How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk?
Correct Answer: C
Explanation/Reference: Which means the company understands the level of risk it is faced. The following answers are incorrect because : Reject the risk is incorrect as it means ignoring the risk which is dangerous. Perform another risk analysis is also incorrect as the existing risk analysis has already shown the results. Reduce the risk is incorrect is applicable after implementing the countermeasures. Reference : Shon Harris AIO v3 , Chapter-3: Security Management Practices , Page : 39
Question 893
What does it mean to say that sensitivity labels are "incomparable"?
Correct Answer: D
If a category does not exist then you cannot compare it. Incomparable is when you have two disjointed sensitivity labels, that is a category in one of the labels is not in the other label. "Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable" COMPARABILITY: The label: TOP SECRET [VENUS ALPHA] is "higher" than either of the labels: SECRET [VENUS ALPHA] TOP SECRET [VENUS] But you can't really say that the label: TOP SECRET [VENUS] is higher than the label: SECRET [ALPHA] Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable. In a mandatory access control system, you won't be allowed access to a file whose label is incomparable to your clearance. The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is used to determine permitted operations and information flows. DOMINANCE The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments. Sample Sensitivity/Clearance ordering are: Top Secret > Secret > Confidential > Unclassified s3 > s2 > s1 > s0 Formally, for label one to dominate label 2 both of the following must be true: The sensitivity/clearance of label one must be greater than or equal to the sensitivity/clearance of label two. The intersection of the compartments of label one and label two must equal the compartments of label two. Additionally: Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality. One label is said to strictly dominate the other if it dominates the other but is not equal to the other. Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments. The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice. The following answers are incorrect: The number of classification in the two labels is different. Is incorrect because the categories are what is being compared, not the classifications. Neither label contains all the classifications of the other. Is incorrect because the categories are what is being compared, not the classifications. the number of categories in the two labels is different. Is incorrect because it is possibe a category exists more than once in one sensitivity label and does exist in the other so they would be comparable. Reference(s) used for this question: OReilly - Computer Systems and Access Control (Chapter 3) http://www.oreilly.com/catalog/csb/chapter/ch03.html and http://rubix.com/cms/mls_dom
Question 894
Which of the following best describes remote journaling?
Correct Answer: D
Section: Risk, Response and Recovery Explanation/Reference: Remote Journaling is a technology to facilitate sending copies of the journal of transaction entries from a production system to a secondary system in realtime. The remote nature of such a connection is predicated upon having local journaling already established. Local journaling on the production side allows each change that ensues for a journal-eligible object e.g., database physical file, SQL table, data area, data queue, byte stream file residing within the IFS) to be recorded and logged. It's these local images that flow to the remote system. Once there, the journal entries serve a variety of purposes, from feeding a high availability software replay program or data warehouse to offering an offline, realtime vault of the most recent database changes. Reference(s) used for this question: The Essential Guide to Remote Journaling by IBM and TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 286).
Question 895
Which of the following is NOT a compensating measure for access violations?
Correct Answer: D
Section: Access Control Explanation/Reference: Security awareness is a preventive measure, not a compensating measure for access violations. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 50).
Question 896
What algorithm was DES derived from?
Correct Answer: D
Explanation/Reference: NSA took the 128-bit algorithm Lucifer that IBM developed, reduced the key size to 64 bits and with that developed DES. The following answers are incorrect: Twofish. This is incorrect because Twofish is related to Blowfish as a possible replacement for DES. Skipjack. This is incorrect, Skipjack was developed after DES by the NSA . Brooks-Aldeman. This is incorrect because this is a distractor, no algorithm exists with this name.