You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus.Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?
Answer(s): A
The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so that a prevention technique is applied.Answer option C is incorrect. The Recovery phase of the Incident handling process is the stage at which the enterprise or the system is settled back to its balanced production state. It involves the quality assurance tests and re-evaluation of the system for the purpose of the system revival or recovery.Answer option D is incorrect. The Containment phase of the Incident handling process is responsible for supporting and building up the incident combating process. It ensures the stability of the system and also confirms that the incident does not get any worse. TheContainment phase includes the process of preventing further contamination of the system or network, and preserving the evidence of the contamination.Answer option B is incorrect. The Identification phase of the Incident handling process is the stage at which the Incident handler evaluates the critical level of an incident for an enterprise or system. It is an important stage where the distinction between an event and an incident is determined, measured and tested.
In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?
Answer(s): C
Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as "secret", he cannot grant permission to other users to see this object unless they have the appropriate permission. Answer option B is incorrect. Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore, he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources.This situation can also be handled using the RBAC model. Answer option A is incorrect. The Discretionary access control (DAC) model has an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have. Answer option D is incorrect. An access control list (ACL) model has a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
Which of the following protocols provides connectionless integrity and data origin authentication of IP packets?
Answer(s): B
Authentication Header (AH) is an IPsec protocol. AH provides connectionless integrity and data origin authentication of IP packets. It protects the IP packets against replay attacks by using the sliding window technique and discarding old packets. AH can also protect the IP payload and all header fields of an IP datagram except for mutable fields. Answer option A is incorrect. Encapsulating Security Payload (ESP) is an IPSec protocol that provides confidentiality with authentication, integrity, and anti-replay. ESP can be used alone in combination with Authentication Header (AH).ESP can also be used nested with the Layer Two Tunneling Protocol (L2TP). Normally, ESP does not sign the entire packet unless it is being tunneled. Typically, only the data payload is protected, not the IP header.Answer option C is incorrect. IKE (Internet Key Exchange) is the protocol used to set up a security association (SA) in the IPsec protocol suite.IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or alternatively pre-shared keys are used to mutually authenticate the communicating parties. Answer option D is incorrect. ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for establishing Security Associations (SA) and cryptographic keys in an Internet environment. It provides a framework for the negotiation and management of security associations between peers and traverses on UDP/500 port. ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation.
The network you administer allows owners of objects to manage the access to those objects via access control lists. This is an example of what type of access control?
Answer(s): D
Discretionary Access Control is the process whereby the owner of an object manages access to that object, by his or her own discretion. This is most often implemented with an access control list.
Post your Comments and Discuss ISC2 ISSAP exam with other Community members:
Terry commented on May 24, 2023 i can practice for exam Anonymous upvote
Rahul Kumar commented on August 31, 2023 need certification. CANADA upvote
Terry commented on May 24, 2023 I can practice for exam Anonymous upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the ISSAP content, but please register or login to continue.