Flashcards in Operations Security Deck (180)
The PRIMARY purpose of operations security is
A. Protect the system hardware from environment damage.
B. Monitor the actions of vendor service personnel.
C. Safeguard information assets that are resident in the system.
D. Establish thresholds for violation detection and logging.
Explanation: I think A or C could be the answers. I am leaning towards the C answer but use your
best judgment. "Operations Security can be described as the controls over the hardware in a computing facility, the data media used in a facility, and the operators using these resources in a facility...A Cissp candidate will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms that are available, the potential for access abuse, the appropriate controls, and the principles of good practice." -Ronald Krutz The CISSP PREP Guide (gold edition) pg 297
Which of the following is not a component of a Operations Security “triples”?
Reference: pg 298 Krutz: CISSP Study Guide: Gold Edition
A periodic review of user account management should not determine:
A. Conformity with the concept of least privilege
B. Whether active accounts are still being used
C. Strength of user-chosen passwords
D. Whether management authorizations are up-to-date
Which of the following functions is less likely to be performed by a typical security administrator?
A. Setting user clearances and initial passwords
B. Adding and removing system users
C. Setting or changing file sensitivity labels
D. Reviewing audit data
Who is responsible for setting user clearances to computer-based information?
A. Security administrators
C. Data owners
D. Data custodians
Who is the individual permitted to add users or install trusted programs?
A. Database Administrator
B. Computer Manager
C. Security Administrator
D. Operations Manager
Explanation: Typical system administrator or enhanced operator functions can include the following Installing system software
Starting up (booting) and shutting down a system Adding and removing system users Performing back-ups and recovery Handling printers and managing print queues -Ronald Krutz The CISSP PREP Guide (gold edition) pg 305-304
In Unix, which file is required for you to set up an environment such that every user on the other host is a trusted user that can log into this host without authentication?
D. None of the choices.
Explanation: The /etc/hosts.equiv file is saying that every user on the other host is a trusted user and allowed to log into this host without authentication (i.e. NO PASSWORD). The only thing that must exist for a user to log in to this system is an /etc/passwd entry by the same login name the user is currently using. In other words, if there is a user trying to log into this system whose login name is "bhope", then there must be a "bhope" listed in the /etc/passwd file.
For what reason would a network administrator leverage promiscuous mode?
A. To screen out all network errors that affect network statistical information.
B. To monitor the network to gain a complete statistical picture of activity.
C. To monitor only unauthorized activity and use.
D. To capture only unauthorized internal/external use.
Which of the following questions is less likely to help in assessing controls over hardware and software maintenance?
A. Is access to all program libraries restricted and controlled?
B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions?
C. Is there version control?
D. Are system components tested, documented, and approved prior to promotion to production?
Which of the following correctly describe “good” security practice?
A. Accounts should be monitored regularly.
B. You should have a procedure in place to verify password strength.
C. You should ensure that there are no accounts without passwords.
D. All of the choices.
Explanation: In many organizations accounts are created and then nobody ever touches those accounts again. This is a very poor security practice. Accounts should be monitored regularly, you should look at unused accounts and you should have a procedure in place to ensure that departing employees have their rights revoke prior to leaving the company. You should also have a procedure in place to verify password strength or to ensure that there are no accounts without passwords.
Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access.
A. Superuser of inetd.
B. Manager or root.
C. Fsf or root
D. Superuser or root.
Explanation: Access to the superuser or root account on a server must be limited to only the system administrators that must absolutely have this level of access. Use of programs such as SUDO is recommended to give limited and controlled root access to administrators that have a need for such access.
Which of the following files should the security administrator be restricted to READ only access?
A. Security parameters
B. User passwords
C. User profiles
D. System log
Root login should only be allowed via:
B. System console
C. Remote program
Explanation: The root account must be the only account with a user ID of 0 (zero) that has open access to the UNIX shell. It must not be possible for root to sign on directly except at the system console. All other access to the root account must be via the 'su' command.
What does "System Integrity" mean?
A. The software of the system has been implemented as designed.
B. Users can't tamper with processes they do not own
C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly
D. Design specifications have been verified against the formal top-level specification
Operations Security seeks to primarily protect against which of the following?
A. object reuse
B. facility disaster
C. compromising emanations
D. asset threats
In order to avoid mishandling of media or information, you should consider using:
Explanation: In order to avoid mishandling of media or information, proper labeling must be used. All tape, floppy disks, and other computer storage media containing sensitive information must be externally marked with the appropriate sensitivity classification. All tape, floppy disks, and other computer storage media containing unrestricted information must be externally marked as such. All printed copies, printouts, etc., from a computer system must be clearly labeled with the proper classification.
