- Email support@dumps4free.com
Topic 1: Access Control
Which type of control is concerned with avoiding occurrences of risks?
A.
Deterrent controls
B.
Detective controls
C.
Preventive controls
D.
Compensating controls
Preventive controls
Preventive controls are concerned with avoiding occurrences of risks while
deterrent controls are concerned with discouraging violations. Detecting controls identify
occurrences and compensating controls are alternative controls, used to compensate
weaknesses in other controls. Supervision is an example of compensating control.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Which of the following exemplifies proper separation of duties?
A.
Operators are not permitted modify the system time.
B.
Programmers are permitted to use the system console.
C.
Console operators are permitted to mount tapes and disks.
D.
Tape operators are permitted to use the system console.
Operators are not permitted modify the system time.
This is an example of Separation of Duties because operators are prevented
from modifying the system time which could lead to fraud. Tasks of this nature should be
performed by they system administrators.
AIO defines Separation of Duties as a security principle that splits up a critical task among
two or more individuals to ensure that one person cannot complete a risky task by himself.
The following answers are incorrect:
Programmers are permitted to use the system console. Is incorrect because programmers
should not be permitted to use the system console, this task should be performed by
operators. Allowing programmers access to the system console could allow fraud to occur
so this is not an example of Separation of Duties..
Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties.
Tape operators are permitted to use the system console. Is incorrect because operators
should be able to use the system console so this is not an example of Separation of Duties. References:
OIG CBK Access Control (page 98 - 101)
AIOv3 Access Control (page 182)
What mechanism automatically causes an alarm originating in a data center to be
transmitted over the local municipal fire or police alarm circuits for relaying to both the local
police/fire station and the appropriate headquarters?
A.
Central station alarm
B.
Proprietary alarm
C.
A remote station alarm
D.
An auxiliary station alarm
An auxiliary station alarm
Explanation: Auxiliary station alarms automatically cause an alarm originating in a data
center to be transmitted over the local municipal fire or police alarm circuits for relaying to
both the local police/fire station and the appropriate headquarters. They are usually
Municipal Fire Alarm Boxes are installed at your business or building, they are wired
directly into the fire station.
Central station alarms are operated by private security organizations. It is very similar to a
proprietary alarm system (see below). However, the biggest difference is the monitoring
and receiving of alarm is done off site at a central location manned by non staff members. It
is a third party.Proprietary alarms are similar to central stations alarms except that monitoring is performed
directly on the protected property. This type of alarm is usually use to protect large
industrials or commercial buildings. Each of the buildings in the same vincinity has their
own alarm system, they are all wired together at a central location within one of the building
acting as a common receiving point. This point is usually far away from the other building
so it is not under the same danger. It is usually man 24 hours a day by a trained team who
knows how to react under different conditions.A remote station alarm is a direct connection between the signal-initiating device at the
protected property and the signal-receiving device located at a remote station, such as the
fire station or usually a monitoring service. This is the most popular type of implementation
and the owner of the premise must pay a monthly monitoring fee. This is what most people
use in their home where they get a company like ADT to receive the alarms on their behalf.
A remote system differs from an auxiliary system in that it does not use the municipal fire of
police alarm circuits. Reference(s) used for this question:
ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211).
and
Great presentation J.T.A. Stone on SlideShare
What is one disadvantage of content-dependent protection of information?
A.
It increases processing overhead.
B.
It requires additional password entry.
C.
It exposes the system to data locking.
D.
It limits the user's individual address space.
It increases processing overhead.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Examples of types of physical access controls include all EXCEPT which of the following?
A.
badges
B.
locks
C.
guards
D.
passwords
passwords
Passwords are considered a Preventive/Technical (logical) control.
The following answers are incorrect:
badges Badges are a physical control used to identify an individual. A badge can include a
smart device which can be used for authentication and thus a Technical control, but the
actual badge itself is primarily a physical control locks Locks are a Preventative Physical control and has no Technical association.
guards Guards are a Preventative Physical control and has no Technical association.
The following reference(s) were/was used to create this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 35).
| Page 2 out of 210 Pages |
| Previous |