CISSP认证考试培训习题
CBK Domain 7 - 运作安全
1. Operations Security eks to primarily protect against which of the following?
A. object reu
B. facility disaster
C. compromising emanations
D. ast threats
D
2. Notifying the appropriate parties to take action in order to determine the extent of the verity of an incident and to remediate the incident's effects includes:
A. Intrusion Evaluation (IE) and Respon
B. Intrusion Recognition (IR) and Respon
C. Intrusion Protection (IP) and Respon
D. Intrusion Detection (ID) and Respon
D
3. What is the main issue with media reu?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
B
4. This type of control is ud to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?
A. Processing Controls
B. Output Controls
C. Input Controls
D. Input/Output Controls
C
5. Which of the following questions is less likely to help in asssing controls over audit trails?
孙香
A. Does the audit trail provide a trace of ur actions?
B. Are incidents monitored and tracked until resolved?
C. 聊斋之义犬Is access to online logs strictly controlled?
D. Is there paration of duties between curity personnel who administer the access control function and tho who administer the audit trail?
B
6. Which of the following is the most reliable, cure means of removing data from magnetic storage media such as a magnetic tape, or a castte?
A. 250字日记Degaussing
B. Parity Bit Manipulation
C. Certification
D. Buffer overflow
A
10万内性价比高的车>成都都有哪些大学
7. What is the most cure way to dispo of information on a CD-ROM?
A. Sanitizing
B. Physical damage
C. Degaussing
D. Physical destruction
D
8. Which of the following ensures that curity is not breached when a system crash or other system failure occurs?
A. trusted recovery
B. hot swappable
C. redundancy
D. cure boot
A
9. Hardware availability reports allow the identification of the following problems except for:
A. Inadequate training for operators
B. Excessive operating systems maintenance
C. Ur dissatisfaction
D. Inadequate hardware facilities
C
10. Which of the following is not a valid reason to u external penetration rvice firms rather than corporate resources?
A. They are more cost-effective
B. They offer a lack of corporate bias
C. They u highly talented ex-hackers
D. They insure a more complete reporting
C
11. When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?融的成语
A. Clearing completely eras the media whereas purging only removes file headers, allowing the recovery of files.
B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
C. They both involve rewriting the media.
D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
B
12. What curity procedure forces an operator into collusion with an operator of a different category to have access to unauthorized data?
A. Enforcing regular password changes.
B. Management monitoring of audit logs.
C. Limiting the specific access of operations personnel.
D. Job rotation of people through different assignments.
C
13. Who is responsible for tting ur clearances to computer-bad information?
A. Security administrators
B. Operators
C. Data owners
D. Data custodians
A
14. Which of the following is ud to interrupt opportunity to create collusion to subvert operation for fraudulent purpos?
A. Separation of duties
B. Rotation of duties
C. Principle of need-to-know
D. Principle of least privilege
B
15. Unrestricted access to production programs should be given to which of the following?
福建省长汀县A. maintenance programmers only
B. system owner, on request
C. no one
D. 一加3tauditors
C
16. Overwriting and/or degaussing is ud to clear and purge all of the following except which of the following?
A. random access memory
B. read-only memory
C. magnetic core memory
D. magnetic hard disks
B
17. An electrical device (AC or DC) which can generate coercive magnetic force for the purpo of reducing magnetic flux density to zero on storage media or other magnetic media is called:
A. a magnetic field.
B. a degausr.
C. magnetic remanence.
D. magnetic saturation.
B
18. Which of the following in not a critical curity aspect of Operations Controls?
A. Controls over hardware
B. Data media ud
C. Operators using resources
D. Environmental controls
D
19. Which of the following should not be accessible by a computer operator?