In order to avoid mishandling of media or information, which of the following should be labeled?
A. All of the choices.
B. Printed copies
D. Floppy disks
Explanation: In order to avoid mishandling of media or information, proper labeling must be used.
All tape, floppy disks, and other computer storage media containing sensitive information must be externally marked with the appropriate sensitivity classification. All tape, floppy disks, and other computer storage media containing unrestricted information must be externally marked as such. All printed copies, printouts, etc., from a computer system must be clearly labeled with the proper classification. As a rule of thumb, you should have an indication of the classification of the document. The classification is based on the sensitivity of information. It is usually marked at the minimum on the front and back cover, title, and first pages.
Compact Disc (CD) optical media types is used more often for:
A. very small data sets
B. very small files data sets
C. larger data sets
D. very aggregated data sets
At which temperature does damage start occurring to magnetic media?
A. 100 degrees
B. 125 degrees
C. 150 degrees
D. 175 degrees
Which of the following statements pertaining to air conditioning for an information processing facility is correct?
A. The AC units must be controllable from outside the area
B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room
C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown
D. The AC units must be dedicated to the information processing facilities
Removing unnecessary processes, segregating inter-process communications, and reducing executing privileges to increase system security is commonly called
Explanation: What is hardening? Naturally, there is more than one definition, but in general, one tightens control using policies which affect authorization, authentication and permissions. Nothing happens by default. You only give out permission after thinking about it, something like "deny all" to everyone, then "allow" with justification. Shut off everything, then only turn on that which must be turned on. It is not unlike locking every single door, window and access point in your house, then unlocking only those that need to be. It is quite common for users to take all the defaults when their new system gets turned on making for instant vulnerability. A major problem is trying to figure out where all those details are that need to be turned off, without making the system unusable.
Which of the following RAID levels functions as a single virtual disk?
A. RAID Level 7
B. RAID Level 5
C. RAID Level 10
D. RAID Level 2
Explanation: RAID level 2 would be our guess, but all of them can function as a single virtual disk, that is what logical drives present.
Which of the following takes the concept of RAID 1 (mirroring) and applies it to a pair of servers?
A. A redundant server implementation
B. A redundant client implementation
C. A redundant guest implementation
D. A redundant host implementation
Which of the following enables the drive array to continue to operate if any disk or any path to any disk fails?
A. RAID Level 7
B. RAID Level 1
C. RAID Level 2
D. RAID Level 5
Explanation: “RAID Level 7 is a variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. This is sometimes simulated by software running over a RAID level 5 hardware implementation, which enables the drive array to continue to operate if any disk or any path to any disk fails. It also provides parity protection.” Pg 91 Krutz: CISSP Prep Guide: Gold Edition.
Depending upon the volume of data that needs to be copied, full backups to tape can take:
A. an incredible amount of time
B. a credible amount of time
C. an ideal amount of time
D. an exclusive amount of time
Which one of the following entails immediately transmitting copies of on-line transactions to a remote computer facility for back?
A. Archival storage management (ASM)
B. Electronic vaulting
C. Hierarchical storage management (HSM)
D. Data compression
Explanation: “Electronic vaulting makes an immediate copy of a changed file or transaction and sends it to a remote location where the original backup is stored….Another technology used for automated backups is hierarrchial storage management (HSM). In this situation, the HSM system dynamically manages the storage and covery of files, which are copied to storage media devices that vary in speed and cost. The faster media hold the data that is accessed more often and the seldom-useed files are stored on the slower devices, or near-line devices. The different storage media rang from optical disk, magnetic disks, and tapes. Pg. 619 Shon Harris CISSP All-In-One Certification Exam Guide
When continuous availability (24 hours-a-day processing) is required, which one of the following provides a good alternative to tape backups?
A. Disk mirroring
B. Backup to jukebox
C. Optical disk backup
D. Daily archiving
Explanation: Hierarchical Storage Management (HSM). HSM provides continuous on-line backup by using optical or tape 'jukeboxes,' similar to WORMs. It appears as an infinite disk to the system, and can be configured to provide the closest version of an available real-time backup. This is commonly employed in very large data retrieval systems." Pg. 71 Krutz: The CISSP Prep Guide.
Zip/Jaz drives are frequently used for the individual backups of small data sets of:
A. specific application data
B. sacrificial application data
C. static application data
D. dynamic application data
With non-continuous backup systems, data that was entered after the last backup prior to a system crash will have to be: