Flashcards in Exam SET C Deck (192)
Which of the following languages is NOT an object-oriented language?
C. Simula 67
Explanation: Lisp, for list processing, is a functional language that processes symbolic expressions rather than numbers. It is used in the artificial intelligence field. The languages cited in the other answers are object-oriented languages.
What does the prudent man rule require?
A. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur
B. Senior officials to post performance bonds for their actions
C. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances
D. Senior officials to follow specified government standards
Explanation: *Answer "Senior officials to post performance bonds for their actions" is a distracter and is not part of the prudent man rule. * Answer "Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur" is incorrect because it is not possible to guarantee that breaches of security can never occur. * Answer "Senior officials to follow specified government standards" is incorrect because the prudent man rule does not refer to a specific government standard but relates to what other prudent persons would do.
A standard that uses the Object Request Broker (ORB) to implement exchanges among objects in a heterogeneous, distributed environment is called:
A. An Interface Definition Language (IDL)
B. Open Architecture
C. The Object Management Group (OMG) Object Model
D. A Common Object Request Broker Architecture (CORBA)
Explanation: * the OMG Object Model provides standard means for describing the externally visible characteristics of objects. *Answer Open Architecture is a distracter. *IDL is a standard interface language that is used by clients to request services from objects.
Which choice below is the BEST description of the criticality prioritization goal of the Business Impact Assessment (BIA) process?
A. The identification and prioritization of every critical business unit process
B. The estimation of the maximum down time the business can tolerate
C. The presentation of the documentation of the results of the BIA
D. The identification of the resource requirements of the critical business unit processes
Explanation: The correct answer is "The identification and prioritization of every critical business unit process". The three primary goals of a BIA are criticality prioritization, maximum down time estimation, and identification of critical resource requirements. *Answer "The presentation of the documentation of the results of the BIA" is a distracter.
Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:
A. Exigent Circumstances.
B. Proximate Causation.
C. Prudent Man Rule.
D. Federal Sentencing Guidelines.
Explanation: The other answers refer to other principles, guidelines, or rules.
Which TCSEC security class category below specifies trusted recovery controls?
Explanation: TCSEC security categories B3 and A1 require the implementation of trusted recovery. Trusted recovery is the procedures and/or mechanisms provided to assure that, after an ADP system failure or other discontinuity, recovery without a protection compromise is obtaineD. A system failure represents a serious security risk because security controls may be bypassed when the system is not functioning normally. Trusted recovery has two primary activities: preparing for a system failure (backup) and recovering the system. Source: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
Which of the following would NOT be considered a penetration testing technique?
C. War dialing
D. Data manipulation
Explanation: The correct answer is Data manipulation. Data manipulation describes the corruption of data integrity to perform fraud for personal gain or other reasons. External penetration testing should not alter the data in any way. The other three are common penetration techniques.
Which choice below is the BEST description of an audit trail?
A. Audit trails are used to detect penetration of a computer system and to reveal usage that identifies misuse.
B. An audit trail is a device that permits simultaneous data processing of two or more security levels without risk of compromise.
C. An audit trail mediates all access to objects within the network by subjects within the network.
D. Audit trails are used to prevent access to sensitive systems by unauthorized personnel.
Explanation: An audit trail is a set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. Audit trails may be limited to specific events or may encompass all of the activities on a system. User audit trails can usually log: All commands directly initiated by the user All identification and authentication attempts Files and resources accessed It is most useful if options and parameters are also recorded from commands. It is much more useful to know that a user tried to delete a log file (e.g., to hide unauthorized actions) than to know the user merely issued the delete command, possibly for a personal data file. *Answer "An audit trail is a device that permits simultaneous data processing of two or more security levels without risk of compromise." is a description of a multilevel devicE. A multilevel device is a device that is used in a manner that permits it to process data of two or more security levels simultaneously without risk of compromisE. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the data being processed. *Answer "An audit trail mediates all access to objects within the network by subjects within the network." refers to a network reference monitor, an access control concept that refers to an abstract machine that mediates all access to objects within the network by subjects within the network. * Answer "Audit trails are used to prevent access to sensitive systems by unauthorized personnel." is incorrect, because audit trails are detective, and the answer describes a preventative process, access control. Source: NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems and DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
In object-oriented programming, when all the methods of one class are passed on to a subclass, this is called:
C. Multiple Inheritance
D. Forward chaining
Explanation: In inheritance, all the methods of one class, called a superclass, are inherited by a subclass. Thus, all messages understood by the superclass are understood by the subclass. In other words, the subclass inherits the behavior of the superclass. *Answer Forward chaining is a distracter and describes data-driven reasoning used in expert systems. *Multiple inheritancedescribes the situation where a subclass inherits the behavior of multiple superclasses. *Answer delegation, is an alternative to inheritance in an object-oriented system. With delegation, if an object does not have a method to satisfy a request it has received, it can delegate the request to another object.
What type of security controls operate on the input to a computing system, on the data being processed, and the output of the system?
A. Numerical controls
B. Data controls
C. Normative controls
D. Application controls
Explanation: The correct answer is Application controls. The other answers are distracters.
Which choice below refers to a business asset?
A. Protection devices or procedures in place that reduce the effects of threats
B. Events or situations that could cause a financial or operational impact to the organization
C. Competitive advantage, credibility, or good will
D. Personnel compensation and retirement programs
Explanation: Assets are considered the physical and financial assets that are owned by the company. Examples of business assets that could be lost or damaged during a disaster are: Revenues lost during the incident On-going recovery costs Fines and penalties incurred by the event. Competitive advantage, credibility, or good will damaged by the incident *Answer "Events or situations that could cause a financial or operational impact to the organization" is a definition for a threat. *Answer "Protection devices or procedures in place that reduce the effects of threats" is a description of mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators. *Answer "Personnel compensation and retirement programs" is a distracter. Source: Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999.
A distributed object model that has similarities to the Common Object Request Broker Architecture (CORBA) is:
A. Distributed Data Model
B. Inference Model
C. Distributed Component Object Model (DCOM)
D. The Chinese Wall Model
Explanation: DCOM is the distributed version of COM that supports remote objects as if the objects reside in the clients address space. ACOM client can access a COM object through the use of a pointer to one of the objects interfaces and, then, invoking methods through that pointer. As discussed in Question 24, CORBA is a distributed object framework developed by the Object Management Group. * the Chinese Wall Model (D.C. Brewer & M.J. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE Computer Society Symposium on Security and Privacy, pp. 215-228, 1989), uses internal rules to compartmentalize areas in which individuals may work to prevent disclosure of proprietary information and to avoid conflicts of interest. The Chinese Wall model also incorporates the principle of separation of duty. * Answers Inference Model and Distributed Data Model are distracters.
The process of analyzing large data sets in a data warehouse to find non-obvious patterns is called:
A. Data scanning
B. Data administration
C. Derived data
D. Data mining
Explanation: For example, mining of consumer-related data may show a correlation between the number of children under four years old in a household and the fathers preferences in aftershave lotion. *Answer Data scanning is a distracter. *Data administrationdescribes the degree of managements dedication to the data warehouse concept. *Answer derived data, is data that is obtained through the processing of raw data.
In an expert system, the process of beginning with a possible solution and using the knowledge in the knowledge base to justify the solution based on the raw input data is called:
A. Forward chaining
B. Dynamic reasoning
C. A blackboard solution
D. Backward chaining
Explanation: Backward chaining is generally used when there are a large number of possible solutions relative to the number of inputs. *Answer Dynamic reasoning is a distracter. Answer forward chaining, is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs. The input data is used to reason forward to prove that one of the possible solutions in a small solution set is the correct one. *The blackboard is an expert system reasoning methodology in which a solution is generated by the use of a virtual blackboard wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an Aiterative process, a solution is generated.
Which of the following are alid legal issues associated with computer crime? Select three
A. It may be difficult to prove criminal intent.
B. It may be difficult to obtain a trail of evidence of activities performed on the computer.
C. It may be difficult to show causation.
D. Electronic Data Interchange (EDI) makes it easier to relate a crime to an individual.
Explanation: EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions. *Answer "It may be difficult to prove criminal intent" is a valid legal issue since it may be very difficult to prove criminal intent by a person perusing computer files and then causing damage to the files. The damage may have not been intentional. *Answer "It may be difficult to obtain a trail of evidence of activities performed on the computer" describes the situation of trying to track activities on a computer where the information is volatile and may have been destroyed. * In answer "It may be difficult to show causation", common law refers to causation of the criminal act. Causation is particularly difficult to show in instances where a virus or other malicious code erases itself after causing damage to vital information.
