close

Quick Heal Endpoint Security Removal Tool

QUESTION 301: What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access Dial-In User System, Terminal Access Controller Access Control System) to authenticate dial-in users? A. Single user logons are easier to manage and audit. B. Each session has a unique (one-time) password assigned to it. C. Audit and access information are not kept on the access server. D. Call-back is very difficult to defeat. Answer: C Explanation: TACACS integrates the authentication and authorization processes. XTACACS keeps the authentication, authorization and accounting processes separate. TACACS+ improves XTACACS by adding two-factor authentication. – Ed Tittle CISSP Study Guide (sybex) pg 745 QUESTION 302: Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both A. The identity of a remote communicating entity and the authenticity of the source of the data that are received. B. The authenticity ofa remote communicating entity and the path through which communications are received. C. The location of a remote communicating entity and the path through which communications are received. D. The identity of a remote communicating entity and the level of security of the path through which data are received. Answer: A Explanation: OSI model needs to know the source of the data and that it is who it says it is. Path it the data take is not cared about unless source routing is used. The level of security is not cared about inherently by the receiving node (in general) unless configured. A is the best option in this question. QUESTION 303: Which of the following is the most reliable authentication device? A. Variable callback system B. Smart card system C. fixed callback system D. Combination of variable and fixed callback system Answer: B QUESTION 304: Which of the following are proprietarily implemented by CISCO? A. RADIUS+ B. TACACS C. XTACACS and TACACS+ D. RADIUS Answer: CExplanation: Cisco implemented an enhanced version of TACACS, known as XTACACS (extended TACACS), which was also compatible with TACACS. It allowed for UDP and TCP encoding. XTACACS contained several improvements: It provided accounting functionality to track length of login and which hosts a user connected to, and it also separated the authentication, authorization, and accounting processes such that they could be independently implemented. None of the three functions are mandatory. XTACACS is described in RFC 1492. TACACS+ is the latest Cisco implementation. It is best described as XTACACS with improved attribute control (authorization) and accounting. QUESTION 305: What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server? A. IPSec B. RADIUS C. L2TP D. PPTP Answer: B Explanation: RADIUS is a protocol for carrying authentication, authorization, and configuration informationbetween a Network Access Server, which desires to authenticate its links and a shared Authentication Server. RADIUS is a standard published in RFC2138 as mentioned above. QUESTION 306: RADIUS is defined by which RFC? A. 2168 B. 2148 C. 2138 D. 2158 Answer: C Explanation: RADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server, which desires to authenticate its links and a shared Authentication Server. RADIUS is a standard published in RFC2138 as mentioned above. QUESTION 307: In a RADIUS architecture, which of the following acts as a client? A. A network Access Server. B. None of the choices. C. The end user. D. The authentication server. Answer: A Explanation: A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response, which is returned. QUESTION 308: In a RADIUS architecture, which of thefollowing can ac as a proxy client? A. The end user. B. A Network Access Server. C. The RADIUS authentication server. D. None of the choices. Answer: C Explanation: A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers. QUESTION 309: Which of the following statements pertaining to RADIUS is incorrect? A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains. B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes D. Most RADIUS servers can work with DIAMETER servers. Answer: D QUESTION 310: Which of the following is the weakest authentication mechanism? A. Passphrases B. Passwords C. One-time passwords D. Token devices Answer: B QUESTION 311: What is the PRIMARY use of a password? A. Allow access to files B. Identify the user C. Authenticate the user D.Segregate various user’s accesses Answer: C QUESTION 312: Software generated passwords have what drawbacks? A. Passwords are not easy to remember. B. Password are too secure. C. None of the choices. D. Passwords are unbreakable. Answer: A Explanation: Passwords generated by a software package or some operating systems. These password generators are good at producing unique and hard to guess passwords, however you must ensure that they are not so hard that people can’t remember them. If you force your users to write their passwords down then you are defeating the purpose of having strong password management. QUESTION 313: What are the valid types of one time password generator? A. All of the choices. B. Transaction synchronous C. Synchronous/PIN synchronous D. Asynchronous/PIN asynchronous Answer: A Explanation: One-time Passwords are changed after every use. Handheld password generator (tokens) 3 basic types: Synchronous/PIN synchronous, Transaction synchronous, Asynchronous/PINasynchronous. QUESTION 314: Which of the following will you consider as most secure? A. Password B. One time password C. Login phrase D. Login ID Answer: B Explanation: Each time the user logs in, the token generates a unique password that is synchronized with the network server. If anyone tries to reuse this dynamic password, access is denied, the event is logged and the network remains secure. QUESTION 315: What type of password makes use of two totally unrelated words? A. Login phrase B. One time password C. Composition D. Login ID Answer: C Explanation: Usage of two totally unrelated words or a series of unrelated characters, such as pizza!wood for example. Such a password is easy to remember but very hard to guess. It would require a cracker quite a bit of time to do a brute force attack on a password that is that long and that uses an extended character as well. QUESTION 316: Which of the following is the correct account policy you should follow? A. All of the choices. B. Allactive accounts must have a password. C. All active accounts must have a long and complex pass phrase. D. All inactive accounts must have a password. Answer: B Explanation: All active accounts must have a password. Unless you are using an application or service designed to be accessed without the need of a proper ID and password. Such service must however be monitored by other means (not a recommended practicE.) QUESTION 317: Which of the following are the advantages of using passphrase? A. Difficult to crack using brute force. B. Offers numerous characters. C. Easier to remember. D. All of the choices. Answer: D Explanation: The use of passphrases is a good way of having very strong passwords. A passphrase is easier to remember, it offers numerous characters, and it is almost impossible to crack using brute force with today’s processing power. An example of a passphrase could be: “Once upon a time in the CISSP world” QUESTION 318: Which of the following are the correct guidelines ofpassword deployment? A. Passwords must be masked. B. All of the choices. C. Password must have a minimum of 8 characters. D. Password must contain a mix of both alphabetic and non-alphabetic characters. Answer: B Explanation: Passwords must not be displayed in plain text while logging on. Passwords must be masked. Password must have a minimum of 8 characters. Password must contain a mix of both alphabetic and non-alphabetic characters. Passwords must be kept private, e.g. not shared, coded into programs, or written down. QUESTION 319: Why would a 16 characters password not desirable? A. Hard to remember B. Offers numerous characters. C. Difficult to crack using brute force. D. All of the choices. Answer: A Explanation: When the password is too hard to memorize, the user will actually write it down, which is totally insecure and unacceptable. QUESTION 320: Which of the following is NOT a good password deployment guideline? A. Passwords must not be he same as user id or login id. B.Password aging must be enforced on all systems. C. Password must be easy to memorize. D. Passwords must be changed at least once every 60 days, depending on your environment. Answer: C Explanation: Passwords must be changed at least once every 60 days (depending on your environment). Password aging or expiration must be enforced on all systems. Upon password expiration, if the password is not changed, only three grace logins must be allowed then the account must be disable until reset by an administrator or the help desk. Password reuse is not allowed (rotating passwords). QUESTION 321: Routing password can be restricted by the use of: A. Password age B. Password history C. Complex password D. All of the choices Answer: B Explanation: Passwords must be changed at least once every 60 days (depending on your environment). Password aging or expiration must be enforced on all systems. Upon password expiration, if the password is not changed, only three grace logins must be allowed then theaccount must be disable until reset by an administrator or the help desk. Password reuse is not allowed (rotating passwords). QUESTION 322: What should you do immediately if the root password is compromised? A. Change the root password. B. Change all passwords. C. Increase the value of password age. D. Decrease the value of password history. Answer: B Explanation: All passwords must be changed if the root password is compromised or disclosure is suspected. (This is a separate case; the optimal solution would be to reload the compromised computer. A computer that has been downgraded can never be upgraded to higher security level) QUESTION 323: Which of the following is the most secure way to distribute password? A. Employees must send in an email before obtaining a password. B. Employees must show up in person and present proper identification before obtaining a password. C. Employees must send in a signed email before obtaining a password. D. None of the choices. Answer: B Explanation:Employees must show up in person and present proper identification before obtaining a new or changed password (depending on your policy). After three unsuccessful attempts to enter a password, the account will be locked and only an administrator or the help desk can reactivate the involved user ID. QUESTION 324: Which of the following does not apply to system-generated passwords? A. Passwords are harder to remember for users B. If the password-generating algorithm gets to be known, the entire system is in jeopardy C. Passwords are more vulnerable to brute force and dictionary attacks. D. Passwords are harder to guess for attackers Answer: C QUESTION 325: Passwords can be required to change monthly, quarterly, or any other intervals: A. depending on the criticality of the information needing protection B. depending on the criticality of the information needing protection and the password’s frequency of use C. depending on the password’s frequency of use D. not depending on thecriticality of the information needing protection but depending on the password’s frequency of use Answer: B QUESTION 326: In SSL/TLS protocol, what kind of authentication is supported? A. Peer-to-peer authentication B. Only server authentication (optional) C. Server authentication (mandatory) and client authentication (optional) D. Role based authentication scheme Answer: C “The server sends a message back to the client indicating that a secure session needs to be established, and the client sends it security parameters. The server compares those security parameters to its own until it finds a match. This is the handshaking phase. The server authenticates to the client by sending it a digital certificate, and if the client decides to trust the server the process continues. The server can require the client to send over a digital certificate for mutual authentication, but that is rare.” Pg. 523 Shon Harris: All-In-One CISSP Certification Exam Guide QUESTION 327: Which of the followingcorrectly describe the difference between identification and authentication? A. Authentication is a means to verify who you are, while identification is what you are authorized to perform. B. Identification is a means to verify who you are, while authentication is what you are authorized to perform. C. Identification is another name of authentication. D. Identification is the child process of authentication. Answer: B Explanation: Identification is a means to verify who you are. Authentication is what you are authorized to perform, access, or do. User identification enables accountability. It enables you to trace activities to individual users that may be held responsible for their actions. Identification usually takes the form of Logon ID or User ID. Some of the Logon ID characteristics are: they must be unique, not shared, and usually non descriptive of job function. QUESTION 328: Identification establishes: A. Authentication B. Accountability C. Authorization D. None of the choices.Answer: B Explanation: Identification is a means to verify who you are. Authentication is what you are authorized to perform, access, or do. User identification enables accountability. It enables you to trace activities to individual users that may be held responsible for their actions. Identification usually takes the form of Logon ID or User ID. Some of the Logon ID characteristics are: they must be unique, not shared, and usually non descriptive of job function. QUESTION 329: Identification usually takes the form of: A. Login ID. B. User password. C. None of the choices. D. Passphrase Answer: A Explanation: Identification is a means to verify who you are. Authentication is what you are authorized to perform, access, or do. User identification enables accountability. It enables you to trace activities to individual users that may be held responsible for their actions. Identification usually takes the form of Logon ID or User ID. Some of the Logon ID characteristics are: they must beunique, not shared, and usually non descriptive of job function QUESTION 330: What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Integrity D. Confidentiality Answer: B “Identification is the act of a user professing an identity to a system, usually in the form of a logon ID to the system.” Pg 49 Krutz The CISSP Prep Guide. “Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be. Identification can be provided with the use of a username or account number. To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase, cryptographic key, personal identification number (PIN), anatomical attribute, or token.” Pg 110 Shon Harris: All-in-One CISSP Certification QUESTION 331: What is called the verification that the user’s claimed identity is validand is usually implemented through a user password at log-on time? A. Authentication B. Identification C. Integrity D. Confidentiality Answer: A QUESTION 332: Identification and authentication are the keystones of most access control systems. Identification establishes: A. user accountability for the actions on the system B. top management accountability for the actions on the system C. EDP department accountability for the actions of users on the system D. authentication for actions on the system Answer: A QUESTION 333: Which one of the following authentication mechanisms creates a problem for mobile users? A. address-based mechanism B. reusable password mechanism C. one-time password mechanism D. challenge response mechanism

