19. In mandatory access control, the authorization of a subject to have access to an object is dependent upon: a. Labels b. Roles c. Tasks d. Identity 20. The type of access control that is used in local, dynamic situations where subjects have the ability to specify what resources certain users can access is called: a. Mandatory access control b. Rule-based access control c. Sensitivity-based access control d. Discretionary access control 21. Role-based access control is useful when: a. Access must be determined by the labels on the data. b. There are frequent personnel changes in an organization. c. Rules are needed to determine clearances. d. Security clearances must be used. 22. Clipping levels are used to: a. Limit the number of letters in a password. b. Set thresholds for voltage variations. c. Reduce the amount of data to be evaluated in audit logs. d. Limit errors in callback systems. 23. Identification is: a. A user being authenticated by the system b. A user providing a password to the system c. A user providing a shared secret to the system d. A user professing an identity to the system 24. Authentication is: a. The verification that the claimed identity is valid b. The presentation of a user’s ID to the system c. Not accomplished through the use of a password d. Only applied to remote users Access Control Systems 69 25. An example of two-factor authentication is: a. A password and an ID b. An ID and a PIN c. A PIN and an ATM card d. A fingerprint 26. In biometrics, a good measure of performance of a system is the: a. False detection b. Crossover Error Rate (CER) c. Positive acceptance rate d. Sensitivity 27. In finger scan technology, a. The full fingerprint is stored. b. Features extracted from the fingerprint are stored. c. More storage is required than in fingerprint technology. d. The technology is applicable to large, one-to-many database searches. 28. An acceptable biometric throughput rate is: a. One subject per two minutes b. Two subjects per minute c. Ten subjects per minute d. Five subjects per minute 29. In a relational database, the domain of a relation is the set of allowable values: a. That an attribute can take b. That tuples can take c. That a record can take d. Of the primary key 30. Object-Oriented Database (OODB) systems: a. Are ideally suited for text-only information b. Require minimal learning time for programmers c. Are useful in storing and manipulating complex data, such as images and graphics d. Consume minimal system resources 70 The CISSP Prep Guide: Gold Edition Bonus Questions You can find the answers to the following questions in Appendix H. 1. An important element of database design that ensures that the attrib- utes in a table depend only on the primary key is: a. Database management b. Data normalization c. Data integrity d. Data reuse 2. A database View operation implements the principle of: a. Least privilege b. Separation of duties c. Entity integrity d. Referential integrity 3. Which of the following is NOT a technical (logical) mechanism for protecting information from unauthorized disclosure? a. Smart cards b. Encryption c. Labeling (of sensitive materials) d. Protocols 4. A token that generates a unique password at fixed time intervals is called: a. An asynchronous dynamic password token b. A time-sensitive token c. A synchronous dynamic password token d. A challenge-response token 5. In a biometric system, the time it takes to register with the system by providing samples of a biometric characteristic is called: a. Setup time b. Login time c. Enrollment time d. Throughput time Access Control Systems 71 6. Which of the following is NOT an assumption of the basic Kerberos par- adigm? a. Client computers are not secured and are easily accessible. b. Cabling is not secure. c. Messages are not secure from interception. d. Specific servers and locations cannot be secured. 7. Which one of the following statements is TRUE concerning the Terminal Access Controller Access Control System (TACACS) and TACACS+? a. TACACS supports prompting for a password change. b. TACACS+ employs tokens for two-factor, dynamic password authentication. c. TACACS+ employs a user ID and static password. d. TACACS employs tokens for two-factor, dynamic password authentication. 8. Identity-based access control is a subset of which of the following access control categories? a. Discretionary access control b. Mandatory access control c. Non-discretionary access control d. Lattice-based access control 9. Procedures that ensure that the access control mechanisms correctly implement the security policy for the entire life cycle of an information system are known as: a. Accountability procedures b. Authentication procedures c. Assurance procedures d. Trustworthy procedures 10. Which of the following is NOT a valid database model? a. Hierarchical b. Relational c. Object-relational d. Relational-rational 72 The CISSP Prep Guide: Gold Edition Advanced Sample Questions You can find answers to the following questions in Appendix I. The following questions are supplemental to and coordinated with Chapter 2, “Access Control Systems and Methodology,” and are at a level commensu- rate with that of the CISSP examination. These questions cover advanced material relative to trusted networks, remote access, biometrics, database security (including relational and object models), operating system security, Kerberos, SSO, authentication (including mobile authentication), and Enterprise Access Management (EAM). We assume that the reader has a basic knowledge of the material contained in Chapter 2. These questions and answers build upon the questions and answers covered in that chapter. 