Chapter 12 Practice Test 4 (Sybex) Flashcards

Question

What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data? A. Hot site B. Warm site C. Cold site D. Mobile site

Answer 1

B. Warm site Explanation: B. Warm sites contain the hardware necessary to restore operations but do not have a current copy of data.

Answer 2

C. Spike Explanation: A power spike is a momentary period of high voltage. A surge is a prolonged period of high voltage. Sags and brownouts are periods of low voltage.

Answer 3

D. PHI Explanation: D. Medical insurance claims will contain private health information, or PHI. Greg should label the drives as containing PHI and then ensure that they are handled according to his organization's handling standards for that type of data.

Answer 4

A. Link state Explanation: OSPF is a link state protocol. Link state protocols maintain a topographical map of all connected networks and preferentially select the shortest path to remote networks for traffic. A distance vector protocol would map the direction and distance in hops to a remote network, whereas shortest path first and link mapping are not types of routing protocols.

Answer 5

B. Bollards Explanation: Bollards are physical security solutions that are short and strong posts or similar solutions intended to stop vehicles from crashing through or passing an area. Bollards can be used to allow pedestrians and mobility devices to pass while stopping vehicles. Fences and walls will prevent individuals from passing through them, while stairs are challenging for most mobility devices.

Answer 6

A. Sunday's full backup Explanation: Tara first must achieve a system baseline. She does this by applying the most recent full backup to the new system. This is Sunday's full backup. Once Tara establishes this baseline, she may then proceed to apply differential backups to bring the system back to a more recent state.

Answer 7

B. 2 Explanation: To restore the system to as current a state as possible, Tara must first apply Sunday's full backup. She may then apply the most recent differential backup, from Wednesday at noon. Differential backups include all files that have changed since the most recent full backup, so the contents of Wednesday's backup contain all of the data that would be contained in Monday and Tuesday's backups, making the Monday and Tuesday backups irrelevant for this scenario.

Answer 8

A. 3 hours. Explanation: In this scenario, the differential backup was made at noon, and the server failed at 3 p.m. Therefore, any data modified or created between noon and 3 p.m. on Wednesday will not be contained on any backup and will be irretrievably lost.

Answer 9

D. 4 Explanation: By switching from differential to incremental backups, Tara's weekday backups will only contain the information changed since the previous day. Therefore, she must apply all of the available incremental backups. She would begin by restoring the Sunday full backup and then apply the Monday, Tuesday, and Wednesday incremental backups.

Answer 10

D. All three will be the same size. Explanation: Each incremental backup contains only the information changed since the most recent full or incremental backup. If we assume that the same amount of information changes every day, each of the incremental backups would be roughly the same size.

Answer 11

C. A man-in-the-middle attack Explanation: A man-in-the-middle (increasingly often referred to as a person-in-the-middle, or on-path) attack allows an attacker to redirect traffic and thus read or modify it. This can be completely transparent to the end user, making it a dangerous attack if the malicious actor is successful. DNS hijacking would change a system's domain name information, and there is no direct indication of that here. Similarly, ARP spoofing is one way to conduct a man-in-the-middle attack, but that detail is not here either. SQL injection is normally done via web applications to execute commands against a database server.

Answer 12

B. Record retention Explanation: Record retention ensures that data is kept and maintained as long as it is needed and that it is purged when it is no longer necessary. Data remanence occurs when data is left behind after an attempt is made to remove it, whereas data redaction is not a technical term used to describe this effort. Finally, audit logging may be part of the records retained but doesn't describe the lifecycle of data.

Answer 13

D. Authentication Header Explanation: The Authentication Header provides authentication, integrity, and nonrepudiation for IPsec connections. The Encapsulating Security Payload provides encryption and thus provides confidentiality. It can also provide limited authentication. L2TP is an independent VPN protocol, and Encryption Security Header is a made-up term.

Answer 14

B. Reconnaissance Explanation: The attack described in the scenario is a classic example of TCP scanning, a network reconnaissance technique that may precede other attacks. There is no evidence that the attack disrupted system availability, which would characterize a denial-of-service attack; that it was waged by a malicious insider; or that the attack resulted in the compromise of a system.

Answer 15

C. A system log Explanation: C. Windows system logs include reboots, shutdowns, and service state changes. Application logs record events generated by programs, security logs track events like logins and uses of rights, and setup logs track application setup.