Answer: A QUESTION 334: Which of the following centralized access control mechanisms is not appropriate for mobile workers access the corporate network over analog lines? A. TACACS B. Call-back C. CHAP D. RADIUS Answer: B QUESTION 335: Authentication is typically based upon: A. Something you have. B. Something you know. C. Something you are. D. All of the choices. Answer: D Explanation: Authentication is a means of verifying the eligibility of an entity to receive specific categories of information. The entity could be individual user, machine, or software component. Authentication is typically based upon something you know, something you have, or something you are. QUESTION 336: A password represents: A. Something you have. B. Something you know. C. All of the choices. D. Something you are. Answer: B Explanation: The canonical example of something you know is a password or pass phrase. You might type or speak the value. A number of schemes are possible for obtaining what you know. Itmight be assigned to you, or you may have picked the value yourself. Constraints may exist regarding the form the value can take, or the alphabet from which you are allowed to construct the value might be limited to letters only. If you forget the value, you may not be able to authenticate yourself to the system. QUESTION 337: A smart card represents: A. Something you are. B. Something you know. C. Something you have. D. All of the choices. Answer: C Explanation: Another form of authentication requires possession of something such as a key, a smart card, a disk, or some other device. Whatever form it takes, the authenticating item should be difficult to duplicate and may require synchronization with systems other than the one to which you are requesting access. Highly secure environments may require you to possess multiple things to guarantee authenticity. QUESTION 338: Which of the following is the most commonly used check on something you know? A. One time password B. Login phrase C.Retinal D. Password Answer: D Explanation: Passwords even though they are always mentioned as being unsecured, necessary evils, that put your infrastructure at risk, are still commonly used and will probably be used for quite a few years. Good passwords can provide you with a good first line of defense. Passwords are based on something the user knows. They are used to authenticate users before they can access specific resources. QUESTION 339: Retinal scans check for: A. Something you are. B. Something you have. C. Something you know. D. All of the choices. Answer: A Explanation: Something you are is really a special case of something you have. The usual examples given include fingerprint, voice, or retinal scans. QUESTION 340: What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity? A. Password B. Token C. Ticket Granting D. Biometric Answer: D Explanation: Biometric authentication systems takeadvantage of an individual’s unique physical characteristics in order to authenticate that person’s identity. Various forms of biometric authentication include face, voice, eye, hand, signature, and fingerprint, each have their own advantages and disadvantages. When combined with the use of a PIN it can provide two factors authentication. QUESTION 341: What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics? A. Biometrics B. Micrometrics C. Macrometrics D. MicroBiometrics

Answer: A QUESTION 342: Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? A. Dynamic authentication B. Continuous authentication C. Encrypted authentication D. Robust authentication Answer: C The correct answer is C. Unable to find any references to continuous encryption. “A digital signature is the encrypted hash value of a message.” Pg 550 Shon Harris: CISSP All-In-One Certification Exam Guide. “There are other options to improve the security offered by password authentication: Use the strongest form of one-way encryption available for password storage. Never allow passwords to be transmitted in clear text or with weak encryption.” Pg. 9 Tittel: CISSP Study Guide “[Kerberos] A complicated exchange of tickets (i.e., cryptographic messages) between the client, the server, and the TGS is used to prove identity and provide authentication between the client and server.This allows the client to request resources from the server while having full assurance that both entities are who they claim to be. The exchange of encrypted tickets also ensures that no logon credentials, session keys, or authentication messages are ever transmitted in the clear text.” Pg 14 Tittel: CISSP Study Guide QUESTION 343: In which situation would TEMPEST risks and technologies be of MOST interest? A. Where high availability is vital. B. Where the consequences of disclose are very high. C. Where countermeasures are easy to implement D. Where data base integrity is crucial Answer: B Emanation eavesdropping. Receipt and display of information, which is resident on computers or terminals, through the interception of radio frequency (RF) signals generated by those computers or terminals. The U.S. government established a program called TEMPEST that addressed this problem by requiring a shielding and other emanation-reducing mechanisms to be employed on computers processingsensitive and classified government information. . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 416 QUESTION 344: Which one of the following addresses the protection of computers and components from electromagnetic emissions? A. TEMPEST B. ISO 9000 C. Hardening D. IEEE 802.2 Answer: A Receipt and Display of information, which is resident on computers or terminals, thorugh the interception of Radio Frequency (RF) signals generated by those computers or terminals. The U.S. government established a program called Tempest that addressed this problem by requiring shielding and other emanation-reducing mechanisms to be employed on computers processing sensitive and classified government information. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 416 QUESTION 345: Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant advantage? A. Defeat the TEMPEST safeguard B. Bypass the system security application. C. Gain system informationwithout trespassing D. Undetectable active monitoring. Answer: D Tempest equipment is implemented to prevent intruders from picking up information through the airwaves with listening devices. – Shon Harris All-in-one CISSP Certification Guide pg 192. In Harris’s other book CISSP PASSPORT, she talks about tempest in terms of spy movies and how a van outside is listening or monitoring to the activities of someone. This lends credence to the answer of C (trespassing) but I think D is more correct. In that all the listener must do is listen to the RF. Use your best judgment based on experience and knowledge. QUESTION 346: What name is given to the study and control of signal emanations from electrical and electromagnetic equipment? A. EMI B. Cross Talk C. EMP D. TEMPEST Answer: D QUESTION 347: TEMPEST addresses A. The vulnerability of time-dependent transmissions. B. Health hazards of electronic equipment. C. Signal emanations from electronic equipment. D. The protection of data from highenergy attacks. Answer: C “Tempest is the study and control of spurious electrical signals that are emitted by electrical equipment.” Pg 167 Shon Harris: All-In-One CISSP Certification Exam Guide QUESTION 348: Which one of the following is the MOST solid defense against interception of a network transmission? A. Frequency hopping B. Optical fiber C. Alternate routing D. Encryption Answer: B An alternative to conductor-based network cabling is fiber-optic cable. Fiber-optic cables transmit pulses of light rather than electricity. This has the advantage of being extremely fast and near impervious to tapping. Pg 85 Tittel: CISSP Study Guide. QUESTION 349: Which of the following media is MOST resistant to tapping? A. Microwave B. Twisted pair C. Coaxial cable D. Fiber optic Answer: D QUESTION 350: What type of wiretapping involves injecting something into the communications? A. Aggressive B. Captive C. Passive D. Active Answer: D Most communications are vulnerable to some type ofwiretapping or eavesdropping. It can usually be done undetected and is referred to as a passive attack versus an active attack. – Shon Harris All-in-one CISSP Certification Guide pg 649 “(I) An attack that intercepts and accesses data and other information contained in a flow in a communication system. (C) Although the term originally referred to making a mechanical connection to an electrical conductor that links two nodes, it is now used to refer to reading information from any sort of medium used for a link or even directly from a node, such as gateway or subnetwork switch. (C) “Active wiretapping” attempts to alter the data or otherwise affect the flow; “passive wiretapping” only attempts to observe the flow and gain knowledge of information it contains. (See: active attack, end-to-end encryption, passive attack.)” QUESTION 351: Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology? A.IEEE 802.5 protocol for Ethernet cannot support encryption. B. Ethernet is a broadcast technology. C. Hub and spoke connections are highly multiplexed. D. TCP/IP is an insecure protocol. Answer: B Ethernet is broadcast and the question asks about a bus topology vs a SWITCHED Ethernet. Most switched Ethernet lans are divided by vlans which contain broadcasts to a single vlan, but remember only a layer 3 device can stop a broadcast. QUESTION 352: What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard? A. Physical attacks. B. Logical attacks. C. Trojan Horse attacks. D. Social Engineering attacks. Answer: B Explanation: Logical attacks occur when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard. One example is the so-called “timing attack” described by PaulKocher. In this attack, various byte patterns are sent to the card to be signed by the private key. Information such as the time required to perform the operation and the number of zeroes and ones in the input bytes are used to eventually obtain the private key. There are logical countermeasures to this attack but not all smartcard manufacturers have implemented them. This attack does require that the PIN to the card be known, so that many private key operations can be performed on chosen input bytes. QUESTION 353: What is an effective countermeasure against Trojan horse attack that targets smart cards? A. Singe-access device driver architecture. B. Handprint driver architecture. C. Fingerprint driver architecture. D. All of the choices. Answer: A Explanation: The countermeasure to prevent this attack is to use “single-access device driver” architecture. With this type of architecture, the operating system enforces that only one application can have access to the serial device (andthus the smartcard) at any given time. This prevents the attack but also lessens the convenience of the smartcard because multiple applications cannot use the services of the card at the same time. Another way to prevent the attack is by using a smartcard that enforces a “one private key usage per PIN entry” policy model. In this model, the user must enter their PIN every single time the private key is to be used and therefore the Trojan horse would not have access to the key. QUESTION 354: Which of the following could illegally capture network user passwords? A. Data diddling B. Sniffing C. Spoofing D. Smurfing Answer: B QUESTION 355: Which of the following statements is incorrect? A. Since the early days of mankind humans have struggled with the problems of protecting assets B. The addition of a PIN keypad to the card reader was a solution to unreported card or lost cards problems C. There has never been a problem of lost keys D. Human guard is an inefficient and sometimesineffective method of protecting resources Answer: C QUESTION 356: A system uses a numeric password with 1-4 digits. How many passwords need to be tried before it is cracked? A. 1024 B. 10000 C. 100000 D. 1000000 Answer: B The largest 4 digit number is 9999. So 10,000 is the closest answer. QUESTION 357: Which of the following can be used to protect your system against brute force password attack? A. Decrease the value of password history. B. Employees must send in a signed email before obtaining a password. C. After three unsuccessful attempts to enter a password, the account will be locked. D. Increase the value of password age. Answer: C Explanation: Employees must show up in person and present proper identification before obtaining a new or changed password (depending on your policy). After three unsuccessful attempts to enter a password, the account will be locked and only an administrator or the help desk can reactivate the involved user ID. QUESTION 358: Which of the followingis an effective measure against a certain type of brute force password attack? A. Password used must not be a word found in a dictionary. B. Password history is used. C. Password reuse is not allowed. D. None of the choices. Answer: A Explanation: Password reuse is not allowed (rotating passwords). Password history must be used to prevent users from reusing passwords. On all systems with such a facility the last 12 passwords used will be kept in the history. All computer system users must choose passwords that cannot be easily guessed. Passwords used must not be a word found in a dictionary. QUESTION 359: Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a system? A. Password sniffing B. Dictionary attack C. Dumpster diving D. Social engineering Answer: A QUESTION 360: Which of the following are measures against password sniffing? A. Passwords must not be sent through email in plain text. B. Passwords must not be stored in plain texton any electronic media. C. You may store passwords electronically if it is encrypted. D. All of the choices. Answer: D

Explanation: Passwords must not be sent through email in plain text. Passwords must not be stored in plain text on any electronic media. It is acceptable to store passwords in a file if it is encrypted with PGP or equivalent strong encryption (once again depending on your organization policy). All vendor supplied default passwords must be changed. QUESTION 361: Which one of the following conditions is NOT necessary for a long dictionary attack to succeed? A. The attacker must have access to the target system. B. The attacker must have read access to the password file. C. The attacker must have write access to the password file. D. The attacker must know the password encryption mechanism and key variable. Answer: C Explanation: The program encrypts the combination of characters and compares them to the encrypted entries in the password file. If a match is found, the program has uncovered a password. – Shon Harris All-in-one CISSP Certification Guide pg 199 QUESTION 362: What is animportant factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system? A. Keyspace for the password. B. Expertise of the person performing the attack. C. Processing speed of the system executing the attack. D. Encryption algorithm used for password transfer. Answer: A Explanation: I am not sure of the answer on this question. B seems good but the reference below states that Keyspace (or length of password) is the main deterrent. I did not come across something that directly relates in my readings. “If an attacker mounts a trial-and-error attack against your password, a longer password gives the attacker a larger number of alternatives to try. If each character in the password may take on 96 different values (typical of printable ASCII characters) then each additional character presents the attacker with 96 times as many passwords to try. If the number of alternatives is large enough, the trial-and-error attack mightdiscourage the attacker, or lead to the attacker’s detection.” QUESTION 363: Which one of the following BEST describes a password cracker? A. A program that can locate and read a password file. B. A program that provides software registration passwords or keys. C. A program that performs comparative analysis. D. A program that obtains privileged access to the system. Answer: C Explanation: In a dictionary crack, L0phtCrack encrypts (i.e., hashes) all the passwords in a dictionary file you specify and compares every result with the password hash. If L0phtCrack finds any matches, it knows the password is the dictionary word. L0phtCrack comes with a default dictionary file, words-english. You can download additional files from the Internet or create a custom file. In the Tools Options dialog box, you can choose to run the dictionary attack against the LANMAN password hash, the NT LAN Manager (NTLM) password hash, or both (which is the default). In a hybrid crack, L0phtCrack extends thedictionary crack by appending numbers or symbols to each word in the dictionary file. For example, in addition to trying “Galileo,” L0phtCrack also tries “Galileo24,” “13Galileo,” “?Galileo,” “Galileo!,” and so on. The default number of characters L0phtCrack tries is two, and you can change this number in the Tools Options dialog box. In a brute-force crack, L0phtCrack tries every possible combination of characters in a character set. L0phtCrack offers four character sets, ranging from alpha only to all alphanumeric plus all symbol characters. You can choose a character set from the Character Set drop-down box in the Tools Options dialog box or type a custom character set in the Character Set drop-down box. L0phtCrack saves custom sets in files with an .lc extension. You can also specify a character set in the password file, as the example in Figure 2 shows. Not B: A key generator is what is being described by the registration password or key answer. QUESTION 364: If a token and4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible? A. Birthday B. Brute force C. Man-in-the-middle D. Smurf Answer: B Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Pg 134 Shon Harris CISSP All-In-One Certification Exam Guide. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked. QUESTION 365: Which of the following actions can increase the cost of an exhaustive attack? A. Increase the age of a password. B. Increase the length of a password. C. None of the choices. D. Increase the history of a password. Answer: B Explanation: Defenses against exhaustive attacks involve increasing the cost of the attack by increasing the number of possibilities to be exhausted. For example, increasing the length of a passwordwill increase the cost of an exhaustive attack. Increasing the effective length of a cryptographic key variable will make it more resistant to an exhaustive attack. QUESTION 366: Which of the following attacks focus on cracking passwords? A. SMURF B. Spamming C. Teardrop D. Dictionary Answer: D Explanation: Dictionaries may be used in a cracking program to determine passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack. QUESTION 367: Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using TACACS+ server B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5 D. Only attaching modems tonon-networked hosts. Answer: B QUESTION 368: What is known as decoy system designed to lure a potential attacker away from critical systems? A. Honey Pots B. Vulnerability Analysis Systems C. File Integrity Checker D. Padded Cells Answer: A Explanation: Honey pots are decoy systems that are designed to lure a potential attacker away from critical systems. Honey pots are designed to: Divert an attacker from accessing critical systems, Collect information about the attacker’s activity, and encourage the attacker to stay on the system long enough for administrators to respond. QUESTION 369: Which of the following will you consider as a program that monitors data traveling over a network? A. Smurfer B. Sniffer C. Fragmenter D. Spoofer Answer: B Explanation: A sniffer is a program and/or device that monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremelydangerous to a network’s security because they are virtually impossible to detect QUESTION 370: Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder Answer: A QUESTION 371: Attacks on smartcards generally fall into what categories? A. Physical attacks. B. Trojan Horse attacks. C. Logical attacks. D. All of the choices, plus Social Engineering attacks. Answer: D Explanation: Attacks on smartcards generally fall into four categories: Logical attacks, Physical attacks, Trojan Horse attacks and Social Engineering attacks. QUESTION 372: Which of the following attacks could be the most successful when the security technology is properly implemented and configured? A. Logical attacks B. Physical attacks C. Social Engineering attacks D. Trojan Horse attacks Answer: C Explanation: Social Engineering attacks – In computer security systems, this type of attack is usually the most successful,especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. An example of a social engineering attack has a hacker impersonating a network service technician. The serviceman approaches a low-level employee and requests their password for network servicing purposes. With smartcards, this type of attack is a bit more difficult. Most people would not trust an impersonator wishing to have their smartcard and PIN for service purposes. QUESTION 373: What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard? A. Physical attacks B. Logical attacks C. Trojan Horse attacks D. Social Engineering attacks Answer: A Explanation: Physical attacks occur when normal physical conditions, such as temperature, clock frequency, voltage, etc, are altered in order to gain access to sensitive information on the smartcard. Most smartcard operatingsystems write sensitive data to the EEPROM area in a proprietary, encrypted manner so that it is difficult to obtain clear text keys by directly hacking into the EEPROM. Other physical attacks that have proven to be successful involve an intense physical fluctuation at the precise time and location where the PIN verification takes place. Thus, sensitive card functions can be performed even though the PIN is unknown. This type of attack can be combined with the logical attack mentioned above in order to gain knowledge of the private key. Most physical attacks require special equipment. QUESTION 374: Which one of the following is an example of electronic piggybacking? A. Attaching to a communications line and substituting data. B. Abruptly terminating a dial-up or direct-connect session. C. Following an authorized user into the computer room. D. Recording and playing back computer transactions. Answer: C Ok this is a weird little question. The term electronic is kinda of throwing me abit. A lot of times piggybacking can be used in terms of following someone in a building. Piggyback – Gaining unauthorized access to a system via another user’s legitimate connection. (see between-the-lines entry) Between-the-lines entry 0 Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 914, 885 QUESTION 375: A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks? A. Trojan horse B. Phreaking C. Spoofing D. SYN flood Answer: C An attempt to gain access to a system by posing as an authorized user. Synonymous with impersonating, masquerading, or mimicking.-Ronald Krutz The CISSP PREP Guide (gold edition) pg 921 “Spoofing – The act of replacing the valid source and/or destination IP address and node numbers with false ones. Spoofing attack – any attack that involves spoofed or modified packets.” – Ed Tittle CISSP Study Guide (sybex) QUESTION376: Which of the following is an example of an active attack? A. Traffic analysis B. Masquerading C. Eavesdropping D. Shoulder surfing Answer: B QUESTION 377: What attack involves actions to mimic one’s identity? A. Brute force B. Exhaustive C. Social engineering D. Spoofing Answer: D Explanation: Spoofing is an attack in which one person or process pretends to be a person or process that has more privileges. For example, user A can mimic behavior to make process B believe user A is user C. In the absence of any other controls, B may be duped into giving to user A the data and privileges that were intended for user C. QUESTION 378: Which access control model enables the owner of the resource to specify what subjects can access specific resources? A. Discretionary Access Control B. Mandatory Access Control C. Sensitive Access Control D. Role-based Access Control Answer: A QUESTION 379: The type of discretionary access control that is based on an individual’s identity is called: A.Identity-based access control B. Rule-based access control C. Non-Discretionary access control D. Lattice-based access control Answer: A QUESTION 380: Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL) database objects to specific users or groups? A. Supplemental B. Discretionary C. Mandatory D. System Answer: C Supplemental and System are not access control types. The most correct answer is mandatory opposed to discretionary. The descriptions below sound typical of how a sql accounting database controls access. “In a mandatory access control (MAC) model, users and data owners do not have as much freedom to determine who can access their files. Data owners can allow others to have access to their files, but it is the operating system that will make the final decision and can override the data owner’s wishes.” Pg. 154 Shon Harris CISSP All-In-One Certification Exam Guide “Rule-based access controls are a variation of mandatory access

CISSP PREP Guide (gold edition) pg 358 The other security issue is inference, which is very similar to aggregation. – Shon Harris All-in-one CISSP Certification Guide pg 727 Partitioning a database involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered. – Shon Harris All-in-one CISSP Certification Guide pg 726 Polyinstantiation- This enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. – Shon Harris All-in-one CISSP Certification Guide pg 727 QUESTION 417: How is polyinstantiation used to secure a multilevel database? A. It prevents low-level database users from inferring the existence of higher level data. B. It confirms that all constrained data items within the system conform to integrity specifications. C. It ensures that all mechanism ina system are responsible for enforcing the database security policy. D. Two operations at the same layer will conflict if they operate on the same data item and at least one of them is an update. Answer: A “Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object. In the database information security, this term is concerned with the same primary key for different relations at different classification levels being stored in the same database. For example, in a relational database, the same of a military unit may be classified Secret in the database and may have an identification number as the primary key. If another user at a lower classification level attempts to create a confidential entry for another military unit using the same identification number as a primary key, a rejection of this attempt would imply to the lower level user that the same identification number existed at a higher level ofclassification. To avoid this inference channel of information, the lower level user would be issued the same identification number for their unit and the database management system would manage this situation where the same primary key was used for different units.” Pg 352-353 Krutz: The CISSP Prep Guide: Gold Edition. “Polyinstantiation occurs when to or more rows in the same table appear to have identical primary key elements but contain different data for use at differing classification levels. Polyinstantiation is often used as a defense against some types of inference attacks. For example, consider a database table containing the location of various naval ships on patrol. Normally, this database contains the exact position of each ship stored at the level with secret classification. However, on particular ship, the USS UpToNoGood, is on an undercover mission to a top-secret location. Military commanders do not want anyone to know that the ship deviated from its normal patrol. Ifthe database administrators simply change the classification of the UpToNoGood’s location to top secret, a user with secret clearance would know that something unusual was going on when they couldn’t query the location of the ship. However, if polyinstantiation is used, two records could be inserted into the table. The first one, classified at the top secret