CISSP Practice by Vallabhaneni S. Rao
Author:Vallabhaneni, S. Rao [Vallabhaneni, S. Rao]
Language: eng
Format: epub
Publisher: John Wiley & Sons
Published: 2011-09-10T14:00:00+00:00
175. a. Passwords and user identification are the first line-of-defense against a breach to a network’s security. Several restrictions can be placed on passwords to improve their effectiveness. These restrictions may include minimum length and format and forced periodic password changes.
Software testing is the last line-of-defense to ensure data integrity and security. Therefore, the software must be tested thoroughly by end users, information systems staff, and computer operations staff.
Switched ports (not Cisco switches) are among the most vulnerable security points on a network. These allow dial in and dial out access. They are security risks because they allow users with telephone terminals to access systems. Although callback or dial-back is a potential control as a first line-of-defense, it is not necessarily the most effective because of the call forwarding capability of telephone circuits.
For online applications, the logging of all transactions processed or reflected by input programs provides a complete audit trail of actual and attempted entries, thus providing a last line-of-defense. The log can be stored on tape or disk files for subsequent analysis. The logging control should include the date, time, user ID and password used, the location, and number of unsuccessful attempts made.
The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.
176. Which of the following enables adequate user authentication of mobile hand-held devices?
a. First line-of-defense
b. Second line-of-defense
c. Third line-of-defense
d. Last line-of-defense
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6691)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6412)
Machine Learning Security Principles by John Paul Mueller(6380)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(6051)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(6006)
Solidity Programming Essentials by Ritesh Modi(4096)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3737)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3466)
Mastering Python for Networking and Security by José Manuel Ortega(3366)
Future Crimes by Marc Goodman(3356)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3341)
Blockchain Basics by Daniel Drescher(3312)
Learn Computer Forensics - Second Edition by William Oettinger(3224)
Incident Response with Threat Intelligence by Roberto Martínez(2954)
Mobile App Reverse Engineering by Abhinav Mishra(2893)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2881)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2861)
The Code Book by Simon Singh(2840)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2792)