Answer 16

B. To allow any flaws with the patch to be identified Explanation: Many organizations delay patches for a period of time to ensure that any previously unidentified flaws are found before the patches are installed throughout their organization. Melissa needs to balance business impact against security in her role and may choose to support this or to push for more aggressive installation practices depending on the organization's risk tolerance and security needs.

Answer 17

A. RAID 0 Explanation: RAID level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.

Answer 18

A. TOCTOU Explanation: This is an example of a time of check/time of use, or TOC/TOU, attack. It exploits the difference between the times when a system checks for permission to perform an action and when the action is actually performed. Permissions creep would occur if the account had gained additional rights over time as the other's role or job changed. Impersonation occurs when an attacker pretends to be a valid user, and link swap is not a type of attack.

Answer 19

B. 2 Explanation: RAID 0, or disk striping, requires at least two disks to implement. It improves performance of the storage system but does not provide fault tolerance.

Answer 20

B. Digitally sign but don't encrypt all messages. Explanation: Fred's company needs to protect integrity, which can be accomplished by digitally signing messages. Any change will cause the signature to be invalid. Encrypting isn't necessary because the company does not want to protect confidentiality. TLS can provide in-transit protection but won't protect integrity of the messages, and of course a hash used without a way to verify that the hash wasn't changed won't ensure integrity either.

Answer 21

A. ABAC Explanation: An attribute-based access control (ABAC) system will allow Susan to specify details about subjects, objects, and access, allowing granular control. Although a rule-based access control system (RBAC) might allow this, the attribute-based access control system can be more specific and thus is more flexible. Discretionary access control (DAC) would allow object owners to make decisions, and mandatory access controls (MACs) would use classifications; neither of these capabilities was described in the requirements.

Answer 22

B. Remove the drives and shred them. Explanation: The most effective control is to remove the drives and shred them, removing any chance for the servers to leave with data remaining on them. A trustworthy company that can provide a certificate of disposal with appropriate contractual controls may be a reasonable and cost-efficient alternative, but the company may also then want to zero wipe drives before the systems leave to reduce the risk if a system makes it out of the recycler's control. The worst answer here is reformatting, which will not remove data.

Answer 23

B. 100 meters Explanation: B. The maximum allowed length of a Cat 6 cable is 100 meters, or 328 feet. Long distances are typically handled by a fiber run or by using network devices like switches or repeaters—not only because of the distance, but also because outdoor runs can experience lightning strikes, which won't affect fiber. Knowing that copper twisted pair has distance limitations can be important in many network designs and influences where switches and other devices are placed.

Answer 24

B. Write blocker Explanation: One of the main functions of a forensic drive controller is preventing any command sent to a device from modifying data stored on the device. For this reason, forensic drive controllers are also often referred to as write blockers.

Answer 25

A. Set the Secure attribute for the cookies, thus forcing TLS. Explanation: Setting the Secure cookie will only allow cookies to be sent via HTTPS TLS or SSL sessions, preventing man-in-the-middle attacks that target cookies. The rest of the settings are problematic. For example, cookies are vulnerable to DNS spoofing. Domain cookies should usually have the narrowest possible scope, which is actually accomplished by not setting the Domain cookie. This allows only the originating server to access the cookie. Cookies without the Expires or Max-age attributes are ephemeral and will only be kept for the session, making them less vulnerable than stored cookies. Normally, the HTTPOnly attribute is a good idea, but it prevents scripting rather than requiring unencrypted HTTP sessions.

Answer 26

D. Data remanence Explanation: Data remanence describes data that is still on media after an attempt has been made to remove it. Failed clearing and data pooling are not technical terms, and data permanence describes how long data lasts.

Answer 27

B. MAC Explanation: Mandatory access control (MAC) applies labels to subjects and objects and allows subjects to access objects when their labels match. Discretionary access control (DAC) is controlled by the owner of objects, rule-based access control applies rules throughout a system, and role-based access control bases rights on roles, which are often handled as groups of users.

Answer 28

B. IDaaS Explanation: Identity as a service (IDaaS) provides capabilities such as account provisioning, management, authentication, authorization, reporting, and monitoring. Platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS).

