CISSP操作安全习题.doc

CISSP认证考试培训习题 CBK Domain 7 - 运作安全 Operations Security seeks to primarily protect against which of the following? object reuse facility disaster compromising emanations asset threats D Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incidents effects includes: Intrusion Evaluation (IE) and Response Intrusion Recognition (IR) and Response Intrusion Protection (IP) and Response Intrusion Detection (ID) and Response D What is the main issue with media reuse? Degaussing Data remanence Media destruction Purging B This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? Processing Controls Output Controls Input Controls Input/Output Controls C Which of the following questions is less likely to help in assessing controls over audit trails? Does the audit trail provide a trace of user actions? Are incidents monitored and tracked until resolved? Is access to online logs strictly controlled? Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail? B Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? Degaussing Parity Bit Manipulation Certification Buffer overflow A What is the most secure way to dispose of information on a CD-ROM? Sanitizing Physical damage Degaussing Physical destruction D Which of the following ensures that security is not breached when a system crash or other system failure occurs? trusted recovery hot swappable redundancy secure boot A Hardware availability reports allow the identification of the following problems except for: Inadequate training for operators Excessive operating systems maintenance User dissatis