1. The concept of limiting the routes that can be taken between a workstation and a computer resource on a network is called: a. Path limitation b. An enforced path c. A security perimeter d. A trusted path 2. An important control that should be in place for external connections to a network that uses call back schemes is: a. Breaking of a dial-up connection at the remote user’s side of the line b. Call forwarding c. Call enhancement d. Breaking of a dial-up connection at the organization’s computing resource side of the line 3. When logging on to a workstation, the log-on process should: a. Validate the log-on only after all input data has been supplied. b. Provide a Help mechanism that provides log-on assistance. c. Place no limits on the time allotted for log-on or on the number of unsuccessful log-on attempts. d. Not provide information on the previous successful log-on and on previous unsuccessful log-on attempts. Access Control Systems 73 4. A group of processes that share access to the same resources is called: a. An access control list b. An access control triple c. A protection domain d. A Trusted Computing Base (TCB) 5. What part of an access control matrix shows capabilities that one user has to multiple resources? a. Columns b. Rows c. Rows and columns d. Access control list 6. A type of preventive/physical access control is: a. Biometrics for authentication b. Motion detectors c. Biometrics for identification d. An intrusion detection system 7. In addition to accuracy, a biometric system has additional factors that determine its effectiveness. Which one of the following listed items is NOT one of these additional factors? a. Throughput rate b. Acceptability c. Corpus d. Enrollment time 8. Access control that is a function of factors such as location, time of day, and previous access history is called: a. Positive b. Content-dependent c. Context-dependent d. Information flow 9. A persistent collection of data items that form relations among each other is called a: a. Database management system (DBMS) b. Data description language (DDL) 74 The CISSP Prep Guide: Gold Edition c. Schema d. Database 10. A relational database can provide security through view relations. Views enforce what information security principle? a. Aggregation b. Least privilege c. Separation of duties d. Inference 11. A software interface to the operating system that implements access control by limiting the system commands that are available to a user is called a(n): a. Restricted shell b. Interrupt c. Physically constrained user interface d. View 12. Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Which of the following is NOT a goal of integrity? a. Prevention of the modification of information by unauthorized users b. Prevention of the unauthorized or unintentional modification of information by authorized users c. Prevention of authorized modifications by unauthorized users d. Preservation of the internal and external consistency of the information 13. In a Kerberos exchange involving a message with an authenticator, the authenticator contains the client ID and which of the following? a. Ticket Granting Ticket (TGT) b. Timestamp c. Client/TGS session key d. Client network address 14. Which one of the following security areas is directly addressed by Kerberos? a. Confidentiality b. Frequency analysis c. Availability d. Physical attacks Access Control Systems 75 15. The Secure European System for Applications in a Multivendor Envi- ronment (SESAME) implements a Kerberos-like distribution of secret keys. Which of the following is NOT a characteristic of SESAME? a. Uses a trusted authentication server at each host b. Uses secret key cryptography for the distribution of secret keys c. Incorporates two certificates or tickets, one for authentication and one defining access privileges d. Uses public key cryptography for the distribution of secret keys 16. Windows 2000 uses which of the following as the primary mechanism for authenticating users requesting access to a network? a. Hash functions b. Kerberos c. SESAME d. Public key certificates 17. A protection mechanism to limit inferencing of information in statistical database queries is: a. Specifying a maximum query set size b. Specifying a minimum query set size c. Specifying a minimum query set size, but prohibiting the querying of all but one of the records in the database d. Specifying a maximum query set size, but prohibiting the querying of all but one of the records in the database 18. In SQL, a relation that is actually existent in the database is called a(n): a. Base relation b. View c. Attribute d. Domain 19. A type of access control that supports the management of access rights for groups of subjects is: a. Role-based b. Discretionary c. Mandatory d. Rule-based 20. The Simple Security Property and the Star Property are key principles in which type of access control? a. Role-based b. Rule-based 76 The CISSP Prep Guide: Gold Edition c. Discretionary d. Mandatory 21. Which of the following items is NOT used to determine the types of access controls to be applied in an organization? a. Least privilege b. Separation of duties c. Relational categories d. Organizational policies 22. Kerberos provides an integrity check service for messages between two entities through the use of: a. A checksum b. Credentials c. Tickets d. A trusted, third-party authentication server 23. The Open Group has defined functional objectives in support of a user single sign-on (SSO) interface. Which of the following is NOT one of those objectives and would possibly represent a vulnerability? a. The interface shall be independent of the type of authentication information handled. b. Provision for user-initiated change of non-user configured authentication information. c. It shall not predefine the timing of secondary sign-on operations. d. Support shall be provided for a subject to establish a default user profile. 24. There are some correlations between relational database terminology and object-oriented database terminology. Which of the following relational model terms, respectively, correspond to the object model terms of class, attribute, and instance object? a. Domain, relation, and column b. Relation, domain, and column c. Relation, tuple, and column d. Relation, column, and tuple 25. A reference monitor is a system component that enforces access controls on an object. Specifically, the reference monitor concept is an abstract machine that mediates all access of subjects to objects. The hardware, Access Control Systems 77 firmware, and software elements of a trusted computing base that implement the reference monitor concept are called: a. The authorization database b. Identification and authentication (I & A) mechanisms c. The auditing subsystem d. The security kernel 26. Authentication in which a random value is presented to a user, who then returns a calculated number based on that random value is called: a. Man-in-the-middle b. Challenge-response c. One-time password d. Personal identification number (PIN) protocol 27. Which of the following is NOT a criterion for access control? a. Identity b. Role c. Keystroke monitoring d. Transactions 28. Which of the following is typically NOT a consideration in the design of passwords? a. Lifetime b. Composition c. Authentication period d. Electronic monitoring 29. A distributed system using passwords as the authentication means can use a number of techniques to make the password system stronger. Which of the following is NOT one of these techniques? a. Password generators b. Regular password reuse c. Password file protection d. Limiting the number or frequency of log-on attempts 78 The CISSP Prep Guide: Gold Edition [...]... (Sams Publishing, 20 01) 2 103 104 The CISSP Prep Guide: Gold Edition the trusted host that initiated the session The intruder tricks the target into believing it is connected to a trusted host and then hijacks the session by predicting the target’s choice of an initial TCP sequence number This session is then often used to launch various attacks on other hosts Other Fragmentation Attacks IP fragmentation... and the others are still pending We will now discuss the various implementation levels of an FRDS 89 90 The CISSP Prep Guide: Gold Edition Failure Resistant Disk System The basic function of an FRDS is to protect file servers from data loss and a loss of availability due to disk failure It provides the capability to reconstruct the contents of a failed disk onto a replacement disk and provides the. .. time As the amount of data that needs to be copied increases, the length of time to run the backup proportionally increases and the demand on the system grows as more tapes are required Sometimes the data volume on the hard drives expands very quickly, thus overwhelming the backup process Therefore, this process must be monitored regularly The time the last backup was run is never the time of the server... network with traffic, thereby launching a DoS attack It consists of three elements: the source site, the bounce site, and the target site The attacker (the source site) sends a spoofed ping packet to the broadcast address of a large network (the bounce site) This modified packet contains the address of the target site, which causes the bounce site to broadcast the misinformation to all of the devices on its... Availability is the opposite of “destruction.” The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of 83 84 The CISSP Prep Guide: Gold Edition systems, which poses a threat to the tenets of Confidentiality, Integrity, and Availability (C.I.A.) Management Concepts This section describes the function of the Telecommunications... which prevent, detect, and correct errors so that the integrity, availability, and confidentiality of transactions over networks may be maintained 81 82 The CISSP Prep Guide: Gold Edition This is one reason why we feel the CISSP certification favors those candidates with engineering backgrounds rather than, say, auditing backgrounds It is easier to learn the Legal, Risk Management, and Security Management... exploit their vulnerabilities, and trigger an alarm if an attempt is found These systems are more common than behavior-based ID systems The following are the advantages of a knowledge-based ID system: I I This system is characterized by low false alarm rates (or positives) I I Their alarms are standardized and are clearly understandable by security personnel 87 88 The CISSP Prep Guide: Gold Edition The. .. The CISSP Prep Guide: Gold Edition BACKUP METHOD EXAMPLE A full backup was made on Friday night This full backup is just what it says—it copied every file on the file server to the tape regardless of the last time any other backup was made This type of backup is common for creating full copies of the data for off-site archiving or in preparation for a major system upgrade On Monday night, another backup... This section is the most detailed and comprehensive domain of study for the CISSP test Although it is just one domain in the Common Book of Knowledge (CBK) of Information Systems Security, due to its size and complexity it is taught in two sections at the (ISC) 2 CISSP CBK Study Seminar From the published (ISC) 2 goals for the Certified Information Systems Security Professional candidate: The professional... in general the various types of attacks on and abuses of networked systems In current practice, these attacks are constantly evolving This is probably the most dynamic area of InfoSec today Large teams and huge amounts of money and resources are dedicated to reacting to the latest twists and turns of intrusions into networked systems, particularly on the 99 100 The CISSP Prep Guide: Gold Edition Internet . Abuses ■■ Trusted Network Interpretation (TNI) 82 The CISSP Prep Guide: Gold Edition In the Technology Concepts section, we will examine the following: ■■ Protocols ■■ The Layered Architecture Concept ■■ Open. Mandatory d. Rule-based 20 . The Simple Security Property and the Star Property are key principles in which type of access control? a. Role-based b. Rule-based 76 The CISSP Prep Guide: Gold Edition c. Discretionary d resources 70 The CISSP Prep Guide: Gold Edition Bonus Questions You can find the answers to the following questions in Appendix H. 1. An important element of database design that ensures that the attrib- utes