Answer 29

C. Blackboxing Explanation: Eavesdropping, denial-of-service attacks, and caller ID spoofing are all common VoIP attacks. Blackboxing is a made-up answer, although various types of colored boxes were associated with phone phreaking.

Answer 30

D. Least privilege Explanation: This broad access may indirectly violate all of the listed security principles, but it is most directly a violation of least privilege because it grants users privileges that they do not need for their job functions.

Answer 31

C. SFTP Explanation: C. The Secure File Transfer Protocol (SFTP) is specifically designed for encrypted file transfer. SSH is used for secure command-line access, whereas TCP is one of the bundles of internet protocols commonly used to transmit data across a network. IPsec could be used to create a tunnel to transfer the data but is not specifically designed for file transfer.

Answer 32

B. TCP; none—TACACS+ encrypts the full session. Explanation: TACACS+ uses TCP and encrypts the entire session, unlike RADIUS, which only encrypts the password and operates via UDP.

Answer 33

C. Its TGT Explanation: The client sends its existing valid TGT to the KDC and requests access to the resource.

Answer 34

A. The KDC verifies the validity of the TGT and whether the user has the right privileges for the requested resource. Explanation: The KDC must verify that the TGT is valid and whether the user has the right privileges to access the service it is requesting access to. If it does, it generates a service ticket and sends it to the client (step B).

Answer 35

C. The client workstation supplies it in the form of a client-to-server ticket and an authenticator. Explanation: When a client connects to a service server (SS), it sends the following two messages: The client-to-server ticket, encrypted using the service's secret key A new authenticator, including the client ID and timestamp that is encrypted using the client/server session key. The server or service that is being accessed receives all of the data it needs in the service ticket. To do so, the client uses a client-to-server ticket received from the ticket granting service.

Answer 36

B. It provides proof that the subject is authorized to access an object. Explanation: The service ticket in Kerberos authentication provides proof that a subject is authorized to access an object. Ticket granting services are provided by the TGS. Proof that a subject has authenticated and can request tickets to other objects uses ticket-granting tickets, and authentication host is a made-up term.

Answer 37

C. Identify business priorities. Explanation: The first step in a business impact analysis is to identify the business's priorities. Judy should ensure that business areas are all represented and that the functions of each department or area are assessed. Once that is done, she can move on to identifying risks, evaluating likelihood and impact, and then prioritizing the resources available to the business to address the identified priorities.

Answer 38

A. They can provide attackers with a nonsecured network path into your network. Explanation: A. Organizations are most often concerned about hotspots creating an unsecured network connection into their secure network via laptops or other devices that are connected to them. Bridging a cellular connection to a network connection to the business's network creates a path that bypasses security controls. Hotspots could be used as rogue access points, but this is a less common scenario. They do not specifically allow wireless data to be intercepted and, in most modern implementations, are encrypted, thus limiting the likelihood of sniffing providing useful data.

Answer 39

A. Wet pipe Explanation: Dry pipe, deluge, and preaction systems all use pipes that remain empty until the system detects signs of a fire. Wet pipe systems use pipes filled with water that may damage equipment if there is damage to a pipe.

Answer 40

A. Protected health information Explanation: Protected health information (PHI) is defined by HIPAA to include health information used by healthcare providers, such as medical treatment, history, and billing. Personally identifiable information is information that can be used to identify an individual, which may be included in the PHI but isn't specifically this type of data. Protected health insurance and individual protected data are both made-up terms.

Answer 41

B. Manual Explanation: Manual testing uses human understanding of business logic to assess program flow and responses. Mutation or generational fuzzing will help determine how the program responds to expected inputs but does not test the business logic. Interface testing ensures that data exchange between modules works properly but does not focus on the logic of the program or application.

Answer 42

A. Type 1 Explanation: A Type 1 authentication factor is something you know. A Type 2 authentication factor is something you have, like a smartcard or hardware token. A Type 3 authentication factor is something you are, like a biometric identifier. There is no such thing as a Type 4 authentication factor.

Answer 43

B. She has to make sure that appropriate security controls are in place to protect the data. Explanation: B. System owners develop and maintain system security plans with system administrators, and they have to ensure that appropriate security controls are in place on those systems. System owners also share responsibility for data protection with data owners. System administrators grant appropriate access and apply the controls, whereas data owners own the classification process.