The Kennedy-Kassebaum Act is also known as:
C. EU Directive
Explanation: The others refer to other laws or guidelines.
Which choice below is NOT an element of BCP plan approval and implementation?
A. Executing a disaster scenario and documenting the results
B. Obtaining senior management approval of the results
C. Creating an awareness of the plan
D. Updating the plan regularly and as needed
Explanation: Answer "Executing a disaster scenario and documenting the results" is a distracter, although it could be considered a loose description of disaster recovery plan testing. The other three choices are primary elements of BCP approval, implementation, and maintenance.
Which statement below MOST accurately describes configuration control?
A. Assuring that only the proposed and approved system changes are implemented
B. Tracking the status of current changes as they move through the configuration control process
C. Verifying that all configuration management policies are being followed
D. The decomposition process of a verification system into CIs
Explanation: Configuration control is a means of assuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accuratE. This involves strict procedures for proposing, monitoring, and approving system changes and their implementation. Configuration control entails central direction of the change process by personnel who coordinate analytical tasks, approve system changes, review the implementation of changes, and supervise other tasks such as documentation. *Answer "The decomposition process of a verification system into CIs" is configuration identification. The decomposition process of a verification system into Configuration Items (CIs) is called configuration identification. A CI is a uniquely identifiable subset of the system that represents the smallest portion to be subject to independent configuration control procedures. Answer "Tracking the status of current changes as they move through the configuration control process" is configuration accounting. Configuration accounting documents the status of configuration control activities and, in general, provides the information needed to manage a configuration effectively. It allows managers to trace system changes and establish the history of any developmental problems and associated fixes. Configuration accounting also tracks the status of current changes as they move through the configuration control process. Configuration accounting establishes the granularity of recorded information and thus shapes the accuracy and usefulness of the audit function. *Answer "Verifying that all configuration management policies are being follow" is configuration audit. Configuration audit is the quality assurance component of configuration management. It involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followeD. A vendors configuration management program must be able to sustain a complete configuration audit by an NCSC review team. Source: NCSC-TG-014, Guidelines for Formal Verification Systems.
Which of the following best defines social engineering?
A. Gathering information from discarded manuals and printouts
B. Illegal copying of software
C. Destruction or alteration of data
D. Using people skills to obtain proprietary information
Explanation: Using people skills to obtain proprietary information. *Answer "Illegal copying of software" is software piracy * answer "Gathering information from discarded manuals and printouts" is dumpster diving; *answer "Destruction or alteration of data" is a violation of integrity.
18 USC. ß2001 (1994) refers to:
A. Article 18, US Code, Section 2001, 1994 edition.
B. Title 18, University of Southern California, Article 2001, 1994 edition.
C. Title 2001 of the US Code, Section 18, 1994 edition.
D. Title 18, Section 2001 of the US Code, 1994 edition.
Asystem that exhibits reasoning similar to that of humans knowledgeable in a particular field to solve a problem in that field is called:
A. An expert system.
B. A data warehouse.
C. A neural network.
D. A smart system.
Explanation: Answer a smart system is a distracter. A data warehouse, is a repository of information from heterogeneous databases that is available to users for making queries. A neural network is a self-learning system that bases its operation on the model of the functioning of biological neurons.
Which choice below is NOT a recommended step to take when resuming normal operations after an emergency?
A. Conduct an investigation.
B. Re-occupy the damaged building as soon as possible.
C. Account for all damage-related costs.
D. Protect undamaged property.
Explanation: Re-occupying the site of a disaster or emergency should not be undertaken until a full safety inspection has been done, an investigation into the cause of the emergency has been completed, and all damaged property has been salvaged and restored. During and after an emergency, the safety of personnel must be monitored, any remaining hazards must be assessed, and security must be maintained at the scene. After all safety precautions have been taken, an inventory of damaged and undamaged property must be done to begin salvage and restoration tasks. Also, the site must not be re-occupied until all investigative processes have been completed. Detailed records must be kept of all disaster-related costs and valuations must be made of the effect of the business interruption. Source: Emergency Management Guide for Business and Industry, Federal Emergency Management Agency,
In the software life cycle, validation:
A. Refers to the work product satisfying software maturity levels.
B. Refers to the work product satisfying the real-world requirements and concepts.
C. Refers to the work product satisfying generally accepted principles.
D. Refers to the work product satisfying derived specifications.
Explanation: In the software life cycle, validation is the work product satisfying the real-world requirements and concepts. The other answers are distracters
What is the responsibility of the contingency planner regarding LAN
backup and recovery if the LAN is part of a building server environment?
A. Recovering client/server systems owned and supported by internal staff
B. Identifying essential business functions
C. Classifying the recovery time frame of the business unit LAN
D. Getting a copy of the recovery procedures from the building server administrator
Explanation: When any part of the LAN is not hosted internally, and is part of a building server environment, it is the responsibility of the contingency planner to identify the building server administrator, identify for him the recovery time frame required for your business applications, obtain a copy of the recovery procedures, and participate in the validation of the buildings server testing. If all or part of the business is not in the building server environment, then the other three choices are also the responsibility of the contingency planner. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.
Which standard defines the International Standard for the Common Criteria?
D. DoD 5200.28-STD
Explanation: ISO/IEC 15408-1 is the International Standards version of the Common CriteriA. The ISO approved and published the CC text as the new International Standard (IS) 15408 on December 1, 19994. As of this writing the Common Criteria version is 2.1. Answer b is the Code of Practice for Information Security Management (BS7799) developed by the British Standards Institute. The BS7799 standard effectively comes in two parts: ISO/IEC 17799:2000 (Part 1) is the standard code of practice and can be regarded as a comprehensive catalogue of recommended security policy. BS7799-2:1999 (Part 2) is a standard specification for an Information Security Management System (ISMS). An ISMS is the means by which Senior Management monitors and controls their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer, and legal requirements.5
*Answer DoD 5200.28-STD is the Orange Book, the DoD Trusted Computer System Evaluation Criteria. *Answer CSC-STD-002-85 is the Green Book, the DoD Password Management Guidelines. Source: The Common Criteria Project.
Which task below would normally be a function of the security administrator, not the system administrator?
A. Reviewing audit data
B. Managing print queues
C. Adding and removing system users
D. Installing system software
Explanation: Reviewing audit data should be a function separate from the day-to-day administration of the system.
Which statement below is accurate about the concept of Object Reuse?
A. Object reuse protects against physical attacks on the storage medium.
B. Object reuse applies to removable media only.
C. Object reuse controls the granting of access rights to objects.
D. Object reuse ensures that users do not obtain residual information from system resources.
Explanation: Object reuse mechanisms ensure system resources are allocated and reassigned among authorized users in a way that prevents the leak of sensitive information, and ensure that the authorized user of the system does not obtain residual information from system resources. Object reuse is defined as The reassignment to some subject of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects. To be securely reassigned, no residual data can be available to the new subject through standard system mechanisms.7 The object reuse requirement of the TCSEC is intended to assure that system resources, in particular storage media, are allocated and reassigned among system users in a manner which prevents the disclosure of sensitive information. Answer a is incorrect. Object reuse does not necessarily protect against physical attacks on the storage medium. Answer c is also incorrect, as object reuse applies to all primary and secondary storage media, such as removable media, fixed media, real and virtual main memory (including registers), and cache memory. Answer d refers to authorization, the granting of access rights to a user, program, or process. Source: NCSC-TG-018, A Guide To Understanding Object Reuse in Trusted Systems [Light Blue Book].
Relative to legal evidence, which one of the following correctly describes the difference between an expert and a nonexpert in delivering an opinion?
A. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to facts.
B. Anonexpert can offer an opinion based on personal expertise and facts, but an expert can testify only as to facts.
C. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to personal opinion.
D. An expert can offer an opinion based on facts only, but a nonexpert can testify only as to personal opinion.
Explanation: The other answers are distracters.
Which choices below are commonly accepted definitions for a disaster? Select three.
A. A suddenly occurring event that has a long-term negative impact on social life
B. An emergency that is beyond the normal response resources of the entity
C. An occurrence or imminent threat to the entity of widespread or severe damage, injury, loss of life, or loss of property
D. An occurrence that is outside the normal computing function
Explanation: The disaster/emergency management and business continuity community consists of many different types of entities, such as governmental (federal, state, and local), nongovernmental (business and industry), and individuals. Each entity has its own focus and its own definition of a disaster. The correct answers are examples of these various definitions of disasters. A very common definition of a disaster is a suddenly occurring or unstoppable developing event that: Claims loss of life, suffering, loss of valuables, or damage to the environment. Overwhelms local resources or efforts. Has a long-term impact on social or natural life that is always negative in the beginning. Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition.