Which of the following would assist the most in Host Based intrusion detection?
Correct Answer: A
Section: Access Control Explanation/Reference: To assist in Intrusion Detection you would review audit logs for access violations. The following answers are incorrect: access control lists. This is incorrect because access control lists determine who has access to what but do not detect intrusions. security clearances. This is incorrect because security clearances determine who has access to what but do not detect intrusions. host-based authentication. This is incorrect because host-based authentication determine who have been authenticated to the system but do not dectect intrusions.
Question 313
What is the primary role of cross certification?
Correct Answer: A
Explanation/Reference: More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or different companies), there must be a way for the two root CAs to trust each other. These two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa. Reference(s) used for this question: For more information and illustration on Cross certification: http://www.microsoft.com/technet/prodtechnol/ windowsserver2003/technologies/security/ws03qswp.mspx http://www.entrust.com/resources/pdf/ cross_certification.pdf also see: Shon Harris, CISSP All in one book, 4th Edition, Page 727 and RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile; FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 254.
Question 314
CORRECT TEXT ___________________ is responsible for creating security policies and for communicating those policies to system users.
Correct Answer:
Question 315
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?
Correct Answer: A
The correct answer is "clipping level". This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. That action may be to log the activity, lock a user account, temporarily close a port, etc. Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user's account after three failed login attemts, that is the "clipping level". The other answers are not correct because: Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security. Reference: Official ISC2 Guide - The term "clipping level" is not in the glossary or index of that book. I cannot find it in the text either. However, I'm quite certain that it would be considered part of the CBK, despite its exclusion from the Official Guide. All in One Third Edition page: 136 - 137
Question 316
Which port does the Post Office Protocol Version 3 (POP3) make use of?
Correct Answer: A
Section: Network and Telecommunications Explanation/Reference: The other answers are not correct because of the following protocol/port numbers matrix: Post Office Protocol (POP2) 109 Network News Transfer Protocol 119 NetBIOS 139