CISSP操作安全习题.doc

CISSP认证考试培训习题CBK Domain 7 - 运作安全1. Operations Security seeks to primarily protect against which of the following?A. object reuse B. facility disaster C. compromising emanations D. asset threatsD2. Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incidents effects includes:A. Intrusion Evaluation (IE) and Response B. Intrusion Recognition (IR) and Response C. Intrusion Protection (IP) and Response D. Intrusion Detection (ID) and ResponseD3. What is the main issue with media reuse?A. Degaussing B. Data remanence C. Media destruction D. PurgingB4. This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?A. Processing Controls B. Output Controls C. Input Controls D. Input/Output ControlsC5. Which of the following questions is less likely to help in assessing controls over audit trails?A. Does the audit trail provide a trace of user actions? B. Are incidents monitored and tracked until resolved? C. Is access to online logs strictly controlled? D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?B6. Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?A. Degaussing B. Parity Bit Manipulation C. Certification D. Buffer overflowA7. What is the most secure way to dispose of information on a CD-ROM?A. Sanitizing B. Physical damage C. Degaussing D. Physical destructionD8. Which of the following ensures that security is not breached when a system crash or other system failure occurs?A. trusted recovery B. hot swappable C. redundancy D. secure bootA9. Hardware availability reports allow the identification of the following problems except for:A. Inadequate training for operators B. Excessive operating systems maintenance C. User dissatisfaction D. Inadequate hardware facilities C10. Which of the following is not a valid reason to use external penetration service firms rather than corporate resources?A. They are more cost-effective B. They offer a lack of corporate bias C. They use highly talented ex-hackers D. They insure a more complete reportingC11. When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.B12. What security procedure forces an operator into collusion with an operator of a different category to have access to unauthorized data?A. Enforcing regular password changes. B. Management monitoring of audit logs. C. Limiting the specific accesses of operations personnel. D. Job rotation of people through different assignments.C13. Who is responsible for setting user clearances to computer-based information?A. Security administrators B. Operators C. Data owners D. Data custodiansA14. Which of the following is used to interrupt opportunity to create collusion to subvert operation for fraudulent purposes?A. Separation of duties B. Rotation of duties C. Principle of need-to-know D. Principle of least privilegeB15. Unrestricted access to production programs should be given to which of the following?A. maintenance programmers only B. system owner, on request C. no one D. auditorsC16. Overwriting and/or degaussing is used to clear and purge all of the following except which of the following?A. random access memory B. read-only memory C. magnetic core memory D. magnetic hard disksB17. An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:A. a magnetic field. B. a degausser. C. magnetic remanence. D. magnetic saturation.B18. Which of the following in not a critical security aspect of Operations Controls?A. Controls over hardware B. Data media used C. Operators using resources D. Environmental controlsD19. Which of the following should not be accessible by a computer operator?A. Operations documentation B. Computer console C. Source code of applications D. Information security guidelinesC20. Which one of the following functions provides the least effective organizational reporting structure for the Information Systems Security function?A. IS quality assurance B. IS resource management C. IS operations D. Corporate securityC21. What should a company do first when disposing of personal computers that once were used to store confidential data?A. Overwrite all data on the hard disk with zeroes B. Delete all data contained on the hard disk C. Demagnetize the hard disk D. Low level format the hard diskC22. What is the most effective means of determining how controls are functioning within an operating system?A. Interview with computer operator B. Review of software control features and/or parameters C. Review of operating system manual D. Interview with product vendor B23. Which TCSEC (Orange Book) level requires the system to clearly identify functions of security administrator to perform security-related functions?A. C2 B. B1 C. B2 D. B3D24. According to the Orange Book, which security level is the first to require trusted recovery?A. A1B. B2C. B3D. B1C25. Which of the following are functions that are compatible in a properly segregated environment?A. Application programming and computer operation. B. Systems programming and job control analysis. C. Access authorization and database administration. D. System development and systems maintenance.D26. Which of the following rules is less likely to support the concept of least privilege?A. The number of administrative accounts should be kept to a minimum. B. Administrators should use regular accounts when performing routine operations like reading mail. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. D. Only data to and from critical systems and applications should be allowed through the firewall.D27. Which level of least privilege enables operators the right to modify data directly in its original location, in addition to data copied from the original location?A. Access Change B. Read/Write C. Access Rewrite D. Access ModifyA28. Which of the following is not an Orange Book-defined life cycle assurance requirement?A. Security testing B. Design specification and testing C. Trusted distribution D. System integrityD29. Which of the following questions is less likely to help in assessing controls over production?A. Are there processes for ensuring that only authorized users pick up, receive, or deliver input and output information and media? B. Are audit trails used for receipt of sensitive inputs/outputs? C. Is media sanitized for reuse? D. Are confidentiality or security agreements required for employees assigned to work with sensitive information?D30. Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of:A. Deterrent controls B. Output controls C. Information flow controls D. Asset controlsB31. Intrusion Detection (ID) and Response is not a:A. preventive control. B. detective control. C. monitoring control. D. reactive control.A32. A periodic review of user account management should not determine:A. Conformity with the concept of least privilege. B. Whether active accounts are still being used. C. Strength of user-chosen passwords. D. Whether management authorizations are up-to-date.C33. The primary reason for enabling software audit trails is which of the following?A. Improve system efficiency. B. Improve response time for users. C. Establish responsibility and accountability. D. Provide useful information to track down processing errors.C34. Which of the following is true related to network sniffing?A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.A35. Which of the following questions is less likely to help in assessing controls over hardware and software maintenance?A. Is access to all program libraries restricted and controlled? B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions? C. Is there version control? D. Are system components tested, documented, and approved prior to promotion to production?B36. This type of vulnerability enables the intruder to re-route data traffic from a network device to a personal machine. This diversion enables the intruder to capture data traffic to and from the devices for analysis or modification, or to steal the password file from the server and gain access to user accounts:A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing37. Which of the following is NOT a technique used to perform a penetration test?A. sending noise B. scanning and probing C. war dialing D. sniffingA38. In what way can violation clipping levels assist in violation tracking and analysis?A. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations.A39. Which of the following are functions that are compatible in a properly segregated environment?A. Data entry and job scheduling B. Database administration and systems security C. Systems analyst and application programming D. Security administration and systems programmingC40. Which of the following is not concerned with configuration management?A. Hardware B. Software C. Documentation D. They all are concerned with configuration management.D41. What is the main objective of proper separation of duties?A. To prevent employees from disclosing sensitive information. B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with.C42. Which trusted facility management concept implies that two operators must review and approve the work of each other?A. Two-man control B. Dual control C. Double control D. Segregation controlA43. Which choice below is NOT a security goal of an audit mechanism?A. Deter perpetrators attempts to bypass the system protection mechanismsB. Review employee production output recordsC. Review patterns of access to individual objectsD. Discover when a user assumes a functionality with privileges greater than his ownB44. Which choice below would NOT be considered a benefit of employing incident-handling capability?A. An individual acting alone would not be able to subvert a security process or control.B. It enhances internal communications and the readiness of the organization to respond to incidents.C. It assists an organization in preventing damage from future incidents.D. Security training personnel would have a better understanding of users knowledge of security issues.A45. Which choice below is the BEST description of operational assurance?A. Operational assurance is the process of examining audit logs to reveal usage that identifies misuse.B. Operational assurance has the benefit of containing and repairing damage from incidents.C. Operational assurance is the process of reviewing an operational system to see that security controls are functioning correctly.D. Operational assurance is the process of performing pre-employment background screening.C46. Which choice below MOST accurately describes a Covert Storage Channel?A. A process that manipulates observable system resources in a way that affects respon