CISSP认证考试培训习题CBK Domain 7 - 运作安全1.Operations Security seeks to primarily protect against which of thefollowing?A.object reuseB.facility disasterpromising emanationsD.asset threatsD2.Notifying the appropriate parties to take action in order to determine theextent of the severity of an incident and to remediate the incident's effects includes:A.Intrusion Evaluation (IE) and ResponseB.Intrusion Recognition (IR) and ResponseC.Intrusion Protection (IP) and ResponseD.Intrusion Detection (ID) and ResponseD3.What is the main issue with media reuse?A.DegaussingB.Data remanenceC.Media destructionD.PurgingB4.This type of control is used to ensure that transactions are properly enteredinto the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?A.Processing ControlsB.Output ControlsC.Input ControlsD.Input/Output ControlsC5.Which of the following questions is less likely to help in assessing controlsover audit trails?A.Does the audit trail provide a trace of user actions?B.Are incidents monitored and tracked until resolved?C.Is access to online logs strictly controlled?D.Is there separation of duties between security personnel who administer theaccess control function and those who administer the audit trail?B6.Which of the following is the most reliable, secure means of removing datafrom magnetic storage media such as a magnetic tape, or a cassette?A.DegaussingB.Parity Bit ManipulationC.CertificationD.Buffer overflowA7.What is the most secure way to dispose of information on a CD-ROM?A.SanitizingB.Physical damageC.DegaussingD.Physical destructionD8.Which of the following ensures that security is not breached when a systemcrash or other system failure occurs?A.trusted recoveryB.hot swappableC.redundancyD.secure bootA9.Hardware availability reports allow the identification of the followingproblems except for:A.Inadequate training for operatorsB.Excessive operating systems maintenanceer dissatisfactionD.Inadequate hardware facilitiesC10.Which of the following is not a valid reason to use external penetrationservice firms rather than corporate resources?A.They are more cost-effectiveB.They offer a lack of corporate biasC.They use highly talented ex-hackersD.They insure a more complete reportingC11.When it comes to magnetic media sanitization, what difference can be madebetween clearing and purging information?A.Clearing completely erases the media whereas purging only removes file headers,allowing the recovery of files.B.Clearing renders information unrecoverable by a keyboard attack and purgingrenders information unrecoverable against laboratory attack.C.They both involve rewriting the media.D.Clearing renders information unrecoverable against a laboratory attack andpurging renders information unrecoverable to a keyboard attack.B12.What security procedure forces an operator into collusion with an operatorof a different category to have access to unauthorized data?A.Enforcing regular password changes.B.Management monitoring of audit logs.C.Limiting the specific accesses of operations personnel.D.Job rotation of people through different assignments.C13.Who is responsible for setting user clearances to computer-basedinformation?A.Security administratorsB.OperatorsC.Data ownersD.Data custodiansA14.Which of the following is used to interrupt opportunity to create collusion tosubvert operation for fraudulent purposes?A.Separation of dutiesB.Rotation of dutiesC.Principle of need-to-knowD.Principle of least privilegeB15.Unrestricted access to production programs should be given to which of thefollowing?A.maintenance programmers onlyB.system owner, on requestC.no oneD.auditorsC16.Overwriting and/or degaussing is used to clear and purge all of the followingexcept which of the following?A.random access memoryB.read-only memoryC.magnetic core memoryD.magnetic hard disksB17.An electrical device (AC or DC) which can generate coercive magnetic forcefor the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:A. a magnetic field.B. a degausser.C.magnetic remanence.D.magnetic saturation.B18.Which of the following in not a critical security aspect of OperationsControls?A.Controls over hardwareB.Data media usedC.Operators using resourcesD.Environmental controlsD19.Which of the following should not be accessible by a computer operator?A.Operations documentationputer consoleC.Source code of applicationsrmation security guidelinesC20.Which one of the following functions provides the least effectiveorganizational reporting structure for the Information Systems Security function?A.IS quality assuranceB.IS resource managementC.IS operationsD.Corporate securityC21.What should a company do first when disposing of personal computers thatonce were used to store confidential data?A.Overwrite all data on the hard disk with zeroesB.Delete all data contained on the hard diskC.Demagnetize the hard diskD.Low level format the hard disk22.What is the most effective means of determining how controls arefunctioning within an operating system?A.Interview with computer operatorB.Review of software control features and/or parametersC.Review of operating system manualD.Interview with product vendorB23.Which TCSEC (Orange Book) level requires the system to clearly identifyfunctions of security administrator to perform security-related functions?A.C2B.B1C.B2D.B3D24.According to the Orange Book, which security level is the first to requiretrusted recovery?A.A1B.B2C.B3D.B1C25.Which of the following are functions that are compatible in a properlysegregated environment?A.Application programming and computer operation.B.Systems programming and job control analysis.C.Access authorization and database administration.D.System development and systems maintenance.D26.Which of the following rules is less likely to support the concept of leastprivilege?A.The number of administrative accounts should be kept to a minimum.B.Administrators should use regular accounts when performing routine operationslike reading mail.C.Permissions on tools that are likely to be used by hackers should be as restrictiveas possible.D.Only data to and from critical systems and applications should be allowedthrough the firewall.D27.Which level of "least privilege" enables operators the right to modify datadirectly in its original location, in addition to data copied from the original location?A.Access ChangeB.Read/WriteC.Access RewriteD.Access ModifyA28.Which of the following is not an Orange Book-defined life cycle assurancerequirement?A.Security testingB.Design specification and testingC.Trusted distributionD.System integrityD29.Which of the following questions is less likely to help in assessing controlsover production?A.Are there processes for ensuring that only authorized users pick up, receive, ordeliver input and output information and