Access Control11Word格式.docx
《Access Control11Word格式.docx》由会员分享,可在线阅读,更多相关《Access Control11Word格式.docx(80页珍藏版)》请在冰豆网上搜索。
4/5|Relevancy:
3/3
ThereareparallelsbetweenthetrustmodelsinKerberosandinPKI.Whenwecomparethemsidebyside,Kerberosticketscorrespondmostcloselytowhichofthefollowing?
o
publickeys
privatekeys
o
public-keycertificates
private-keycertificates
C.AKerberosticketisissuedbyatrustedthirdparty;
itisanencrypteddatastructurethatincludestheserviceencryptionkey.Inthatsenseitissimilartoapublic-keycertificate.However,theticketisnotakey.Andthereisnosuchthingasaprivatekeycertificate.
Studyareas:
CISSPCBKdomain#1-AccessControl,CISSPCBKdomain#5-Cryptography
Coveredtopics
(2):
Kerberos,X.509Digitalcertificates
Thisquestion©
Copyright2003–2006cccure.org.
2.Question:
423|Difficulty:
1/5|Relevancy:
Whatiscalledapasswordthatisthesameforeachlog-onsession?
"
one-timepassword"
two-timepassword"
staticpassword
dynamicpassword
C.Apasswordthatisthesameforeachlog-oniscalledastaticpassword.
Source:
KRUTZ,RonaldL.&
VINES,RusselD.,TheCISSPPrepGuide:
MasteringtheTenDomainsofComputerSecurity,2001,JohnWiley&
Sons,Page36.
Contributor:
RakeshSud
Studyarea:
CISSPCBKdomain#1-AccessControl
Coveredtopic:
Passwords
Copyright2003–2006RakeshSud,cccure.org.
3.Question:
88|Difficulty:
Atimelyreviewofsystemaccessauditrecordswouldbeanexampleofwhichofthebasicsecurityfunctions?
avoidance.
deterrence.
prevention.
detection.
D.Thecorrectansweris:
Byreviewingsystemlogsyoucandetecteventsthathaveoccured.
Thefollowinganswersareincorrect:
avoidance.Thisisincorrect,avoidanceisadistractor.Byreviewingsystemlogsyouhavenotavoidedanything.
deterrence.Thisisincorrectbecausesystemlogsareahistoryofpastevents.Youcannotdetersomethingthathasalreadyoccurred.
prevention.Thisisincorrectbecausesystemlogsareahistoryofpastevents.Youcannotpreventsomethingthathasalreadyoccurred.
Lastmodified6/08/2007-J.Hajec
Comment:
Atimelyreviewoftheauditlogswouldprovideearlydetectionofpossibleandintentionalabusesbutdoesnothingtopreventoccurrenceofabuses,ifany.Anearlydetectionwouldleadtopreventionofmuchseriousabuseslateron.Auditingcanbeseenasadetectionexercisemorethanapreventiveexercise.
References:
OIGCBKGlossary(page791)
KamrenLee
Account,logandjournalmonitoring
4.Question:
1241|Difficulty:
2/5|Relevancy:
Identificationandauthenticationarethekeystonesofmostaccesscontrolsystems.Identificationestablishes:
useraccountabilityfortheactionsonthesystem.
topmanagementaccountabilityfortheactionsonthesystem.
EDPdepartmentaccountabilityfortheactionsofusersonthesystem.
authenticationforactionsonthesystem
A.Identificationandauthenticationarethekeystonesofmostaccesscontrolsystems.Identificationestablishesuseraccountabilityfortheactionsonthesystem.
Contributors:
RakeshSud,SasaVidanovic
Accesscontrolobjectives
5.Question:
438|Difficulty:
Whichofthefollowingbiometriccharacteristicscannotbeusedtouniquelyauthenticateanindividual'
sidentity?
Retinascans
Irisscans
Palmscans
Skinscans
D.Thefollowingaretypicalbiometriccharacteristicsthatareusedtouniquelyauthenticateanindividual'
sidentity:
-Fingerprints
-Retinascans
-Irisscans
-Facialscans
-Palmscans
-Handgeometry
-Voice
-Handwrittensignaturedynamics
Sons,Page39.
And:
HARRIS,Shon,All-In-OneCISSPCertificationExamGuide,McGraw-Hill/Osborne,2002,chapter4:
AccessControl(pages127-131).
RakeshSud,ChristianVezina,donmurdoch
Biometrics
6.Question:
408|Difficulty:
Whatiscalledtheaccessprotectionsystemthatlimitsconnectionsbycallingbackthenumberofapreviouslyauthorizedlo