Answer 44

A. Misuse case testing Explanation: A. Jack is performing misuse case analysis, a process that tests code based on how it would perform if it was misused instead of used properly. Use case testing tests valid use cases, whereas static code analysis involves reviewing the code itself for flaws rather than testing the live software. Hacker use case testing isn't an industry term for a type of testing.

Answer 45

A. Stored procedures B. Escaping all user-supplied input C. Parameterized queries D. Input validation Explanation: All of these options are useful to help prevent SQL injection. Stored procedures limit what can be done via the database server, and escaping user input makes dangerous characters less likely to be a problem. Parameterized queries limit what can be sent in a query, and input validation adds another layer of protection by limiting what can be successfully input by a user.

Answer 46

C. 65,536 TCP and 65,536 UDP ports Explanation: Both TCP and UDP port numbers are a 16-digit binary number, which means there can be 216 ports, or 65,536 ports, numbered from 0 to 65,535.

Answer 47

A. Vulnerabilities Explanation: MITRE's Common Vulnerabilities and Exploits (CVE) dictionary and NIST's National Vulnerability Database (NVD) both provide information about vulnerabilities.

Answer 48

D. A record retention policy Explanation: Record retention policies are used to establish what data organizations retain and how long they will retain it for. Keeping data longer than necessary can increase risk to the organization, but having data when needed for investigations, legal compliance, or other business purposes is also important. EOL, or end of life, and EOS, or end of support, apply to hardware or software and not to data. Data classification policies are used to help classify data, which may influence how long it is retained, but classification policies themselves typically do not set retention timeframes.

Answer 49

D. Automated recovery without undue data loss Explanation: In an automated recovery, the system can recover itself against one or more failure types. In an automated recovery without undue loss, the system can recover itself against one or more failure types and also preserve data against loss. In function recovery, the system can restore functional processes automatically. In a manual recovery approach, the system does not fail into a secure state but requires an administrator to manually restore operations.

Answer 50

A. Antenna placement, antenna type, antenna power levels Explanation: Antenna placement, antenna design, and power level control are the three important factors in determining where a signal can be accessed and how usable it is. A captive portal can be used to control user logins, and antenna design is part of antenna types. The FCC does provide maximum broadcast power guidelines but does not require a minimum power level.

Answer 51

C. Physically destroy the drive. Explanation: Physically destroying the drive is the best way to ensure that there is no remnant data on the drive. SSDs are flash media, which means that you can't degauss them, whereas both random pattern writes and the built-in erase commands have been shown to be problematic due to the wear leveling built into SSDs as well as differences in how they handle erase commands.

Answer 52

A. Confidentiality Explanation: Confidentiality ensures that data cannot be read by unauthorized individuals while stored or in transit.

Answer 53

B. 1 Recon – 2 Weaponize – 3 Deliver – 4 Exploit – 5 Control – 6 Execute – 7 Maintain Explanation: The proper order is as follows: 1 Recon– 2 Weaponize– 3 Deliver– 4 Exploit– 5 Control– 6 Execute– 7 Maintain.

Answer 54

C. PCI-DSS Explanation: PCI-DSS, or the Payment Card Industry Data Security Standard is the industry standard Gary’s company will need to comply with. ISO27001 and 27002 are information security management standards. FIPS 140 is a standard for cryptographic modules.

Answer 55

B. Preventing an unpatched laptop from being exploited immediately after connecting to the network Explanation: B. A post-admission philosophy allows or denies access based on user activity after connection. Since this doesn't check the status of a machine before it connects, it can't prevent the exploit of the system immediately after connection. This doesn't preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won't handle system checks before the systems are admitted to the network.

Answer 56

B. Implicit deny Explanation: The principle of implicit denial states that any action that is not explicitly allowed is denied. This is an important concept for firewall rules and other access control systems. Implementing least privilege ensures that subjects have only the rights they need to accomplish their job. While explicit deny and final rule fall-through may sound like important access control concepts, neither is.

Answer 57

B. Web defacement Explanation: Risks are the combination of a threat and a vulnerability. Threats are the external forces seeking to undermine security, such as the hacker in this case. Vulnerabilities are the internal weaknesses that might allow a threat to succeed. In this case, web defacement is the risk. In this scenario, if the hacker attempts a SQL injection attack (threat) against the unpatched server (vulnerability), the result is website defacement (risk).

Answer 58

D. A KPI Explanation: The mean time to detect a compromise is a security KPI, or key performance indicator. KPIs are used to determine how effective practices, procedures, and staff are.

Answer 59

A. Statistical sampling. Explanation: A. Val can use statistical sampling techniques to choose a set of records for review that are representative of the entire day's data. Clipping chooses only records that exceed a set threshold, so it is not a representative sample. Choosing records based on the time they are recorded may not produce a representative sample because it may capture events that occur at the same time each day and miss many events that simply don't occur during the chosen time period.

Answer 60

D. Fiber optic Explanation: Fiber-optic cable is more expensive and can be harder to install than stranded copper cable or coaxial cable in some cases, but it isn't susceptible to electromagnetic interference (EMI). That makes it a great solution for Jen's problem, especially if she is deploying EMI-hardened systems to go with her EMI-resistant network cables.

Answer 61

D. Request control Explanation: The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analyses, and developers can prioritize tasks.

Answer 62

B. Change control Explanation: B. Change control provides an organized framework within which multiple developers can create and test solutions prior to rolling them out into a production environment.

Answer 63

C. Release control Explanation: C. Release control includes acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.

Answer 64

A. Configuration control Explanation: Configuration control ensures that changes to software versions are made in accordance with the change control and configuration management process. Updates can be made only from authorized distributions in accordance with those policies.

Answer 65

B. Salt reuse Explanation: Ben is reusing his salt. When the same salt is used for each hash, all users with the same password will have the same hash, and the attack can either attempt to steal the salt or may attempt to guess the salt by targeting the most frequent hash occurrences based on commonly used passwords. Short salts are an issue, but the salts used here are 32 bytes (256 bits) long. There is no salting algorithm used or mentioned here; salt is an added value for a hash, and plaintext salting is a made-up term.

Answer 66

B. Purchasing insurance Explanation: Risk transference involves actions that shift risk from one party to another. Purchasing insurance is an example of risk transference because it moves risk from the insured to the insurance company.

Answer 67

C. OCSP Explanation: C. The Online Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 68

B. A CASB Explanation: A cloud access security broker is a tool that sits between on-premises and cloud systems, monitoring traffic and enforcing security policies. This scenario exactly matches what a CASB is designed to do. The other answers were made up; none of these is an actual cloud security device or tool (at least as of the writing of this book!).

Answer 69

B. It uses a handshake. Explanation: TCP's use of a handshake process to establish communications makes it a connection-oriented protocol. TCP does not monitor for dropped connections, nor does the fact that it works via network connections make it connection-oriented.

Answer 70

A. Gamification Explanation: Gamification uses common components from games like points, scores, and competition to engage participants in a security awareness program. None of the other answers uses these together unless they use a gamification component.

Answer 71

C. Impact Explanation: C. The two most important elements of a qualitative risk assessment are determining the probability and impact of each risk upon the organization. Likelihood is another word for probability. Cost should be taken into account but is only one element of impact, which also includes reputational damage, operational disruption, and other ill effects.

Answer 72

B. A frame Explanation: B. When a message reaches the Data Link layer, it is called a frame. Data streams exist at the Application, Presentation, and Session layers, whereas segments and datagrams exist at the Transport layer (for TCP and UDP, respectively).

Answer 73

A. Revocation of certification Explanation: A. If the (ISC)2 peer review board finds that a certified individual has violated the (ISC)2 Code of Ethics, the board may revoke their certification. The board is not able to terminate an individual's employment or assess financial penalties.

Answer 74

D. The waterfall methodology is compatible with the SDLC. Explanation: SDLC approaches include steps to provide operational training for support staff as well as end-user training. The SDLC may use one of many development models, including the waterfall and spiral models. The SDLC does not mandate the use of an iterative or sequential approach; it allows for either approach.

Answer 75

A. Bell–LaPadula Explanation: The Bell–LaPadula model includes the Simple Security Property, which prevents an individual from reading information that is classified at a level higher than the individual's security clearance.

Answer 76

C. A captive portal Explanation: Captive portals are designed to show a page that can require actions like accepting an agreement or recording an email address before connecting clients to the internet. NAC is designed to verify whether clients meet a security profile, which doesn't match the needs of most coffee shops. A wireless gateway is a tool to access a cellular or other network, rather than a way to interact with users before they connect, and 802.11 is the family of IEEE wireless standards.

Answer 77

D. When they are off because the drive is fully encrypted Explanation: The files on the drive are at their most secure when the system is off and the drive is encrypted and not in a readable state. BitLocker decrypts files as needed when in use, meaning that any time after the system is booted files may be accessed, particularly if the user is logged in and access to the system can be gained or if malware is running.

Answer 78

C. IPsec Explanation: An IPsec VPN will allow Andrea to keep her networks running as layer 2 flattened networks when necessary while providing the security for her traffic that she wants. TLS operates at a higher network layer, although traffic could be tunneled through it. BGP is a routing protocol, and AES is an encryption algorithm.

Answer 79

A. They should use the same requirements as data over any public network. Explanation: Cellular networks have the same issues that any public network does. Encryption requirements should match those that the organization selects for other public networks like hotels, conference WiFi, and similar scenarios. Encrypting all data is difficult and adds overhead, so it should not be the default answer unless the company specifically requires it. WAP is a dated wireless application protocol and is not in broad use; requiring it would be difficult. WAP does provide TLS, which would help when in use.

Answer 80

D. Connect to his company's encrypted VPN service. Explanation: D. Fred's best option is to use an encrypted, trusted VPN service to tunnel all of his data usage. Trusted WiFi networks are unlikely to exist at a hacker conference, normal usage is dangerous due to the proliferation of technology that allows fake towers to be set up, and discontinuing all usage won't support Fred's business needs.

Answer 81

B. The phone cannot contact a network. Explanation: Remote wipe tools are a useful solution, but they work only if the phone can access either a cellular or WiFi network. Remote wipe solutions are designed to wipe data from the phone regardless of whether it is in use or has a passcode. Providers unlock phones for use on other cellular networks rather than for wiping or other feature support.

Answer 82

C. RTO Explanation: The goal of business continuity planning exercises is to reduce the amount of time required to restore operations. This is done by minimizing the recovery time objective (RTO).

Answer 83

C. COBIT Explanation: The COBIT, or Control Objectives for Information and related Technologies, framework describes common requirements that organizations should have in place for their information systems. It is the only audit or compliance framework on the list. ITSM is the acronym for Information Technology Service Management; CIS is the Center for Information Security, which provides guidelines for system security that can be used to assess systems but is not itself an audit framework; and ATT&CK is a framework for describing threats and attack methodologies.

Answer 84

B. 1, 3, 2, 4 Explanation: B. The disaster recovery test types, listed in order of their potential impact on the business from the least impactful to the most impactful, are as follows: Checklist review Tabletop exercise Parallel test Full interruption test Checklist reviews are the least impactful type of exercise because they do not even require a meeting. Each team member reviews the checklist on their own. Tabletop exercises are slightly more impactful because they require bringing together the DR team in the same room. Parallel tests require the activation of alternate processing sites and require significant resources. Full interruption tests are the most impactful type of exercise because they involve shifting operations to the alternate site and could disrupt production activity.

Answer 85

C. Availability Explanation: Redundancy is part of many availability designs. Dual power supplies allow multiple levels of availability support; they allow you to connect servers to distinct power infrastructures and also provide the ability to run if a single power supply dies. Some servers are even set up to use more than two power supplies. Another approach to this type of availability is to use more systems, rather than more expensive systems with greater support for availability.

Answer 86

C. Recovery Explanation: The CISSP CBK uses a six-stage process: Detection, Response, Mitigation, Reporting, Recovery, and Remediation. This diagram is missing Recovery. Other standards differ, using different terms or slightly different processes.

Answer 87

B. Attackers may use XSS filter evasion techniques against this approach. Explanation: While removing the tag from user input, it is not sufficient, as a user may easily evade this filter by encoding the tag with an XSS filter evasion technique. Frank was correct to perform validation on the server rather than at the client, but he should use validation that limits user input to allowed values, rather than filtering out one potentially malicious tag.

Answer 88

A. An SLA Explanation: A service level agreement, or SLA, contains details about how the service will be provided, what level of outages or downtime is acceptable, and what remedies may exist in the case of outages or other issues. Megan should ensure that the SLA contains both appropriate performance guarantees and penalties that will be of sufficient magnitude to compensate her company for issues while motivating the service provider to maintain a reliable service. RPA is robotic process automation, an automation technology. NDA is a nondisclosure agreement, a legal document used to help control for the risk of information or data being exposed or shared. An MOU is a memorandum of understanding and is used when two organizations want to work together to document a shared vision or the goals they share.

