2. 计算机
  3. Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency?

Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency?

admin2013-12-19  36
问题 Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency?
选项 A、User activities are monitored and tracked without negatively affecting system performance.
B、User activities are monitored and tracked without the user knowing about the mechanism that is carrying this out.
C、Users are allowed access in a manner that does not negatively affect business processes.
D、Unauthorized access attempts are denied and logged without the intruder knowing about the mechanism that is carrying this out.
答案A
解析 A正确。安全组件通常会以这样或那样的方式影响系统性能,尽管大多数情况下用户察觉不到。如果系统的性能显著变慢,那么很有可能是安全对策正在起作用。控制之所以应该透明是因为只有这样,用户和入侵者才不至于知道得太多而禁用或者绕过它们。控制也不应该妨碍公司履行它必须履行的职能。
B不正确。因为透明性指的是正在执行监督和跟踪的活动是在用户不知情的情况下进行的。虽然告诉用户他们的计算机是否正被监督是最佳做法,但却没有必要告诉他们是如何监督的。如果用户意识到监督他们活动的这个机制,他们有可能会试图禁用或者绕过它们。
C不正确。因为安全性和可用性之间必须保持一个平衡。这意味着在不影响业务流程的情况下,只要适合应该允许用户访问。他们应该有能力完成自己的工作。
D不正确。因为你不希望入侵者知道这个拒绝和记录未经授权的访问企图的机制正在工作。入侵者利用这个信息便可禁用或者绕过这个机制,从而成功地获取未经授权访问网络资源的权利。
转载请注明原文地址:https://kaotiyun.com/show/VAhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)