« 返回题库列表CISSP全英文备考资料下载|历年真题+模拟试题+重点知识整理
问题 #1
The alternate processing strategy in a business continuity plan can provide for required backup computing capacity through a hot site, a cold site, or
A. A dial-up services program.
B. An off-site storage replacement.
C. An online backup program.
D. A crate and ship replacement.
问题 #2
The 8mm tape format is commonly used in Helical Scan tape drives, but was superseded by:
A. Digital Linear Tape (DLT)
B. Analog Linear Tape (ALT)
C. Digital Signal Tape (DST)
D. Digital Coded Tape (DCT)
问题 #3
The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios?
A. system is up and running
B. system is quiesced but operational
C. system is idle but operational
D. system is up and in single-user-mode
问题 #4
Primarily run when time and tape space permits, and is used for the system archive or baselined tape sets is the:
A. full backup method
B. Incremental backup method
C. differential backup method
D. tape backup method
问题 #5
This backup method makes a complete backup of every file on the server every time it is run by:
A. full backup method
B. incremental backup method
C. differential backup method
D. tape backup method
问题 #6
A backup of all files that are new or modified since the last full backup is
A. In incremental backup
B. A father/son backup
C. A differential backup
D. A full backup
问题 #7
What two factors should a backup program track to ensure the serviceability of backup tape media?
A. The initial usage data of the media and the number of uses.
B. The physical characteristics and rotation cycle of the medi
A.
C. The manufactured and model number of the tape medi
A.
D. The frequency of usage and magnetic composition.
问题 #8
Which of the following virus types changes some of its characteristics as it spreads?
A. boot sector
B. parasitic
C. stealth
D. polymorphic
问题 #9
Which one of the following is a good defense against worms?
A. Differentiating systems along the lines exploited by the attack.
B. Placing limits on sharing, writing, and executing programs.
C. Keeping data objects small, simple, and obvious as to their intent.
D. Limiting connectivity by means of well-managed access controls.
问题 #10
An active content module, which attempts to monopolize and exploits system resources is called a
A. Macro virus
B. Hostile applet
C. Plug-in worm
D. Cookie
问题 #11
Macro viruses written in Visual Basic for Applications (VDA) are a major problem because
A. Floppy disks can propagate such viruses.
B. These viruses can infect many types of environments.
C. Anti-virus software is usable to remove the viral code.
D. These viruses almost exclusively affect the operating system.
问题 #12
What is the term used to describe a virus that can infect both program files and boot sectors?
A. Polymorphic
B. Multipartite
C. Stealth
D. Multiple encrypting
问题 #13
Why are macro viruses easy to write?
A. Active contents controls can make direct system calls
B. The underlying language is simple and intuitive to apply.
C. Only a few assembler instructions are needed to do damage.
D. Office templates are fully API compliant.
问题 #14
Which one of the following traits alow macro viruses to spread more effectively than other types?
A. They infect macro systems as well as micro computers.
B. They attach to executable and batch applications.
C. They can be transported between different operating systems.
D. They spread in distributed systems without detection
问题 #15
In what way could Java applets pose a security threat?
A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP
B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system
C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system
D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.
问题 #16
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program
C. A standalone workstation on which the password database is copied and processed by the cracking program
D. A password-cracking program is unethical; therefore it should not be used.
问题 #17
On UNIX systems, passwords shall be kept:
A. In any location on behalf of root.
B. In a shadow password file.
C. In the /etc/passwd file.
D. In root.
问题 #18
Which of the following would constitute the best example of a password to use for access to a system by a network administrator?
A. holiday
B. Christmas12
C. Jenny&30
D. TrZc&45g
问题 #19
Which of the following is not a media viability control used to protect the viability of data storage media?
A. clearing
B. marking
C. handling
D. storage
问题 #20
Which of the following refers to the data left on the media after the media has been erased?
A. remanence
B. recovery
C. sticky bits
D. semi-hidden
问题 #21
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
问题 #22
What should a company do first when disposing of personal computers that once were used to store confidential data?
A. Overwrite all data on the hard disk with zeroes
B. Delete all data contained on the hard disk
C. Demagnetize the hard disk
D. Low level format the hard disk
问题 #23
Which of the following is not a critical security aspect of Operations Controls?
A. Controls over hardware
B. data media used
C. Operations using resources
D. Environment controls
问题 #24
What tool is being used to determine whether attackers have altered system files of executables?
A. File Integrity Checker
B. Vulnerability Analysis Systems
C. Honey Pots
D. Padded Cells
问题 #25
A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file can damage it. What course of action should be taken?