Answer 89

C. BAA Explanation: HIPAA requires that anyone working with personal health information on behalf of a HIPAA-covered entity be subject to the terms of a business associates agreement (BAA).

Answer 90

A. Full interruption test Explanation: During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive. During a parallel test, the team actually activates the disaster recovery site for testing, but the primary site remains operational. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems.

Answer 91

D. A gateway Explanation: Ed's best option is to install an IPv6 to IPv4gateway that can translate traffic between the networks. A bridge would be appropriate for different types of networks, whereas a router would make sense if the networks were similar. A modern switch might be able to carry both types of traffic but wouldn't be much help translating between the two protocols.

Answer 92

D. The long-term support and patching model for the IoT devices may create security and operational risk for the organization. Explanation: Henry's biggest concern should be the long-term security and supportability of the IoT devices. As these devices are increasingly embedded in buildings and infrastructure, the support model and security model are important to understand. Both the lack of separate administrative access and the lack of strong encryption can be addressed by placing the IoT devices on a dedicated subnet or network that prevents other users from accessing the devices directly. This will help limit the risk without undue expense or complexity and is a common practice. Finally, lack of storage space can be a concern, but is not the most important when looking at the risks IoT devices can create.

Answer 93

C. UDP Explanation: C. UDP, the User Datagram Protocol, is a connectionless, best-effort protocol that is often used when sending data quickly without strong requirements for reliability features like error correction and detection or flow control to make sense. TCP is connection-oriented and provides those and other reliability features. ICMP, the Internet Control Message Protocol, is used to check routes and paths as well as availability, but is not used for significant data transfer in normal cases. SNMP is a network management monitoring protocol.

Answer 94

B. Organizations must provide individuals with lists of employees with access to information. Explanation: The EU General Data Protection Regulation does not require that organizations provide individuals with employee lists.

Answer 95

B. Warm site Explanation: Tammy should choose a warm site. This type of facility meets her requirements for a good balance between cost and recovery time. It is less expensive than a hot site but facilitates faster recovery than a cold site. A red site is not a type of disaster recovery facility.

Answer 96

B. Transport Explanation: When data reaches the Transport layer, it is sent as segments (TCP) or datagrams (UDP). Above the Transport layer, data becomes a data stream, while below the Transport layer they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer.

Answer 97

D. 384 bits Explanation: The Advanced Encryption Standard supports encryption with 128-bit keys, 192-bit keys, and 256-bit keys.

Answer 98

D. API Explanation: D. An application programming interface (API) allows developers to create a direct method for other users to interact with their systems through an abstraction that does not require knowledge of the implementation details. Access to object models, source code, and data dictionaries also indirectly facilitate interaction but do so in a manner that provides other developers with implementation details.

Answer 99

B. Request a SOC 2 Type II report. Explanation: Ian's best bet is an SOC report, and an SOC 2 Type II report will assess security controls and their application over time, telling him if the organization is responsibly maintaining their security efforts. An SOC 1 report looks at financial controls, and a Type I report only looks at how controls are described, not their application over time. Ian is unlikely to be allowed to run a vulnerability scan against a major provider's infrastructure either internally or externally.

Answer 100

B. Authorization Explanation: The permissions granted on files in Linux designate what authorized users can do with those files—read, write, or execute. In the image shown, all users can read, write, and execute index.html , whereas the owner can read, write, and execute example.txt , the group cannot, and everyone can write and execute it.

Answer 101

The protocols match with the descriptions as follows: TCP: C. Transports data over a network in a connection-oriented fashion. UDP: D. Transports data over a network in a connectionless fashion. DNS: B. Performs translations between FQDNs and IP addresses. ARP: A. Performs translations between MAC addresses and IP addresses. The Domain Name System (DNS) translates human-friendly fully qualified domain names (FQDNs) into IP addresses, making it possible to easily remember websites and hostnames. ARP is used to resolve IP addresses into MAC addresses. TCP and UDP are used to control the network traffic that travels between systems. TCP does so in a connection-oriented fashion using the three-way handshake, while UDP uses connectionless “best-effort” delivery.