Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system?
Correct Answer: B
Section: Analysis and Monitoring Explanation/Reference: Some disadvantages of a statistical anomaly-based ID are that it will not detect an attack that does not significantly change the system operating characteristics, or it may falsely detect a non-attack event that had caused a momentary anomaly in the system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
Question 678
Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?
Correct Answer: D
Section: Risk, Response and Recovery Explanation/Reference: A Business Impact Analysis (BIA) is an assessment of an organization's business functions to develop an understanding of their criticality, recovery time objectives, and resources needed. By going through a Business Impact Analysis, the organization will gain a common understanding of functions that are critical to its survival. A risk assessment is an evaluation of the exposures present in an organization's external and internal environments. A Business Assessment generally include Business Analysis as a discipline and it has heavy overlap with requirements analysis sometimes also called requirements engineering, but focuses on identifying the changes to an organization that are required for it to achieve strategic goals. These changes include changes to strategies, structures, policies, processes, and information systems. A disaster recovery plan is the comprehensive statement of consistent actions to be taken before, during and after a disruptive event that causes a significant loss of information systems resources. Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley & Sons, 2001 (page 57).
Question 679
Which of the following categories of hackers poses the greatest threat?
Correct Answer: A
Explanation/Reference: According to the authors, hackers fall in these categories, in increasing threat order: security experts, students, underemployed adults, criminal hackers, corporate spies and disgruntled employees. Disgruntled employees are the most dangerous security problem of all because they are most likely to have a good knowledge of the organization's IT systems and security measures. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.
Question 680
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?
Correct Answer: B
Explanation/Reference: Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet. The use of a TACACS+ Server by itself cannot eliminate hacking. Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers. Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.
Question 681
Which of the following algorithms does NOT provide hashing?
Correct Answer: C
Explanation/Reference: As it is an algorithm used for encryption and does not provide hashing functions , it is also commonly implemented ' Stream Ciphers '. The other answers are incorrect because : SHA-1 was designed by NIST and NSA to be used with the Digital Signature Standard (DSS). SHA was designed to be used in digital signatures and was developed when a more secure hashing algorithm was required for U.S. government applications. MD2 is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is not necessarily any weaker than the other algorithms in the "MD" family, but it is much slower. MD5 was also created by Ron Rivest and is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which makes it harder to break. Reference : Shon Harris , AIO v3 , Chapter - 8 : Cryptography , Page : 644 - 645