What is one disadvantage of content-dependent protection of information?
Correct Answer: A
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question 57
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:
Correct Answer: C
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual. The rest of the answers are incorrect because they not one of the three recognized forms for Authentication.
Question 58
Which of the following questions is less likely to help in assessing physical and environmental protection?
Correct Answer: C
Explanation/Reference: Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24).
Question 59
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?
Correct Answer: C
Section: Security Operation Adimnistration Explanation/Reference: A fault-tolerant system is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it. In a fail-safe system, program execution is terminated, and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a fail-soft system, when a hardware or software failure occurs and is detected, selected, non-critical processing is terminated. The term failover refers to switching to a duplicate "hot" backup component in real-time when a hardware or software failure occurs, enabling processing to continue. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 196).
Question 60
Which of the following exemplifies proper separation of duties?
Correct Answer: A
Section: Security Operation Adimnistration Explanation/Reference: This is an example of Separation of Duties because operators are prevented from modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators. AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself. The following answers are incorrect: Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties.. Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties. Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties. References: OIG CBK Access Control (page 98 - 101) AIOv3 Access Control (page 182)