level, would reflect the true location of the ship and be available only to users with the appropriate top secret security clearance. The second record, classified at the secret level, would indicate that the ship was on routine patrol and would be returned to users with a secret clearance.” Pg. 191 Tittel: CISSP Study Guide Second Edition QUESTION 418: Which of the following defines the software that maintains and provides access to the database? A. database management system (DBMS) B. relational database management systems (RDBMS) C. database identification system (DBIS) D. Interface Definition Language system (IDLS) Answer: AQUESTION 419: Which of the following is not a responsibility of a database administrator? A. Maintaining databases B. Implementing access rules to databases C. Reorganizing databases D. Providing access authorization to databases Answer: D QUESTION 420: SQL commands do not include which of the following? A. Select, Update B. Grant, Revoke C. Delete, Insert D. Add, Replace Answer: D “SQL commands include Select, Update, Delete, Insert, Grant, and Revoke.” Pg 62 Krutz: CISSP Prep Guide: Gold Edition QUESTION 421: A persistent collection of interrelated data items can be defined as which of the following? A. database B. database management system C. database security D. database shadowing Answer: A QUESTION 422: Which one of the following is commonly used for retrofitting multilevel security to a Database Management System? A. Trusted kernel B. Kernel controller C. Front end controller D. Trusted front-end Answer: D QUESTION 423: Which of the following is the marriage of object-orientedand relational technologies combining the attributes of both? A. object-relational database B. object-oriented database C. object-linking database D. object-management database Answer: A QUESTION 424: A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following? A. content-dependent access control B. context-dependent access control C. least privileges access control D. ownership-based access control Answer: A “Database security takes a different approach than operating system security. In an operating system, the identity and authentication of the subject controls access. This is done through access control lists (ACLs), capability tables, roles, and security labels. The operating system only makes decisions about where a subject can access a file; it does not make this decisionsbased on the contents of the file itself. If Mitch can access file A, it does not matter if that file contains information about a cookie recipe or secret information from the Cold War. On the other hand, database security does look at the contents of a file when it makes an access control decision, which is referred to as content-dependent access control. This type of access control increases processing overhead, but it provides higher granular control.” Pg. 677 Shon Harris: CISSP Certification All-in-One Exam Guide QUESTION 425: Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? A. Normalization B. Assimilation C. Reduction D. Compaction Answer: A QUESTION 426: Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded Cells D. Partitioning Answer: C QUESTION 427: Which of the following is commonly used for retrofitting multilevelsecurity to a database management system? A. trusted front-end B. trusted back-end C. controller D. kernel Answer: A QUESTION 428: Normalizing data within a database includes all of the following except which? A. Eliminating repeating groups by putting them into separate tables B. Eliminating redundant data C. Eliminating attributes in a table that are not dependent on the primary key of that table D. Eliminating duplicate key fields by putting them into separate tables Answer: D “Data Normalization Normalization is an important part of database design that ensures that attributes in a table depend only on the primary key. This process makes it easier to maintain data and have consistent reports. Normalizing data in the database consists of three steps: 1.) Eliminating any repeating groups by putting them into separate tables 2.) Eliminating redundant data (occurring in more than one table) 3.) Eliminating attributes in a table that are not dependent on the primary key of that table”Pg. 62 Krutz: The CISSP Prep Guide: Gold Edition QUESTION 429: SQL commands do not include which of the following? A. Select, Update B. Grant, Revoke C. Delete, Insert D. Add, Replace Answer: D “SQL commands include Select, Update, Delete, Grant, and Revoke.” Pg. 62 Krutz: The CISSP Prep Guide: Gold Edition “Developed by IBM, SQL is a standard data manipulation and relational database definition language. The SQL Data Definition Language creates and deletes views and relations (tables). SQL commands include Select, Update, Delete, Insert, Grant, and Revoke. The latter two commands are used in access control to grant and revoke privileges to resources. Usually, the owner of an object can withhold or transfer GRANT privileges to an object to another subject. If the owner intentionally does not transfer the GRANT privileges, however, which are relative to an object to the individual A, A cannot pass on the GRANT privileges to another subject. In some instances, however, this securitycontrol can be circumvented. For example, if A copies the object, A essentially becomes the owner of that object and thus can transfer the GRANT privileges to another user, such as user B. SQL security issues include the granularity of authorization and the number of different ways you can execute the same query. Pg. 63 Krutz: The CISSP Prep Guide: Gold Edition. QUESTION 430: SQL security issues include which of the following? A. The granularity of authorizations B. The size of databases C. The complexity of key structures D. The number of candidate key elements Answer: A Developed by IBM, SQL is a standard data manipulation and relational database definition language. The SQL Data Definition Language creates and deletes views and relations (tables). SQL commands include Select, Update, Delete, Insert, Grant, and Revoke. The latter two commands are used in access control to grant and revoke privileges to resources. Usually, the owner of an object can withhold or transfer GRANTprivileges to an object to another subject. If the owner intentionally does not transfer the GRANT privileges, however, which are relative to an object to the individual A, A cannot pass on the GRANT privileges to another subject. In some instances, however, this security control can be circumvented. For example, if A copies the object, A essentially becomes the owner of that object and thus can transfer the GRANT privileges to another user, such as user B. SQL security issues include the granularity of authorization and the number of different ways you can execute the same query. Pg. 63 Krutz: The CISSP Prep Guide: Gold Edition. QUESTION 431: Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? A. Bind variables B. Assimilation variables C. Reduction variables D. Resolution variables Answer: A QUESTION 432: What ensures that attributes in a table depend only on the primary key? A. Referentialintegrity B. The database management system (DBMS) C. Data Normalization D. Entity integrity Answer: C QUESTION 433: Which of the following represent the rows of the table in a relational database? A. attributes B. records or tuples C. record retention