A. Replace the file with the original version from master media
B. Proceed with automated disinfection
C. Research the virus to see if it is benign
D. Restore an uninfected version of the patched file from backup media
问题 #26
In an on-line transaction processing system, which of the following actions should be taken when erroneous or invalid transactions are detected?
A. The transactions should be dropped from processing
B. The transactions should be processed after the program makes adjustments
C. The transactions should be written to a report and reviewed
D. The transactions should be corrected and reprocessed
问题 #27
Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?
A. Allow the packet to be processed by the network and record the event.
B. Record selected information about the item and delete the packet.
C. Resolve the destination address and process the packet.
D. Translate the source address and resend the packet.
问题 #28
Which of the following is not a good response to a detected intrusion?
A. Collect additional information about the suspected attack
问题 #29
Once an intrusion into your organizations information system has been detected, which of the following actions should be performed first?
A. Eliminate all means of intruder access
B. Contain the intrusion
C. Determine to what extent systems and data are compromised
D. Communicate with relevant parties
问题 #30
After an intrusion has been contained and the compromised systems having been reinstalled, which of the following need not be reviewed before bringing the systems back to service?
A. Access control lists
B. System services and their configuration
C. Audit trails
D. User accounts
问题 #31
Which of the following includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects?
A. Intrusion Evaluation (IE) and Response
B. Intrusion Recognition (IR) and Response
C. Intrusion Protection (IP) and Response
D. Intrusion Detection (ID) and Response
问题 #32
Which of the following is used to monitor network traffic or to monitor host audit logs in order to determine violations of security policy that have taken place?
A. Intrusion Detection System
B. Compliance Validation System
C. Intrusion Management System
D. )Compliance Monitoring System
问题 #33
Which of the following is not a technique used for monitoring?
A. Penetration testing
B. Intrusion detection
C. Violation processing (using clipping levels)
D. Countermeasures testing
问题 #34
Which one of the following is NOT a characteristic of an Intrusion Detection System? (IDS)
A. Determines the source of incoming packets.
B. Detects intruders attempting unauthorized activities.
C. Recognizes and report alterations to data files.
D. Alerts to known intrusion patterns.
问题 #35
An IDS detects an attach using which of the following?
A. an event-based ID or a statistical anomaly-based ID
B. a discrete anomaly-based ID or a signature-based ID
C. a signature-based ID or a statistical anomaly-based ID
D. a signature-based ID or an event-based ID
问题 #36
Which of the following monitors network traffic in real time?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
问题 #37
What technology is being used to detect anomalies?
A. IDS
B. FRR
C. Sniffing
D. Capturing
问题 #38
IDSs verify, itemize, and characterize threats from:
A': "Inside your organization's network. ", 'B': "Outside your organization's network.", 'C': "Outside and inside your organization's network.", 'D. The Internet.
问题 #39
IDS can be described in terms of what fundamental functional components?
A. Response
B. Information Sources
C. Analysis
D. All of the choices.
问题 #40
What are the primary goals of intrusion detection systems? (Select all that apply.)
A. Accountability
B. Availability
C. Response
D. All of the choices
问题 #41
What is the most common way to classify IDSs?
A. Group them by information source.
B. Group them by network packets.
C. Group them by attackers.
D. Group them by signs of intrusion.
问题 #42
The majority of commercial intrusion detection systems are:
A. Identity-based
B. Network-based
C. Host-based
D. Signature-based
问题 #43
Which of the following is a drawback of Network-based IDSs?
A. It cannot analyze encrypted information.
B. It is very costly to setup.
C. It is very costly to manage.
D. It is not effective.
问题 #44
Host-based IDSs normally utilize information from which of the following sources?
A. Operating system audit trails and system logs.
B. Operating system audit trails and network packets.
C. Network packets and system logs.
D. Operating system alarms and system logs.
问题 #45
When comparing host based IDS with network based ID, which of the following is an obvious advantage?
A. It is unaffected by switched networks.
B. It cannot analyze encrypted information.
C. It is not costly to setup.
D. It is not costly to manage.
问题 #46
You are comparing host based IDS with network based ID. Which of the following will you consider as an obvious disadvantage of host based IDS?
A. It cannot analyze encrypted information.
B. It is costly to remove.
C. It is affected by switched networks.
D. It is costly to manage.
问题 #47
Which of the following IDS inflict a higher performance cost on the monitored systems?
A. Encryption based
B. Host based
C. Network based
D. Trusted based
问题 #48
Application-based IDSs normally utilize information from which of the following sources?
A. Network packets and system logs.
B. Operating system audit trails and network packets.
C. Operating system audit trails and system logs.
D': "Application's transaction log files. "}
问题 #49
Which of the following are the major categories of IDSs response options?
