In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server?
Correct Answer: C
RESCORLA, Eric, SSL and TLS: Designing and Building Secure Systems, 2000, Addison Wesley Professional; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question 777
Kerberos is vulnerable to replay in which of the following circumstances?
Correct Answer: C
Section: Access Control Explanation/Reference: Replay can be accomplished on Kerberos if the compromised tickets are used within an allotted time window. The security depends on careful implementation:enforcing limited lifetimes for authentication credentials minimizes the threat of of replayed credentials, the KDC must be physically secured, and it should be hardened, not permitting any non-kerberos activities. Reference: Official ISC2 Guide to the CISSP, 2007 Edition, page 184 also see: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42.
Question 778
To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:
Correct Answer: C
Section: Risk, Response and Recovery Explanation Explanation/Reference: The purpose of a tape backup method is to protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and ensuring availability. All other choices could suffer from corruption and it might not be possible to restore the data without proper backups being done. This is a tricky question, if the information is lost, corrupted, or deleted only a good backup could be use to restore the information. Any synchronization mechanism would update the mirror copy and the data could not be recovered. With backups there could be a large gap where your latest data may not be available. You would have to look at your Recovery Point Objective and see if this is acceptable for your company recovery objectives. The following are incorrect answers: Mirroring will preserve integrity and restore points in all cases of drive failure. However, if you have corrupted data on the primary set of drives you may get corrupted data on the secondary set as well. Remote Journaling provides Continuous or periodic synchronized recording of transaction data at a remote location as a backup strategy. (http://www.businessdictionary.com/definition/remote-journaling.html) With journaling there might be a gap of time between the data updates being send in batch at regular interval. So some of the data could be lost. Database shadowing is synonymous with Mirroring but it only applies to databases, but not to information and data as a whole. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 68.
Question 779
The change control process:
Correct Answer: C
While the change control process is not intended to be an obstacle or roadblock to making changes, it should provide stakeholders a formal mechanism for proposing and controlling change.
Question 780
In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:
Correct Answer: A
Section: Access Control Explanation/Reference: Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION ONE TO ONE is for AUTHENTICATION This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with the one stored in the Database. If the two are exactly the same that prove that you are who you pretend to be. ONE TO MANY is for IDENTIFICATION A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your face and then compare the template (your face) with a database full of templates and see if there is a match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person. Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to expected data. It does not perform well for identification purposes such as scanning for a person's face in a moving crowd for example. Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge. Auditing is a process of logging or tracking what was done after the identity and authentication process is completed. Authorization is the rights the subject is given and is performed after the identity is established. Reference OIG (2007) p148, 167 Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by a person. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.