media?B.Are audit trails used for receipt of sensitive inputs/outputs?C.Is media sanitized for reuse?D.Are confidentiality or security agreements required for employees assigned towork with sensitive information?D30.Ensuring that printed reports reach proper users and that receipts aresigned before releasing sensitive documents are examples of:A.Deterrent controlsB.Output controlsrmation flow controlsD.Asset controlsB31.Intrusion Detection (ID) and Response is not a:A.preventive control.B.detective control.C.monitoring control.D.reactive control.A32.A periodic review of user account management should not determine:A.Conformity with the concept of least privilege.B.Whether active accounts are still being used.C.Strength of user-chosen passwords.D.Whether management authorizations are up-to-date.C33.The primary reason for enabling software audit trails is which of thefollowing?A.Improve system efficiency.B.Improve response time for users.C.Establish responsibility and accountability.D.Provide useful information to track down processing errors.C34.Which of the following is true related to network sniffing?A.Sniffers allow an attacker to monitor data passing across a network.B.Sniffers alter the source address of a computer to disguise and exploit weakauthentication methods.C.Sniffers take over network connections.D.Sniffers send IP fragments to a system that overlap with each other.A35.Which of the following questions is less likely to help in assessing controlsover hardware and software maintenance?A.Is access to all program libraries restricted and controlled?B.Are integrity verification programs used by applications to look for evidences ofdata tampering, errors, and omissions?C.Is there version control?D.Are system components tested, documented, and approved prior to promotion toproduction?B36.This type of vulnerability enables the intruder to re-route data traffic from anetwork device to a personal machine. This diversion enables the intruder to capture data traffic to and from the devices for analysis or modification, or to steal the password file from the server and gain access to user accounts:work Address Translationwork Address Hijackingwork Address Supernettingwork Address Sniffing37.Which of the following is NOT a technique used to perform a penetrationtest?A.sending noiseB.scanning and probingC.war dialingD.sniffingA38.In what way can violation clipping levels assist in violation tracking andanalysis?A.Clipping levels set a baseline for normal user errors, and violations exceeding thatthreshold will be recorded for analysis of why the violations occurred.B.Clipping levels enable a security administrator to customize the audit trail torecord only those violations which are deemed to be security relevant.C.Clipping levels enable the security administrator to customize the audit trail torecord only actions for users with access to usercodes with a privileged status. D.Clipping levels enable a security administrator to view all reductions in securitylevels which have been made to usercodes which have incurred violations.A39.Which of the following are functions that are compatible in a properlysegregated environment?A.Data entry and job schedulingB.Database administration and systems securityC.Systems analyst and application programmingD.Security administration and systems programmingC40.Which of the following is not concerned with configuration management?A.HardwareB.SoftwareC.DocumentationD.They all are concerned with configuration management.D41.What is the main objective of proper separation of duties?A.To prevent employees from disclosing sensitive information.B.To ensure access controls are in place.C.To ensure that no single individual can compromise a system.D.To ensure that audit trails are not tampered with.C42.Which trusted facility management concept implies that two operators mustreview and approve the work of each other?A.Two-man controlB.Dual controlC.Double controlD.Segregation controlA43.Which choice below is NOT a security goal of an audit mechanism?A.Deter perpetrators' attempts to bypass the system protection mechanismsB.Review employee production output recordsC.Review patterns of access to individual objectsD.Discover when a user assumes a functionality with privileges greater than hisownB44.Which choice below would NOT be considered a benefit of employingincident-handling capability?A.An individual acting alone would not be able to subvert a security process orcontrol.B.It enhances internal communications and the readiness of the organization torespond to incidents.C.It assists an organization in preventing damage from future incidents.D.Security training personnel would have a better understanding of users'knowledge of security issues.A45.Which choice below is the BEST description of operational assurance?A.Operational assurance is the process of examining audit logs to reveal usage thatidentifies misuse.B.Operational assurance has the benefit of containing and repairing damage fromincidents.C.Operational assurance is the process of reviewing an operational system to seethat security controls are functioning correctly.D.Operational assurance is the process of performing pre-employment backgroundscreening.C46.Which choice below MOST accurately describes a Covert Storage Channel?A. A process that manipulates observable system resources in a way that affectsresponse timeB.An information transfer path within a systemC. A communication channel that allows a process to transfer information in amanner that violates the system's security policyD.An information transfer that involves the direct or indirect writing of a storagelocation by one process and the direct or indirect reading of the storage location by another processD47.Which choice below is NOT an example of a media control?A.Sanitizing the media before dispositionB.Printing to a printer in a secured roomC.Physically protecting copies of backup mediaD.Conducting background checks on individualsD48.Which statement below is the BEST example of "separation of duties"?A.An activity that checks on the system, its users, or the environment.B.Getting users to divulge their passwords.C.One person initiates a request for a payment and another authorizes that samepayment.D. A data entry clerk may not have access to run database analysis reports.C49.Which minimum TCSEC security class category specifies "trusteddistribution" controls?A.C2B.B2C.B3D.A1D50.Which statement below is accurate about the concept of Object Reuse?A.Object reuse protects against physical attacks on the storage medium.B.Object reuse ensures that users do not obtain residual information from systemresources.C.Object reuse applies to removable media only.D.Object reuse controls the granting of access rights to objects.B。