Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?
Correct Answer: A
SSO can be implemented by using scripts that replay the users multiple log- ins against authentication servers to verify a user's identity and to permit access to system services. Single Sign on was the best answer in this case because it would include Kerberos. When you have two good answers within the 4 choices presented you must select the BEST one. The high level choice is always the best. When one choice would include the other one that would be the best as well. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40.
Question 32
Why do buffer overflows happen? What is the main cause?
Correct Answer: B
Explanation/Reference: Buffer Overflow attack takes advantage of improper parameter checking within the application. This is the classic form of buffer overflow and occurs because the programmer accepts whatever input the user supplies without checking to make sure that the length of the input is less than the size of the buffer in the program. The buffer overflow problem is one of the oldest and most common problems in software development and programming, dating back to the introduction of interactive computing. It can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to write beyond the end of the buffer, the program's execution path can be changed, or data can be written into areas used by the operating system itself. This can lead to the insertion of malicious code that can be used to gain administrative privileges on the program or system. As explained by Gaurab, it can become very complex. At the time of input even if you are checking the length of the input, it has to be check against the buffer size. Consider a case where entry point of data is stored in Buffer1 of Application1 and then you copy it to Buffer2 within Application2 later on, if you are just checking the length of data against Buffer1, it will not ensure that it will not cause a buffer overflow in Buffer2 of Application2. A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the exam: It should be noted that the CISSP is not required to be an expert programmer or know the inner workings of developing application software code, like the FORTRAN programming language, or how to develop Web applet code using Java. It is not even necessary that the CISSP know detailed security-specific coding practices such as the major divisions of buffer overflow exploits or the reason for preferring str(n) cpy to strcpy in the C language (although all such knowledge is, of course, helpful). Because the CISSP may be the person responsible for ensuring that security is included in such developments, the CISSP should know the basic procedures and concepts involved during the design and development of software programming. That is, in order for the CISSP to monitor the software development process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security strengths and weaknesses of various application development processes. The following are incorrect answers: "Because buffers can only hold so much data" is incorrect. This is certainly true but is not the best answer because the finite size of the buffer is not the problem -- the problem is that the programmer did not check the size of the input before moving it into the buffer. "Because they are an easy weakness to exploit" is incorrect. This answer is sometimes true but is not the best answer because the root cause of the buffer overflow is that the programmer did not check the size of the user input. "Because of insufficient system memory" is incorrect. This is irrelevant to the occurrence of a buffer overflow. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13319-13323). Auerbach Publications. Kindle Edition.
Question 33
Crackers today are MOST often motivated by their desire to:
Correct Answer: D
A few years ago the best choice for this question would have been seeing how far their skills can take them. Today this has changed greatly, most crimes committed are financially motivated. Profit is the most widespread motive behind all cybercrimes and, indeed, most crimes-everyone wants to make money. Hacking for money or for free services includes a smorgasbord of crimes such as embezzlement, corporate espionage and being a "hacker for hire". Scams are easier to undertake but the likelihood of success is much lower. Money-seekers come from any lifestyle but those with persuasive skills make better con artists in the same way as those who are exceptionally tech-savvy make better "hacks for hire". "White hats" are the security specialists (as opposed to Black Hats) interested in helping the community in securing their networks. They will test systems and network with the owner authorization. A Black Hat is someone who uses his skills for offensive purpose. They do not seek authorization before they attempt to comprise the security mechanisms in place. "Grey Hats" are people who sometimes work as a White hat and other times they will work as a "Black Hat", they have not made up their mind yet as to which side they prefer to be. The following are incorrect answers: All the other choices could be possible reasons but the best one today is really for financial gains. References used for this question: http://library.thinkquest.org/04oct/00460/crimeMotives.html and http://www.informit.com/articles/article.aspx?p=1160835 and http://www.aic.gov.au/documents/1/B/A/%7B1BA0F612-613A-494D-B6C506938FE8BB53%7Dhtcb006.pdf
Question 34
Another example of Computer Incident Response Team (CIRT) activities is:
Correct Answer: D
Additional examples of CIRT activities are: Management of the network logs, including collection, retention, review, and analysis of data Management of the resolution of an incident, management of the remediation of a vulnerability, and post-event reporting to the appropriate parties. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 64.
Question 35
What security control provides a method to insure that a transaction did or did not occur?
Correct Answer: C
Nonrepudiation serves to validate whether or not a claimed event or action occurred in order to resolve disputes about the validity of the event. Nonrepudiation is vital in electronic commerce because it protects both the seller and the consumer from fraudulent behavior by the other party.