A. Active responses
B. Passive responses
C. Hybrid
D. All of the choices.
问题 #50
Alarms and notifications are generated by IDSs to inform users when attacks are detected. The most common form of alarm is:
A. Onscreen alert
B. Email
C. Pager
D. Icq
问题 #51
Which of the following is a valid tool that complements IDSs?
A. All of the choices.
B. Padded Cells
C. Vulnerability Analysis Systems
D. Honey Pots
问题 #52
A problem with a network-based ID system is that it will not detect attacks against a host made by an intruder who is logged in at which of the following?
问题 #53
When the IDS detect attackers, the attackers are seamlessly transferred to a special host. This method is called:
A. Vulnerability Analysis Systems
B. Padded Cell
C. Honey Pot
D. File Integrity Checker
问题 #54
Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A. Lack of ability to scale.
B. Lack of learning model.
C. Inability to run in real time.
D. Requirement to monitor every event.
问题 #55
The two most common implementations of Intrusion Detection are which of the following?
A. They commonly reside on a discrete network segment and monitor the traffic on that network segment
B. They commonly will not reside on a discrete network segment and monitor the traffic on that network segment
C. They commonly reside on a discrete network segment but do not monitor the traffic on that network segment
D. They commonly do not reside on a discrete network segment and monitor the traffic on that network segment
问题 #56
What are the primary approaches IDS takes to analyze events to detect attacks?
A. Misuse detection and anomaly detection.
B. Log detection and anomaly detection.
C. Misuse detection and early drop detection.
D. Scan detection and anomaly detection.
问题 #57
Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know attacks are called:
A. Attachments
B. Signatures
C. Strings
D. Identifications
问题 #58
Which of the following is an obvious disadvantage of deploying misuse detectors?
A. They are costly to setup.
B. They are not accurate.
C. They most be constantly updated with signatures of new attacks.
D. They are costly to use.
问题 #59
What detectors identify abnormal unusual behavior on a host or network?
A. None of the choices.
B. Legitimate detectors.
C. Anomaly detectors.
D. Normal detectors.
问题 #60
A network-based IDS is which of the following?
A. active while it acquires data
B. passive while it acquires data
C. finite while it acquires data
D. infinite while it acquires data
问题 #61
Which of the following usually provides reliable, real-time information without consuming network or host resources?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
问题 #62
Which of the following would assist in intrusion detection?
A. audit trails
B. access control lists
C. security clearances
D. host-based authentication
问题 #63
Using clipping levels refers to:
A. setting allowable thresholds on reported activity
B. limiting access to top management staff
C. setting personnel authority limits based on need-to-know basis
D. encryption of data so that it cannot be stolen
问题 #64
In what way can violation clipping levels assist in violation tracking and analysis?
A. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred
B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant
C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status
D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations
问题 #65
When establishing a violation tracking and analysis process, which one of the following parameters is used to keep the quantity of data to manageable levels?
A. Quantity baseline
B. Maximum log size
C. Circular logging
D. Clipping levels
问题 #66
Audit trails based upon access and identification codes establish...
A. intrustion detection thresholds
B. individual accountability
C. audit review critera
D. individual authentication
问题 #67
The primary reason for enabling software audit trails is which of the following?
A. Improve system efficiency
B. Improve response time for users
C. Establish responsibility and accountability
D. Provide useful information to track down processing errors
问题 #68
Tracing violations, or attempted violations of system security to the user responsible is a function of?
A. authentication
B. access management
C. integrity checking
D. accountability
问题 #69
According to the Minimum Security Requirements (MSR) for Multi-User Operating Systems (NISTIR 5153) document, which of the following statements pertaining to audit data recording is incorrect?
A. The system shall provide end-to-end user accountability for all security-relevant events
B. The system shall protect the security audit trail from unauthorized access
C. For maintenance purposes, it shall be possible to disable the recording of activities that require privileges.
D. The system should support an option to maintain the security audit trail data in encrypted format
问题 #70
Which of the following questions is less likely to help in assessing controls over audit trails?
A. Does the audit trail provide a trace of user actions?
B. Are incidents monitored and tracked until resolved?
C. Is access to online logs strictly controlled?
D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?
问题 #71
You should keep audit trail on which of the following items?
A. Password usage.
B. All unsuccessful logon.
C. All of the choices.
D. All successful logon.
问题 #72
In addition to providing an audit trail required by auditors, logging can be used to
A. provide backout and recovery information
B. prevent security violations
C. provide system performance statistics
D. identify fields changed on master files.
问题 #73
Which of the following should NOT be logged for performance problems?
A. CPU load.
B. Percentage of use.
C. Percentage of idle time.
D. None of the choices.
问题 #74
Which of the following should be logged for security problems?
A. Use of mount command.
B. Percentage of idle time.
C. Percentage of use.
D. None of the choices.
问题 #75
Which of the following services should be logged for security purpose?
A. bootp
B. All of the choices.
C. sunrpc
D. tftp
问题 #76
The auditing method that assesses the extent of the system testing, and identifies specific program logic that has not been tested is called
A. Decision process analysis
B. Mapping
C. Parallel simulation
D. Test data method
问题 #77
Who should NOT have access to the log files?
A. Security staff.
B. Internal audit staff.
C. System administration staff.
D': "Manager's secretary. "}
问题 #78
Which of the following correctly describe the use of the collected logs?
A. They are used in the passive monitoring process only.
B. They are used in the active monitoring process only.
C. They are used in the active and passive monitoring process.
D. They are used in the archiving process only.
问题 #79
All logs are kept on archive for a period of time. What determines this period of time?
A. Administrator preferences.
B. MTTR
C. Retention polices
D. MTTF
问题 #80
Logs must be secured to prevent:
A. Creation, modification, and destruction.
B. Modification, deletion, and initialization.
C. Modification, deletion, and destruction.
D. Modification, deletion, and inspection.
问题 #81
To ensure dependable and secure logging, all computers must have their clock synchronized to:
A. A central timeserver.
B. The log time stamp.
C. The respective local times.
D. None of the choices.
问题 #82
To ensure dependable and secure logging, logging information traveling on the network should be:
A. Stored
B. Encrypted
C. Isolated
D. Monitored
问题 #83
The activity that consists of collecting information that will be used for monitoring is called:
A. Logging
B. Troubleshooting
C. Auditing
D. Inspecting
问题 #84
How often should logging be run?
A. Once every week.
B. Always
C. Once a day.
D. During maintenance.
问题 #85
Which of the following are security events on Unix that should be logged?
A. All of the choices.
B. Use of Setgid.
C. Change of permissions on system files.
D. Use of Setuid.
问题 #86
Which of the following are potential firewall problems that should be logged?
A. Reboot
B. All of the choices.
C. Proxies restarted.
D. Changes to configuration file.
问题 #87
Which of the following is required in order to provide accountability?
A. Authentication
B. Integrity
C. Confidentiality
D. Audit trails
问题 #88
The principle of accountability is a principle by which specific action can be traced back to:
A. A policy
B. An individual
C. A group
D. A manager
问题 #89
The principle of _________ is a principle by which specific action can be traced back to anyone of your users.
A. Security
B. Integrity
C. Accountability
D. Policy
问题 #90
According to the principle of accountability, what action should be traceable to a specific user?
A. Material
B. Intangible
C. Tangible
D. Significant
问题 #91
Which of the following best ensures accountability of users for actions taken within a system or domain?
A. Identification
B. Authentication
C. Authorization
D. Credentials
问题 #92
Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails
问题 #93
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
A. through access control mechanisms that require identification and authentication and through the audit function.
B. through logical or technical controls involving the restriction of access to systems and the protection of information
C. through logical or technical controls but not involving the restriction of access to systems and the protection of information.
D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.
问题 #94
What types of computer attacks are most commonly reported by IDSs?
A. System penetration
B. Denial of service
C. System scanning
D. All of the choices
问题 #95
Operation security requires the implementation of physical security to control which of the following?
A. unauthorized personnel access
B. incoming hardware
C. contingency conditions
D. evacuation procedures
问题 #96
Configuration Management is a requirement for the following level(s)?
A. B3 and A1
B. B1, B2 and B3
C. A1
D. B2, B3, and A1
问题 #97
Which of the following is not concerned with configuration management?
A. Hardware
B. Software
C. Documentation
D. They all are concerned with configuration management
问题 #98
Configuration Management controls what?
A. Auditing of changes to the Trusted Computing Base
B. Control of changes to the Trusted Computing Base
C. Changes in the configuration access to the Trusted Computing Base
D. Auditing and controlling any changes to the Trusted Computing Base
问题 #99
In addition to ensuring that changes to the computer system take place in an identifiable and controlled environment, configuration management provides assurance that future changes:
A. The application software cannot bypass system security features.
B. Do not adversely affect implementation of the security policy.
C. To do the operating system are always subjected to independent validation and verification.
D. In technical documentation maintain an accurate description of the Trusted Computer Base.
问题 #100
Which set of principal tasks constitutes configuration management?
A. Program management, system engineering, and quality assurance.
B. Requirements verification, design, and system integration and testing.
C. Independent validation and verification of the initial and subsequent baseline.
D. Identification, control, status accounting, and auditing of changes.
闽公网安备 35012102500533号
|
闽ICP备18010967号-7