted back end C. By a trusted front end D. By views
19. C. A trusted front end can be developed to implement more security that the database itself is lacking. It can require a more granular and stringent access control policy by requiring tighter identification and authorization pieces than those inherent in the database. Front ends can also be developed to provide more user friendliness and interoperability with other applications.
20. What is an advantage of content-dependent access control in databases? A. Processing overhead. B. It ensures concurrency. C. It disallows data locking. D. Granular control.
20. D. As stated in an earlier answer, content-dependent access control bases its access decision on the sensitivity of the data. This provides more granular control, which almost always means more processing is required.
21. Which of the following is used in the Distributed Computing Environment technology? A. A globally unique identifier (GUID) B. A universal unique identifier (UUID) C. A universal global identifier (UGID) D. A global universal identifier (GUID)
21. B. A universal unique identifier (UUID) is used by DCE, and a globally unique identifier (GUID) is used by DCOM. DCE and DCOM both need a naming structure to keep track of their individual components, which is what these different naming schemes provide.
22. When should security first be addressed in a project? A. During requirements development B. During integration testing C. During design specifications D. During implementation
22. A. The trick to this question, and any one like it, is that security should be implemented at the first possible phase of a project. Requirements are gathered and developed at the beginning of a project, which is project initiation. The other answers are steps that follow this phase, and security should be integrated right off the bat instead of in the middle or at the end.
23. Online application systems that detect an invalid transaction should do which of the following? A. Roll back and rewrite over original data. B. Terminate all transactions until properly addressed. C. Write a report to be reviewed. D. Checkpoint each data entry.
23. C. This can seem like a tricky question. It is asking you if the system detected an invalid transaction, which is most likely a user error. This error should be logged so it can be reviewed. After the review, the supervisor, or whoever makes this type of decision, will decide whether or not it was a mistake and investigate it as needed. If the system had a glitch, power fluctuation, hangup, or any other software- or hardware-related error, it would not be an invalid transaction, and in that case the system would carry out a rollback function.
24. What is the final phase of the system development life cycle? A. Certification B. Unit testing C. Development D. Accreditation
24. D. Out of this list, the last phase is accreditation, which is where management formally approves of the product. The question could have had different answers. For example, if it had listed disposal, that would be the right answer because it would be the last phase listed.
25. Which of the following are rows and columns within relational databases? A. Rows and tuples B. Attributes and rows C. Keys and views D. Tuples and attributes
25. D. In a relational database, a row is referred to as a tuple, while a column is referred to as an attribute.
6. Expert systems are used to automate security log review for what purpose? A. To develop intrusion prevention B. To ensure best access methods C. To detect intrusion D. To provide statistics that will not be used for baselines
6. C. An IDS can be based on an expert system or have an expert system component. The job of the expert system is to identify patterns that would represent an intrusion or an attack that an IDS without this component may not pick up on. The expert system will look at a history of events and identify a pattern that would be otherwise very hard to uncover.
x of y cards