Académique Documents
Professionnel Documents
Culture Documents
Quiz questions
1. Which of the following controls might force a person in operations into collusion
with personnel assigned organizationally within a different function for the sole
purpose of gaining access to data he is not authorized to access?
a. Limiting the local access of operations personnel
b. Enforcing auditing
c. Enforcing separation of duties
d. Limiting control of management personnel
2. Which of the following is not an attack against the operations department usually
has to be concerned with?
a. Brute force
b. Denial of service
c. Buffer overflow
d. Known plaintext attack
3. There are several ways of truly erasing data from different types of media.
Which is not a method of secure media sanitation?
a. Deleting a file from a hard drive
b. Degaussing
c. Overwriting
d. Physical destruction
1
6. A senior member of the IT programming staff, who has been loyal and is
extremely valuable, is suspected of fraud by a vice president. But the executive
has no proof and does not want to make unfound allegations. What operations
control would be best to identify if the programmer is committing fraud?
a. Separation of duties
b. Mandatory vacation
c. Least privilege
d. Need-to-know
8. Which of the following controls are used to amend a situation after an attack has
occurred or vulnerability has been identified?
a. Deterrent
b. Corrective
c. Preventive
d. Recovery
10. Operations departments should back up data in all of the following situations
except which?
a. Once per year
b. Immediately following a reorganization
c. After a system upgrade
d. For authorized on-demand requests
12. Generating magnetic fields to erase the content on a type of media is called what?
a. Sniffing
b. Degaussing
2
c. Wiretapping
d. Magnetizing
13. If a company has been contacted because its mail server has been used to spread
spam, what is most likely the problem?
a. The internal mail server has been compromised by an internal hacker.
b. The mail server in the DMZ has private and public resource records.
c. The mail server has e-mail relaying enabled.
d. The mail server has SMTP enabled.
15. A tool used to detect penetration of a computer system and to identify misuse is
called ____________.
a. Audit trail
b. Documentation
c. Security policy
d. Security model
Answers
1. A
If operations personnel were limited from what they can access they would need to
participate in collusion with someone who actually has access to the resource. This is a
very painful question in the way that it is written, but very close to the way many CISSP
exam questions are formatted.
2. D
The first three are attacks that can directly affect security operations, but known plaintext
attack is an attack against cryptography used in the environment, not a direct attack on
operations.
3. A
Permanently erasing the contents from a medium is called sanitation. Just
deleting a file does not mean that the data is actually erased. It is still there
until the operating system overwrites it. There are several ways to accomplish
this:
Degaussing: Erasing data magnetically.
Overwriting: Replacing old content with new content. This is also called
zeroization when the new contents contain null values.
3
Physical destruction: If the medium cannot be properly sanitized, it must
be destroyed.
4. C
A prudent person is responsible, careful, cautious and practical. This is a legal
concept used to determine if individuals or companies are liable for specific
types of activities. Companies are required to execute due care in order to
protect the security of the business and the employees.
5. C
Authorization creep is the process of an individual continually gaining
privileges or rights that are not necessary to perform his job function. This is
commonly caused by employees moving from one role to another role within
an organization and continually obtaining more rights. This results in
employees having too many rights, which is a risk to a company.
Authorization creep violates both the least privilege and need-to-know
concepts.
6. B
Enforcing the mandatory vacation control is the best option for the vice
president. This will allow another person to perform the job function and
identify potential fraud while the original programmer is on vacation. The
good thing about mandatory vacations is that executives can spin it in a
positive light. Telling an employee to take a vacation can usually be
interpreted in a positive way. Instituting a job rotation, on the other hand, may
clue in the programmer of the executives suspicion.
7. C
Detective controls help to identify breakdowns in access controls. Reviewing
audit logs is one example of a type of technical detective control. For
example, a security professional who reviews a long distance telephone billing
sheet in an operations center can uncover potential fraud by operations
employees.
8. B
Corrective controls are used to fix a problem. For example, when it is
determined that an unauthorized user gained access to a network segment, a
corrective control would address the access control vulnerability that allowed
the user access.
9. A
Clipping levels are thresholds that indicate the number of acceptable user
errors or anomalies. The reason a clipping level is set is to notify security or
management when innocent mistakes become routine enough to suspect
fraudulent behavior.
10. A
4
Backing up data is critical within operations organizations. The most
important step to take is to create a backup plan. This will detail when and
what to back up, as well as where to store the files. Even though each entity
will require different phases of backups, it is not realistic to provide proper
data security when only backing up data once per year.
11. D
Job rotation is the correct answer. It involves training more than one person
for a specific job. This is a control used to identify potential fraud. Separation
of duties ensures that one person is not solely responsible for a critical task.
12. B
Degaussing is an effective way of erasing data on media. The process creates
strong magnetic fields that return the flux of the electrons back to their
original state.
13. C
Spammers will identify the mail servers on the Internet that have relaying enabled
and are wide open, meaning the server will forward any e-mail messages it
receives. These servers are put on a blacklist, and the servers are used by many
different spammers to hide the true origin of the spam messages.
14. C
Least privilege ensures that individuals have permissions to only what is
required to do their job and no more. In this question, Tier I technicians would
only need read access to network devices. Having the ability to make changes
to a border router would violate the least privilege policy.
15. A
Audit trails are effective tools and are considered detective-technical controls.
They can be used to display commands that have been entered into a system,
authentication attempts into a network, or systems and files that have been
accessed or modified.
Return to SearchSecurity.coms Security School for CISSP training:
Class 10 briefing:
http://www.searchsecurity.com/Class10spotlight