D. relation Answer: B QUESTION 434: With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases (ORDB) C. Relational Data Bases D. Data Base management systems (DBMS) Answer: A QUESTION 435: Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases C. Relational Data Bases D. Data base management systems (DBMS) Answer: A QUESTION 436: Which of the following refers to the number of columns in a table? A. Schema B. Relation C. Degree D. CardinalityAnswer: C QUESTION 437: Which of the following refers to the number of rows in a relation? A. cardinality B. degree C. depth D. breadth Answer: A QUESTION 438: Which of the following refers to the number of columns in a relation? A. degree B. cardinality C. depth D. breadth Answer: A QUESTION 439: What is one disadvantage of content-dependent protection of information? A. It increases processing overhead B. It requires additional password entry C. It exposes the system to data locking D. It limits the user’s individual address space Answer: A Content-Dependent Access Control “Just like the name sounds, access to objects is determined by the content within the object. This is used many times in databases and the type of Web-based material a firewall allows…If a table within the database contains information about employees’ salaries, the managers were not allowed to view it, but they could view information about an employee’s work history. The content of the database fields dictateswhich user can see specific information within the database tables.” pg 161 Shon Harris: All-In-One CISSP Certification. Decisions will have to be made about the content, therefore increasing processing overhead. QUESTION 440: Which one of the following control steps is usually NOT performed in data warehousing applications? A. Monitor summary tables for regular use. B. Control meta data from being used interactively. C. Monitor the data purging plan. D. Reconcile data moved between the operations environment and data warehouse. Answer: A Not B: It is important to control meta data from being used interactively by unauthorized users. “Data warehouses and data mining are significant to security professionals for two reasons. First, as previously mentioned, data warehouses contain large amounts of potentially sensitive information vulnerable to aggregation and inference attacks, and security practitioners must ensure that adequate access controls and other security measures are in placeto safeguard this data.” Pg 192 Tittel: CISSP Study Guide Not C: “The data in the data warehouse must be maintained to ensure that it is timely and valid. The term data scrubbing refers to maintenance of the data warehouse by deleting information that is unreliable or no longer relevant.” Pg 358-359 Krutz: The CISSP Prep Guide: Gold Edition Not D: “To create a data warehouse, data is taken from an operational database, redundancies are removed, and the data is “cleaned up” in general.” Pg 358 Krutz: The CISSP Prep Guide: Gold Edition QUESTION 441: A storage information architecture does not address which of the following? A. archiving of data B. collection of data C. management of data D. use of data Answer: A QUESTION 442: Which of the following can be defined as the set of allowable values that an attribute can take? A. domain of a relation B. domain name service of a relation C. domain analysis of a relation D. domains, in database of a relation Answer: A QUESTION 443: Programmedprocedures which ensure that valid transactions are processed accurately and only once in the current timescale are referred to as A. Data installation controls B. Application controls C. Operation controls D. Physical controls Answer: B QUESTION 444: What is the most effective means of determining how controls are functioning within an operating system? A. Interview with computer operator B. Review of software control features and/or parameters C. Review of operating system manual D. Interview with product vendor Answer: B QUESTION 445: What is the most effective means of determining how controls are functioning within an operating system? A. Interview with computer operator B. Review of software control features and/or parameters C. Review of operating system manual D. Interview with product vendor Answer: B QUESTION 446: Program change controls must ensure that all changes are A. Audited to verify intent. B. Tested to ensure correctness. C. Implemented into production systems. D.Within established performance criteria. Answer: B Document of the change. Once the change is approved, it should be entered into a change log and the log should be updated as the process continues toward completion. Tested and presented. The change must be fully tested to uncover any unforeseen results. Depending on the severity of the change and the company’s organization, the change and implementation may need to be presented to a change control committee. This helps show different sides to the purpose and outcome of the change and the possible ramifications. – Shon Harris All-in-one CISSP Certification Guide pg 815 QUESTION 447: Which question is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible B. Only specific records can be requested choice C. Particular uses of application can be recorded for audit purposes D. Is non-transparent to the endpoint applications so changes are needed to theapplications involved Answer: D QUESTION 448: A computer program used to process the weekly payroll contains an instruction that the amount of the gross pay cannot exceed $2,500 for any one employee. This instruction is an example of a control that is referred to as a: A. sequence check B. check digit C. limit check D. record check Answer: C QUESTION 449: What are edit controls? A. Preventive controls B. Detective controls C. Corrective controls D. Compensating controls Answer: A Explanation: “Challenge Handshake Authentication Protocol (CHAP) One of the authentication protocols used over PPP links. CHAP encrypts usernames and passwords.” Pg. 682 Glossary: Tittel: CISSP Study Guide QUESTION 450: Which one of the following properties of a transaction processing system ensures that once a transaction completes successfully (commits), the update service even if there is a system failure? A. Atomicity B. Consistency C. Isolation D. Durability Answer: A Atomicity is correct. Consistency isnot a viable answer. Atomicity states that database modifications must follow an “all or nothing” rule. Each transaction is said to be “atomic.” If one part of the transaction fails, the entire transaction fails. It is critical that the database management system maintain the atomic nature of transactions in spite of any DBMS, operating system or hardware failure. Consistency states that only valid data will be written to the database. If, for some reason, a transaction is executed that violates the database’s consistency rules, the entire transaction will be rolled back and the database will be restored to a state consistent with those rules. On the other hand, if a transaction successfully executes, it will take the database from one state that is consistent with the rules to another state that is also consistent with the rules. Isolation requires that multiple transactions occurring at the same time not impact each other’s execution. For example, if Joe issues a transaction against


endpoint security dlp     endpoint security book

TAGS

CATEGORIES