Which of the following is NOT a technical control?
Correct Answer: C
Section: Security Operation Adimnistration Explanation/Reference: It is considered to be a 'Physical Control' There are three broad categories of access control: administrative, technical, and physical. Each category has different access control mechanisms that can be carried out manually or automatically. All of these access control mechanisms should work in concert with each other to protect an infrastructure and its data. Each category of access control has several components that fall within it, a partial list is shown here. Not all controls fall into a single category, many of the controls will be in two or more categories. Below you have an example with backups where it is in all three categories: Administrative Controls Policy and procedures - A backup policy would be in place Personnel controls Supervisory structure Security-awareness training Testing Physical Controls Network segregation Perimeter security Computer controls Work area separation Data backups (actual storage of the media, i:e Offsite Storage Facility) Cabling Technical Controls System access Network architecture Network access Encryption and protocols Control zone Auditing Backup (Actual software doing the backups) The following answers are incorrect : Password and resource management is considered to be a logical or technical control. Identification and authentication methods is considered to be a logical or technical control. Intrusion Detection Systems is considered to be a logical or technical control. Reference : Shon Harris , AIO v3 , Chapter - 4 : Access Control , Page : 180 - 185
Question 353
What would BEST define a covert channel?
Correct Answer: C
communication channel that allows transfer of information in a manner that violates the system's security policy. A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the system's security policy. The channel to transfer this unauthorized data is the result of one of the following conditions: Oversight in the development of the product Improper implementation of access controls Existence of a shared resource between the two entities Installation of a Trojan horse The following answers are incorrect: An undocumented backdoor that has been left by a programmer in an operating system is incorrect because it is not a means by which unauthorized transfer of information takes place. Such backdoor is usually referred to as a Maintenance Hook. An open system port that should be closed is incorrect as it does not define a covert channel. A trojan horse is incorrect because it is a program that looks like a useful program but when you install it it would include a bonus such as a Worm, Backdoor, or some other malware without the installer knowing about it. Reference(s) used for this question: Shon Harris AIO v3 , Chapter-5 : Security Models & Architecture AIOv4 Security Architecture and Design (pages 343 - 344) AIOv5 Security Architecture and Design (pages 345 - 346)
Question 354
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:
Correct Answer: A
Content security measures presumes that the content is available in cleartext on the central mail server. Encrypted emails have to be decrypted before it can be filtered (e.g. to detect viruses), so you need the decryption key on the central "crypto mail server". There are several ways for such key management, e.g. by message or key recovery methods. However, that would certainly require further processing in order to achieve such goal.
Question 355
Which of the following is NOT a property of the Rijndael block cipher algorithm?
Correct Answer: C
Explanation/Reference: The above statement is NOT true and thus the correct answer. The maximum key size on Rijndael is 256 bits. There are some differences between Rijndael and the official FIPS-197 specification for AES. Rijndael specification per se is specified with block and key sizes that must be a multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size). However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually: Key Size (bits) Block Size (bits) AES-128 128 128 AES-192 192 128 AES-256 256 128 So in short: Rijndael and AES differ only in the range of supported values for the block length and cipher key length. For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits. AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only. References used for this question: http://blogs.msdn.com/b/shawnfa/archive/2006/10/09/the-differences-between-rijndael-and-aes.aspx and http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf
Question 356
Which of the following is NOT true concerning Application Control?
Correct Answer: D
Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach.