CHAPTER 6

Operations Security

This chapter is supplemental to and coordinated with the Operations Security chapter in the CISSP Prep Guide. The fundamentals of operations security are covered in Chapter 6 of the CISSP Prep Guide at a level on par with that of the CISSP Examination.

It is assumed that the reader has a basic knowledge of the material contained in Chapter 6 and has the CISSP Prep Guide available to provide background information for the advanced questions pertaining to the Operations Security chapter.

In the Operations Security questions areas we will discuss the Rainbow series, data remanence, the Common Criteria, configuration management, and various security terminology.

Advanced Sample Questions

  1. Which book of the Rainbow series addresses the Trusted Network Interpretation (TNI)?
    1. Red Book
    2. Orange Book
    3. Green Book
    4. Purple Book
  2. Which choice describes the Forest Green Book?
    1. It is a tool that assists vendors in data gathering for certifiers.
    2. It is a Rainbow series book that defines the secure handling of storage media.
    3. It is a Rainbow series book that defines guidelines for implementing access control lists.
    4. It does not exist; there is no “Forest Green Book.”
  3. Which term below BEST describes the concept of “least privilege”?
    1. Each user is granted the lowest clearance required for their tasks.
    2. A formal separation of command, program, and interface functions.
    3. A combination of classification and categories that represents the sensitivity of information.
    4. Active monitoring of facility entry access points.
  4. Which general TCSEC security class category describes that mandatory access policies be enforced in the TCB?
    1. A
    2. B
    3. C
    4. D
  5. Which statement below is the BEST definition of “need-to-know”?
    1. Need-to-know ensures that no single individual (acting alone) can compromise security controls.
    2. Need-to-know grants each user the lowest clearance required for their tasks.
    3. Need-to-know limits the time an operator performs a task.
    4. Need-to-know requires that the operator have the minimum knowledge of the system necessary to perform his task.
  6. Place the four systems security modes of operation in order, from the most secure to the least:
    1. _____ a. Dedicated Mode
    2. _____ b. Multilevel Mode
    3. _____ c. Compartmented Mode
    4. _____ d. System High Mode
  7. Which media control below is the BEST choice to prevent data remanence on magnetic tapes or floppy disks?
    1. Overwriting the media with new application data
    2. Degaussing the media
    3. Applying a concentration of hydriodic acid (55% to 58% solution) to the gamma ferric oxide disk surface
    4. Making sure the disk is re-circulated as quickly as possible to prevent object reuse
  8. Which choice below is the BEST description of an audit trail?
    1. Audit trails are used to detect penetration of a computer system and to reveal usage that identifies misuse.
    2. An audit trail is a device that permits simultaneous data processing of two or more security levels without risk of compromise.
    3. An audit trail mediates all access to objects within the network by subjects within the network.
    4. Audit trails are used to prevent access to sensitive systems by unauthorized personnel.
  9. Which TCSEC security class category below specifies “trusted recovery” controls?
    1. C2
    2. B1
    3. B2
    4. B3
  10. Which choice does NOT describe an element of configuration management?
    1. Configuration management involves information capture and version control.
    2. Configuration management reports the status of change processing.
    3. Configuration management is the decomposition process of a verification system into Configuration Items (CIs).
    4. Configuration management documents the functional and physical characteristics of each configuration item.
  11. Which choice below does NOT accurately describe a task of the Configuration Control Board?
    1. The CCB should meet periodically to discuss configuration status accounting reports.
    2. The CCB is responsible for documenting the status of configuration control activities.
    3. The CCB is responsible for assuring that changes made do not jeopardize the soundness of the verification system.
    4. The CCB assures that the changes made are approved, tested, documented, and implemented correctly.
  12. Which choice below is NOT a security goal of an audit mechanism?
    1. Deter perpetrators' attempts to bypass the system protection mechanisms
    2. Review employee production output records
    3. Review patterns of access to individual objects
    4. Discover when a user assumes a functionality with privileges greater than his own
  13. Which choice below is NOT a common element of user account administration?
    1. Periodically verifying the legitimacy of current accounts and access authorizations
    2. Authorizing the request for a user's system account
    3. Tracking users and their respective access authorizations
    4. Establishing, issuing, and closing user accounts
  14. Which element of Configuration Management listed below involves the use of Configuration Items (CIs)?
    1. Configuration Accounting
    2. Configuration Audit
    3. Configuration Control
    4. Configuration Identification
  15. Which standard defines the International Standard for the Common Criteria?
    1. IS15408
    2. BS7799
    3. DoD 5200.28-STD
    4. CSC-STD-002-85
  16. Which statement below is NOT correct about reviewing user accounts?
    1. User account reviews cannot be conducted by outside auditors.
    2. User account reviews can examine conformity with least privilege.
    3. User account reviews may be conducted on a system-wide basis.
    4. User account reviews may be conducted on an application-by-application basis.
  17. Which statement below MOST accurately describes configuration control?
    1. The decomposition process of a verification system into CIs
    2. Assuring that only the proposed and approved system changes are implemented
    3. Tracking the status of current changes as they move through the configuration control process
    4. Verifying that all configuration management policies are being followed
  18. Which term below MOST accurately describes the Trusted Computing Base (TCB)?
    1. A computer that controls all access to objects by subjects
    2. A piece of information that represents the security level of an object
    3. Formal proofs used to demonstrate the consistency between a system's specification and a security model
    4. The totality of protection mechanisms within a computer system
  19. Which choice below would NOT be considered a benefit of employing incident-handling capability?
    1. An individual acting alone would not be able to subvert a security process or control.
    2. It enhances internal communications and the readiness of the organization to respond to incidents.
    3. It assists an organization in preventing damage from future incidents.
    4. Security training personnel would have a better understanding of users' knowledge of security issues.
  20. Which statement below is accurate about Evaluation Assurance Levels (EALs) in the Common Criteria (CC)?
    1. A security level equal to the security level of the objects to which the subject has both read and write access
    2. A statement of intent to counter specified threats
    3. Requirements that specify the security behavior of an IT product or system
    4. Predefined packages of assurance components that make up the security confidence rating scale
  21. Which choice below is the BEST description of operational assurance?
    1. Operational assurance is the process of examining audit logs to reveal usage that identifies misuse.
    2. Operational assurance has the benefit of containing and repairing damage from incidents.
    3. Operational assurance is the process of reviewing an operational system to see that security controls are functioning correctly.
    4. Operational assurance is the process of performing pre-employment background screening.
  22. Which choice below MOST accurately describes a Covert Storage Channel?
    1. A process that manipulates observable system resources in a way that affects response time
    2. An information transfer path within a system
    3. A communication channel that allows a process to transfer information in a manner that violates the system's security policy
    4. An information transfer that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process
  23. Which choice below is the BEST description of a Protection Profile (PP), as defined by the Common Criteria (CC)?
    1. A statement of security claims for a particular IT security product
    2. A reusable definition of product security requirements
    3. An intermediate combination of security requirement components
    4. The IT product or system to be evaluated
  24. Which choice below is NOT one of the four major aspects of configuration management?
    1. Configuration status accounting
    2. Configuration product evaluation
    3. Configuration auditing
    4. Configuration identification
  25. Which choice below MOST accurately describes “partitioned security mode”?
    1. All personnel have the clearance and formal access approval.
    2. All personnel have the clearance but not necessarily formal access approval.
    3. The only state in which certain privileged instructions may be executed.
    4. A system containing information accessed by personnel with different security clearances.
  26. Which choice below is NOT an example of a media control?
    1. Sanitizing the media before disposition
    2. Printing to a printer in a secured room
    3. Physically protecting copies of backup media
    4. Conducting background checks on individuals
  27. Which statement below is the BEST example of “separation of duties”?
    1. An activity that checks on the system, its users, or the environment.
    2. Getting users to divulge their passwords.
    3. One person initiates a request for a payment and another authorizes that same payment.
    4. A data entry clerk may not have access to run database analysis reports.
  28. Which minimum TCSEC security class category specifies “trusted distribution” controls?
    1. C2
    2. B2
    3. B3
    4. A1
  29. Which statement is accurate about “trusted facility management”?
    1. The role of a security administrator shall be identified and auditable in C2 systems and above.
    2. The role of a security administrator shall be identified and auditable in B2 systems and above.
    3. The TCB shall support separate operator and administrator functions for C2 systems and above.
    4. The TCB shall support separate operator and administrator functions for B2 systems and above.
  30. Which statement below is accurate about the concept of Object Reuse?
    1. Object reuse protects against physical attacks on the storage medium.
    2. Object reuse ensures that users do not obtain residual information from system resources.
    3. Object reuse applies to removable media only.
    4. Object reuse controls the granting of access rights to objects.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset