1、CISSP 认证考试(安全运营)-试卷 1 及答案解析(总分:60.00,做题时间:90 分钟)1.Which of the following is not a common component of configuration management change control steps?(分数:2.00)A.Tested and presentedB.Service-level agreement approvalC.Report change to managementD.Approval of the change2.A change management process shou
2、ld include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy?(分数:2.00)A.Changes that are unanimously approved by the change control committee must be tested to uncover any unforeseen results.B.Changes approved by the change
3、control committee should be entered into a change log.C.A schedule that outlines the projected phases of the change should be developed.D.An individual or group should be responsible for approving proposed changes.3.The requirement of erasure is the end of the media life cycle if it contains sensiti
4、ve information. Which of the following best describes purging?(分数:2.00)A.Changing the polarization of the atoms on the media.B.It is unacceptable when media are to be reused in the same physical environment for the same purposes.C.Data formerly on the media is made unrecoverable by overwriting it wi
5、th a pattern.D.Information is made unrecoverable, even with extraordinary effort.4.Device backup and other availability solutions are chosen to balance the value of having information available against the cost of keeping that information available. Which of the following best describes fault-tolera
6、nt technologies?(分数:2.00)A.They are among the most expensive solutions and are usually only for the most mission-critical information.B.They help service providers identify appropriate availability services for the specific customer.C.They are required to maintain integrity, regardless of the other
7、technologies in place.D.They allow a failed component to be replaced while the system continues to run.5.Which of the following refers to the amount of time it will be expected to take to get a device fixed and back into production?(分数:2.00)A.SLAB.MTTRC.Hot-swapD.MTBF6.Which of the following correct
8、ly describes Direct Access and Sequential Access storage devices?(分数:2.00)A.Any point on a Direct Access Storage Device may be promptly reached, whereas every point in between the current position and the desired position of a Sequential Access Storage Device must be traversed in order to reach the
9、desired position.B.RAIT is an example of a Direct Access Storage Device, while RAID is an example of a Sequential Access Storage Device.C.MAID is a Direct Access Storage Device, while RAID is an example of a Sequential Access Storage Device.D.As an example of Sequential Access Storage, tape drives a
10、re faster than Direct Access Storage Devices.7.There are classifications for operating system failures. Which of the following refers to what takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state, requir
11、ing an administrator to intervene?(分数:2.00)A.Emergency system restartB.Trusted recoveryC.System cold startD.System reboot8.Various levels of RAID dictate the type of activity that will take place within the RAID system. Which level is associated with byte-level parity?(分数:2.00)A.RAID Level 0B.RAID L
12、evel 3C.RAID Level 5D.RAID Level 109.Which of the following incorrectly describes IP spoofing and session hijacking?(分数:2.00)A.Address spoofing helps an attacker to hijack sessions between two users without being noticed.B.IP spoofing makes it harder to track down an attacker.C.Session hijacking can
13、 be prevented with mutual authentication.D.IP spoofing is used to hijack SSL and IPSec secure communications.10.RAID systems use a number of techniques to provide redundancy and performance. Which of the following activities divides and writes data over several drives?(分数:2.00)A.ParityB.MirroringC.S
14、tripingD.Hot-swapping11.What is the difference between hierarchical storage management and storage area network technologies?(分数:2.00)A.HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology.B.HSM and SAN are one and the same. The difference is in t
15、he implementation.C.HSM uses optical or tape jukeboxes, and SAN is a network of connected storage.D.SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems.12.John and his team are conducting a penetration test of a clients network. The team will conduct its testing arm
16、ed only with knowledge it acquired from the Web. The network staff is aware that the testing will take place, but the penetration testing team will only work with publicly available data and some information from the client. What is the degree of the teams knowledge and what type of test is the team
17、 carrying out?(分数:2.00)A.Full knowledge; blind testB.Partial knowledge; blind testC.Partial knowledge; double-blind testD.Zero knowledge; targeted test13.What type of exploited vulnerability allows more input than the program has allocated space to store it?(分数:2.00)A.Symbolic linksB.File descriptor
18、sC.Kernel flawsD.Buffer overflows14.There are often scenarios where the IT staff must react to emergencies and quickly apply fixes or change configurations. When dealing with such emergencies, which of the following is the best approach to making changes?(分数:2.00)A.Review the changes within 48 hours
19、 of making them.B.Review and document the emergency changes after the incident is over.C.Activity should not take place in this manner.D.Formally submit the change to a change control committee and follow the complete change control process.15.Organizations should keep system documentation on hand t
20、o ensure that the system is properly cared for, that changes are controlled, and that the organization knows whats on the system. What does not need to be in this type of documentation?(分数:2.00)A.FunctionalityB.ChangesC.Volume of transactionsD.Identity of system owner16.Fred is a new security office
21、r who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need?(分数:2.00)A.Management reviewB.Two-factor identification and authenticationC.Capturing
22、this data in audit logsD.Implementation of a strong security policy17.Which of the following is the best way to reduce brute-force attacks that allow intruders to uncover users passwords?(分数:2.00)A.Increase the clipping level.B.Lock out an account for a certain amount of time after the clipping leve
23、l is reached.C.After a threshold of failed login attempts is met, the administrator must physically lock out the account.D.Choose a weaker algorithm that encrypts the password file.18.Brandy could not figure out how Sam gained unauthorized access to her system, since he has little computer experienc
24、e. Which of the following is most likely the attack Sam used?(分数:2.00)A.Dictionary attackB.Shoulder surfing attackC.Covert channel attackD.Timing attack19.The relay agent on a mail server plays a role in spam prevention. Which of the following incorrectly describes mail relays?(分数:2.00)A.Antispam fe
25、atures on mail servers are actually antirelaying features.B.Relays should be configured “wide open“ to receive any e-mail message.C.Relay agents are used to send messages from one mail server to another.D.If a relay is configured “wide open,“ the mail server can be used to send spam.20.John is respo
26、nsible for providing a weekly report to his manager outlining the weeks security incidents and mitigation steps. What steps should he take if a report has no information?(分数:2.00)A.Send his manager an e-mail telling her so.B.Deliver last weeks report and make sure its clearly dated.C.Deliver a repor
27、t that states “No output.“D.Dont do anything.21.Brian, a security administrator, is responding to a virus infection. The antivirus application reports that a file has been infected with a dangerous virus and disinfecting it could damage the file. What course of action should Brian take?(分数:2.00)A.Re
28、place the file with the file saved from the day before.B.Disinfect the file and contact the vendor.C.Restore an uninfected version of the patched file from backup media.D.Back up the data and disinfect the file.22.Guidelines should be followed to allow secure remote administration. Which of the foll
29、owing is not one of those guidelines?(分数:2.00)A.A small number of administrators should be allowed to carry out remote functionality.B.Critical systems should be administered locally instead of remotely.C.Strong authentication should be in place.D.Telnet should be used to send commands and data.23.I
30、n a redundant array of inexpensive disks (RAID) systems, data and parity information are striped over several different disks. What is parity information used for? (分数:2.00)A.Information used to create new dataB.Information used to erase dataC.Information used to rebuild dataD.Information used to bu
31、ild data24.Mirroring of drives is when data is written to two drives at once for redundancy purposes. What similar type of technology is shown in the graphic that follows? (分数:2.00)A.Direct access storageB.Disk duplexingC.StripingD.Massive array of inactive disks25.There are several different types
32、of important architectures within backup technologies. Which architecture does the graphic that follows represent? (分数:2.00)A.ClusteringB.Grid computingC.Backup tier securityD.Hierarchical Storage Management26.Which of the following is not considered a countermeasure to port scanning and operating s
