Which of the following is required in order to provide accountability?
Correct Answer: D
Accountability can actually be seen in two different ways: 1) Although audit trails are also needed for accountability, no user can be accountable for their actions unless properly authenticated. 2) Accountability is another facet of access control. Individuals on a system are responsible for their actions. This accountability property enables system activities to be traced to the proper individuals. Accountability is supported by audit trails that record events on the system and network. Audit trails can be used for intrusion detection and for the reconstruction of past events. Monitoring individual activities, such as keystroke monitoring, should be accomplished in accordance with the company policy and appropriate laws. Banners at the log-on time should notify the user of any monitoring that is being conducted. The point is that unless you employ an appropriate auditing mechanism, you don't have accountability. Authorization only gives a user certain permissions on the network. Accountability is far more complex because it also includes intrusion detection, unauthorized actions by both unauthorized users and authorized users, and system faults. The audit trail provides the proof that unauthorized modifications by both authorized and unauthorized users took place. No proof, No accountability. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 50. The Shon Harris AIO book, 4th Edition, on Page 243 also states: Auditing Capabilities ensures users are accountable for their actions, verify that the secutiy policies are enforced, and can be used as investigation tools. Accountability is tracked by recording user, system, and application activities. This recording is done through auditing functions and mechanisms within an operating sytem or application. Audit trail contain information about operating System activities, application events, and user actions.
Question 973
What is the PRIMARY goal of incident handling?
Correct Answer: D
Explanation/Reference: This is the PRIMARY goal of an incident handling process. The other answers are incorrect because : Successfully retrieve all evidence that can be used to prosecute is more often used in identifying weaknesses than in prosecuting. Improve the company's ability to be prepared for threats and disasters is more appropriate for a disaster recovery plan. Improve the company's disaster recovery plan is also more appropriate for disaster recovery plan. Reference : Shon Harris AIO v3 , Chapter - 10 : Law, Investigation, and Ethics , Page : 727-728
Question 974
Access Control techniques do not include which of the following choices?
Correct Answer: A
Section: Access Control Explanation/Reference: Access Control Techniques Discretionary Access Control Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.
Question 975
Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network?
Correct Answer: D
Section: Network and Telecommunications Explanation/Reference: All the choices above represent examples of circumventing the organization's security policy, which is the primary reason why a user would be using a dial-up Internet connection when a secure connection is available through the organization's network. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1: Understanding Firewalls.
Question 976
Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process?
Correct Answer: A
The basic power in cryptography is randomness. This uncertainty is why encrypted data is unusable to someone without the key to decrypt. Initialization Vectors are a used with encryption keys to add an extra layer of randomness to encrypted data. If no IV is used the attacker can possibly break the keyspace because of patterns resulting in the encryption process. Implementation such as DES in Code Book Mode (CBC) would allow frequency analysis attack to take place. In cryptography, an initialization vector (IV) or starting variable (SV)is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by so-called modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon. It is define by TechTarget as: An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher. For example, a sequence might appear twice or more within the body of a message. If there are repeated sequences in encrypted data, an attacker could assume that the corresponding sequences in the message were also identical. The IV prevents the appearance of corresponding duplicate character sequences in the ciphertext. The following answers are incorrect: -Stream Cipher: This isn't correct. A stream cipher is a symmetric key cipher where plaintext digits are combined with pseudorandom key stream to product cipher text. -OTP - One Time Pad: This isn't correct but OTP is made up of random values used as key material. (Encryption key) It is considered by most to be unbreakable but must be changed with a new key after it is used which makes it impractical for common use. -Ciphertext: Sorry, incorrect answer. Ciphertext is basically text that has been encrypted with key material (Encryption key) The following reference(s) was used to create this question: For more details on this TOPIC and other questions of the Security+ CBK, subscribe to our Holistic Computer Based Tutorial (CBT) at http://www.cccure.tv and whatis.techtarget.com/definition/initialization-vector-IV and en.wikipedia.org/wiki/Initialization_vector