33、ystem fingerprinting?(分数:2.00)A.Allow access at the perimeter network to all internal portsB.Remove as many banners as possible within operating systems and applicationsC.Use TCP wrappers on vulnerable services that have to be availableD.Disable unnecessary ports and services27._provides for availab
34、ility and scalability. It groups physically different systems and combines them logically, which helps to provide immunity to faults and improves performance.(分数:2.00)A.Disc dupingB.ClusteringC.RAIDD.Virtualization28.Bob is a new security administrator at a financial institution. The organization ha
35、s experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns?i. C
36、ommands and data should not be sent in cleartext.ii. SSH should be used, not Telnet.iii. Truly critical systems should be administered locally instead of remotely.iv. Only a small number of administrators should be able to carry out remote functionality.v. Strong authentication should be in place fo
37、r any administration activities.(分数:2.00)A.i, iiB.None of themC.ii, ivD.All of themThe following scenario will be used for questions 29 and 30.John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic tr
38、aveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and agai
39、n finds nothing suspicious. He sees that the systems NICs are not in promiscuous mode, so he is assured that sniffers have not been planted.(分数:4.00)(1).Which of the following describes the most likely situation as described in this scenario?(分数:2.00)A.Servers are not infected, but the traffic illus
40、trates attack attempts.B.Servers have been infected with rootkits.C.Servers are vulnerable and need to be patched.D.Servers have been infected by spyware.(2).Which of the following best explains why John does not see anything suspicious on the reported systems?(分数:2.00)A.The systems have not yet bee
41、n infected.B.He is not running the correct tools. He needs to carry out a penetration test on the two systems.C.Trojaned files have been loaded and executed.D.A back door has been installed and the attacker enters the system sporadically.CISSP 认证考试(安全运营)-试卷 1 答案解析(总分:60.00,做题时间:90 分钟)1.Which of the
42、following is not a common component of configuration management change control steps?(分数:2.00)A.Tested and presentedB.Service-level agreement approval C.Report change to managementD.Approval of the change解析:解析:B 正确。应该建立一个结构良好的变更管理流程来帮助员工适应多种不同类型的环境变化。这个过程应该体现在变更控制策略中。尽管变更的类型各不相同,但一个标准的过程列表能有助于把这个流程置
43、于可控范围内,并确保变更以一个可以预见的方式进行。变更控制策略应该包括请求变更的发生、批准变更、变更文档化、测试和呈现、实施,以及把变更报告提交给管理层等流程。配置管理变更控制过程通常对服务等级协议的批准无效。 A 不正确。因为一个标准的变更控制策略应该包含测试和呈现。所有变更必须经过全面测试以发现任何不可以预见的结果。根据变更的严重程度和公司的组织结构,变更及其实施可能需要被提交给变更控制委员会。这有助于表现变更的不同目的和结果,以及可能的分支。 C不正确。因为把变更报告提交给管理层的流程应该包含在标准的变更控制策略中。在变更得以实施之后,应该向管理层提交一个总结这次变更的完整报告。这样的报
44、告可以定期提交,从而使得管理层实时了解并继续给予支持。 D 不正确。因为获取变更批准的流程应该包含在标准的变更控制策略中。请求变更的人必须陈述理由,并清楚地阐述变更的好处和可能产生的失误。有时请求者可能被要求进行更多的研究并提供更多的信息之后才被批准变更。2.A change management process should include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy?(
45、分数:2.00)A.Changes that are unanimously approved by the change control committee must be tested to uncover any unforeseen results. B.Changes approved by the change control committee should be entered into a change log.C.A schedule that outlines the projected phases of the change should be developed.D
46、.An individual or group should be responsible for approving proposed changes.解析:解析:A 正确。应该建立一个结构良好的变更管理流程来帮助员工度过多种类型的环境变化。这个流程应该体现在变更控制策略中。尽管变更的类型各不相同,但一个标准的流程列表有助于把这个流程置于可控范围内,从而确保它以一个可以预见的方式进行。变更控制委员会批准的所有变更都必须经过全面测试以发现不可以预见的结果。根据变更的严重程度和公司的组织结构,变更及其实施可能需要被提交给变更控制委员会。这有助于表现变更的不同目的和效果以及可能产生的后果。 B 不
47、正确。因为变更控制委员会批准的变更的确应该记入变更口志。这个口志应该随着进程的进行而更新,直到进程结束。追踪并记录所有得以批准并实施的变更是至关重要的。 C 不正确。因为一旦某个变更经过了全面地测试和批准,就应该制定一个描述实施变更的各个阶段和必要里程碑的日程安排。这些步骤应该完全被记录下来,进度也应该被监控。 D 不正确。因为请求应该被提交给负责批准变更并监督在这个环境中发生的变更活动的人或者小组。3.The requirement of erasure is the end of the media life cycle if it contains sensitive informati
48、on. Which of the following best describes purging?(分数:2.00)A.Changing the polarization of the atoms on the media.B.It is unacceptable when media are to be reused in the same physical environment for the same purposes.C.Data formerly on the media is made unrecoverable by overwriting it with a pattern
49、.D.Information is made unrecoverable, even with extraordinary effort. 解析:解析:D 正确。清理(purging)指的是在过程周期结束时从系统、存储设备或者带有存储容量的外围设备上移除敏感信息。这个行为的执行方式应该保护数据的敏感性,使得敏感数据不会被重建。删除介质上的文件并不会真正让数据消失,它只是删除了指针,而那些文件中的数据仍然保留在介质上。这就是专门从事恢复数据业务的公司能够在数据被故意或者意外销毁后仍然能够恢复被删除文件的原因所在。即使简单地使用新信息重写介质也不会降低恢复以前所写信息的可能性。这就是为什么需要清零和安全覆盖算法的原因。如果包含高度敏感信息介质的某个部分无法被清理或者清除,那么就必须采用物理销毁的方式。 A 不正确。因为它描述的是消磁(degaussing),消磁是清理的一种。执行消磁的设备会产生一种强制磁力,把存储介质的磁通密度降为 0。正是这种磁力把介质中的数据擦除了。数据以原子极化的形式存储在磁介质上,消磁用一种强大的磁力改变了这种极化,把它恢复为最初的通量(磁量分布)。 B 不正确。因为当介质需要重新安排到一个不同的区域时就需要清理它。当介质被擦除(删除它们的内容)时,称为被消毒。这意味着擦除信息,从而使得使用常规操作系统命令或者现有的商业取证或
