Chapter 12 Practice Test 4 (Sybex) Flashcards

Question 1

Q

What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?

A. Preventive
B. Corrective
C. Detective
D. Directive

Answer

A

C. Detective

Explanation:
C. Detective access controls operate after the fact and are intended to detect or discover unwanted access or activity. Preventive access controls are designed to prevent the activity from occurring, whereas corrective controls return an environment to its original status after an issue occurs. Directive access controls limit or direct the actions of subjects to ensure compliance with policies.

Question 2

Q

Which one of the following presents the most complex decoy environment for an attacker to explore during an intrusion attempt?

A. Honeypot
B. Darknet
C. Honeynet
D. Pseudoflaw

Answer

A

C. Honeynet

Explanation:
A honeypot is a decoy computer system used to bait intruders into attacking. A honeynet is a network of multiple honeypots that creates a more sophisticated environment for intruders to explore. A pseudoflaw is a false vulnerability in a system that may attract an attacker. A darknet is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity.

Question 3

Q

Ben’s organization is adopting biometric authentication for their high-security building’s access control system. Using this chart, answer questions 3–5 about their adoption of the technology. Ben’s company is considering configuring their systems to work at the level shown by point A on the diagram. What level are they setting the sensitivity to?

A. The FRR crossover
B. The FAR point
C. The CER
D. The CFR

Answer

A

C. The CER

Explanation:
C. The CER is the point where FAR and FRR cross over, and it is a standard assessment used to compare the accuracy of biometric devices.

Question 4

Q

At point B, what problem is likely to occur?

A. False acceptance will be very high.
B. False rejection will be very high.
C. False rejection will be very low.
D. False acceptance will be very low.

Answer

A

A. False acceptance will be very high.

Explanation:
At point B, the false acceptance rate (FAR) is quite high, whereas the false rejection rate (FRR) is relatively low. This may be acceptable in some circumstances, but in organizations where a false acceptance can cause a major problem, it is likely that they should instead choose a point to the right of point A.

Question 5

Q

What should Ben do if the FAR and FRR shown in this diagram do not provide an acceptable performance level for his organization’s needs?

A. Adjust the sensitivity of the biometric devices.
B. Assess other biometric systems to compare them.
C. Move the CER.
D. Adjust the FRR settings in software.

Answer

A

B. Assess other biometric systems to compare them.

Explanation:
CER is a standard used to assess biometric devices. If the CER for this device does not fit the needs of the organization, Ben should assess other biometric systems to find one with a lower CER. Sensitivity is already accounted for in CER charts, and moving the CER isn’t something Ben can do. FRR is not a setting in software, so Ben can’t use that as an option either.

Question 6

Q

Ed is tasked with protecting information about his organization’s customers, including their name, Social Security number, birthdate, and place of birth, as well as a variety of other information. What is this information known as?

A. PHI
B.PII
C. Personal protected data
D. PID

Answer

A

B.PII

Explanation:
Personally identifiable information (PII) can be used to distinguish a person’s identity. Personal health information (PHI) includes data such as medical history, lab results, insurance information, and other details about a patient. Personal protected data is a made-up term, and PID is an acronym for process ID, the number associated with a running program or process.

Question 7

Q

What software development lifecycle model is shown in the following illustration?

A. Spiral
B. Agile
C. Boehm
D. Waterfall

Answer

A

D. Waterfall

Explanation:
The figure shows the waterfall model, developed by Winston Royce. An important characteristic of this model is a series of sequential steps that include a feedback loop that allows the process to return one step prior to the current step when necessary.

Question 8

Q

Encapsulation is the core concept that enables what type of protocol?

A. Bridging
B. Multilayer
C. Hashing
D. Storage

Answer

A

B. Multilayer

Explanation:
Encapsulation creates both the benefits and potential issues with multilayer protocols. Bridging can use various protocols but does not rely on encapsulation. Hashing and storage protocols typically do not rely on encapsulation as a core part of their functionality.

Question 9

Q

Amanda wants to use contacts from the existing Gmail accounts that new users for her application already have. What protocol from the following options is used to provide secure delegated access for this type of use by many cloud providers?

A. Open ID
B. Kerberos
C. OAuth
D. SAML

Answer

A

C. OAuth

Explanation:
OAuth is used to provide secure delegated access in scenarios exactly like this. OpenID is used to sign in using credentials from an identity provider to other services, such as when you log in with Google to other sites. SAML, or Security Assertion Markup Language, is used to make security assertions allowing authentication and authorizations between identity providers and service providers. Kerberos is mostly used inside of organizations instead of for federation, as this question focuses on.

Question 10

Q

Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster?

A. MTD
B. RTO
C. RPO
D. MTO

Answer

A

B. RTO

Explanation:
B. The recovery time objective (RTO) is the amount of time that it may take to restore a service after a disaster without unacceptable impact on the business. The RTO for each service is identified during a business impact assessment.

Question 11

Q

Jill is working to procure new network hardware for her organization. She finds a gray market supplier that is importing the hardware from outside the country at a much lower price. What security concern is the most significant for hardware acquired this way?

A. The security of the hardware and firmware
B. Availability of support for the hardware and software
C. Whether the hardware is a legitimate product of the actual vendor
D. The age of the hardware

Answer

A

A. The security of the hardware and firmware

Explanation:
A. Each of these answers may be a concern, but the overriding security concern is if the hardware and firmware can be trusted or may have been modified. Original equipment manufacturers (OEMs) have business reasons to ensure the security of their product, but third parties in the supply chain may not feel the same pressure. Both availability of support and whether the hardware is legitimate are also concerns, but less immediate security concerns. Finally, hardware may be older than expected, or may be used, refurbished, or otherwise not new.

Question 12

Q

What process is typically used to ensure data security for workstations that are being removed from service but that will be resold or otherwise reused?

A. Destruction
B. Erasing
C. Sanitization
D. Clearing

Answer

A

C. Sanitization

Explanation:
When done properly, a sanitization process fully ensures that data is not remnant on the system before it is reused. Clearing and erasing can both be failure prone, and of course, destruction wouldn’t leave a machine or device to reuse.

Question 13

Q

Colleen is conducting a software test that is evaluating code for both security flaws and usability issues. She is working with the application from an end-user perspective and referencing the source code as she works her way through the product. What type of testing is Colleen conducting?

A. White box
B. Blue box
C. Gray box
D. Black Box

Answer

A

C. Gray box

Explanation:
In a gray-box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted. White-box tests also have access to the source code but perform testing from a developer’s perspective. Black-box tests work from a user’s perspective but do not have access to source code. Blue boxes are a telephone hacking tool and not a software testing technique. Note: as language changes, new terms like zero knowledge, partial knowledge, and full knowledge are starting to replace white-, gray-, and black-box testing terms.

Question 14

Q

Harold is looking for a software development methodology that will help with a major issue he is seeing in his organization. Currently, developers and operations staff do not work together and are often seen as taking problems and “throwing them over the fence” to the other team. What technology management approach is designed to alleviate this problem?

A. ITIL
B. Lean
C. ITSM
D. DevOps

Answer

A

D. DevOps

Explanation:
The DevOps approach to technology management seeks to integrate software development, operations, and quality assurance in a cohesive effort. It specifically attempts to eliminate the issue of “throwing problems over the fence” by building collaborative relationships between members of the IT team.

Question 15

Q

NIST Special Publication 800-92, the Guide to Computer Security Log Management, describes four types of common challenges to log management:

Many log sources
Inconsistent log content
Inconsistent timestamps
Inconsistent log formats

Which of the following solutions is best suited to solving these issues?

A. Implement SNMP for all logging devices.
B. Implement a SIEM.
C. Standardize on the Windows event log format for all devices and use NTP.
D. Ensure that logging is enabled on all endpoints using their native logging formats and set their local time correctly.

Answer

A

B. Implement a SIEM.

Explanation:
A security information and event management (SIEM) tool is designed to centralize logs from many locations in many formats and to ensure that logs are read and analyzed despite differences between different systems and devices. The Simple Network Management Protocol (SNMP) is used for some log messaging but is not a solution that solves all of these problems. Most non-Windows devices, including network devices among others, are not designed to use the Windows event log format, although using NTP for time synchronization is a good idea. Finally, local logging is useful, but setting clocks individually will result in drift over time and won’t solve the issue with many log sources.

Question 16

Q

Mike has a flash memory card that he would like to reuse. The card contains sensitive information. What technique can he use to securely remove data from the card and allow its reuse?

A. Degaussing
B. Physical destruction
C. Cryptoshredding
D. Reformatting

Answer

A

C. Cryptoshredding

Explanation:
Mike should use cryptoshredding, a secure data destruction process to protect this device. While degaussing is a valid secure data removal technique, it would not be effective in this case, since degaussing works only on magnetic media. Physical destruction would prevent the reuse of the device. Reformatting is not a valid secure data removal technique.

Question 17

Q

Carlos is investigating the compromise of sensitive information in his organization. He believes that attackers managed to retrieve personnel information on all employees from the database and finds the following user-supplied input in a log entry for a web-based personnel management system:

Collins’&1=1;––

What type of attack took place, and how could it be prevented?

A. SQL injection, use of stored procedures
B. Buffer overflow, automatic buffer expansion
C. Cross-site scripting, turning on XSS prevention on the web server
D. Cross-site request forgery, requiring signed requests

Answer

A

A. SQL injection, use of stored procedures

Explanation:
A. The single quotation mark in the input field is a telltale sign that this is a SQL injection attack. The quotation mark is used to escape outside the SQL code’s input field, and the text that follows is used to directly manipulate the SQL command sent from the web application to the database.

Question 18

Q

Which one of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete?

A. Policy
B. Standard
C. Guideline
D. Procedure

Answer

A

D. Procedure

Explanation:
Procedures are formal, mandatory documents that provide detailed, step-by-step actions required from individuals performing a task.

Question 19

Q

What purpose are the CIS benchmarks frequently used for in organizations?

A. Secure coding standards
B. Performance testing
C. Baselining
D. Monitoring metrics

Answer

A

C. Baselining

Explanation:
The CIS benchmarks are configuration baselines that are frequently used to assess the security settings or configuration for devices and software. Baselining is the process of configuring and validating that a system meets security configuration guidelines or standards.

Question 20

Q

Bryan has a set of sensitive documents that he would like to protect from public disclosure. He would like to use a control that, if the documents appear in a public forum, may be used to trace the leak back to the person who was originally given the document copy. What security control would best fulfill this purpose?

A .Digital signature
B. Document staining
C. Hashing
D.Watermarking

Answer

A

D.Watermarking

Explanation:
Watermarking alters a digital object to embed information about the source, in either a visible or hidden form. Digital signatures may identify the source of a document, but they are easily removed. Hashing would not provide any indication of the document source, since anyone could compute a hash value. Document staining is not a security control.

Question 21

Q

Carlos is planning a design for a data center that will be constructed within a new four-story corporate headquarters. The building consists of a basement and three above-ground floors. What is the best location for the data center?

A. Basement
B. First floor
C. Second floor
D. Third floor

Answer

A

C. Second floor

Explanation:
C. Data centers should be located in the core of a building. Locating it on lower floors makes it susceptible to flooding and physical break-ins. Locating it on the top floor makes it vulnerable to wind and roof damage.

Question 22

Q

Chris is an information security professional for a major corporation, and as he is walking into the building, he notices that the door to a secure area has been left ajar. Physical security does not fall under his responsibility, but he takes immediate action by closing the door and informing the physical security team of his action. What principle is Chris demonstrating?

A. Due care
B. Crime prevention through environmental design
C. Separation of duties
D. Informed consent

Answer

A

A. Due care

Explanation:
The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard. Crime prevention through environmental design is a design concept that focuses on making environments less conducive to illicit or unwanted actions. Separation of duties splits duties to ensure that a malicious actor cannot perform actions on their own like making a purchase and approving it. Informed consent is a term used in the medical industry that requires that a person’s permission is required and that they must be aware of what the consequences of their actions could be.

Question 23

Q

Which one of the following investigation types always uses the beyond-a-reasonable-doubt standard of proof?

A. Civil investigation
B. Criminal investigation
C. Operational investigation
D. Regulatory investigation

Answer

A

B. Criminal investigation

Explanation:
Criminal investigations have high stakes with severe punishment for the offender that may include incarceration. Therefore, they use the strictest standard of evidence of all investigations: beyond a reasonable doubt. Civil investigations use a preponderance-of-the-evidence standard. Regulatory investigations may use whatever standard is appropriate for the venue where the evidence will be heard. This may include the beyond-a-reasonable-doubt standard, but it is not always used in regulatory investigations in the United States. Operational investigations do not use a standard of evidence.

Question 24

Q

Kristen wants to use multiple processing sites for her data, but does not want to pay for a full data center. Which of the following options would you recommend as her best option if she wants to be able to quickly migrate portions of her custom application environment to facilities in multiple countries without having to wait to ship or acquire hardware?

A. A cloud PaaS vendor
B. A hosted data center provider
C. A cloud IaaS vendor
D. A data center vendor that provides rack, power, and remote hands services

Answer

A

A. A cloud PaaS vendor

Explanation:
A cloud IaaS vendor will allow Kristen to set up infrastructure as quickly as she can deploy and pay for it. A PaaS vendor provides a platform that would require her to migrate her custom application to it, likely taking longer than a hosted data center provider. A data center vendor that provides rack, power, and remote hands assistance fails the test based on Kristen’s desire to not have to acquire or ship hardware.

Question 25

Q

What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data?

A. Hot site
B. Warm site
C. Cold site
D. Mobile site

Answer

A

B. Warm site

Explanation:
B. Warm sites contain the hardware necessary to restore operations but do not have a current copy of data.

Question 26

Q

Which one of the following terms describes a period of momentary high voltage?

A. Sag
B. Brownout
C. Spike
D. Surge

Answer

A

C. Spike

Explanation:
A power spike is a momentary period of high voltage. A surge is a prolonged period of high voltage. Sags and brownouts are periods of low voltage.

Question 27

Q

Greg needs to label drives used for his company’s medical insurance claims database. What data label from the following list best matches the type of data he is dealing with?

A. PII
B. Secret
C. Business confidential
D. PHI

Answer

A

D. PHI

Explanation:
D. Medical insurance claims will contain private health information, or PHI. Greg should label the drives as containing PHI and then ensure that they are handled according to his organization’s handling standards for that type of data.

Question 28

Q

The Open Shortest Path First (OSPF) protocol is a routing protocol that keeps a map of all connected remote networks and uses that map to select the shortest path to a remote destination. What type of routing protocol is OSPF?

A. Link state
B. Shortest path first
C. Link mapping
D. Distance vector

Answer

A

A. Link state

Explanation:
OSPF is a link state protocol. Link state protocols maintain a topographical map of all connected networks and preferentially select the shortest path to remote networks for traffic. A distance vector protocol would map the direction and distance in hops to a remote network, whereas shortest path first and link mapping are not types of routing protocols.

Question 29

Q

Selah wants to ensure that vehicles cannot crash through into her company’s entryway and front lobby while still remaining accessible to pedestrians and wheelchairs or other mobility devices. What physical security control is best suited to this purpose?

A. Fences
B. Bollards
C. Walls
D. Stairs

Answer

A

B. Bollards

Explanation:
Bollards are physical security solutions that are short and strong posts or similar solutions intended to stop vehicles from crashing through or passing an area. Bollards can be used to allow pedestrians and mobility devices to pass while stopping vehicles. Fences and walls will prevent individuals from passing through them, while stairs are challenging for most mobility devices.

Question 30

Q

For questions 30–34, please refer to the following scenario:

Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. What backup should Tara apply to the server first?

A. Sunday’s full backup
B. Monday’s differential backup
C. Tuesday’s differential backup
D. Wednesday’s differential backup

Answer

A

A. Sunday’s full backup

Explanation:
Tara first must achieve a system baseline. She does this by applying the most recent full backup to the new system. This is Sunday’s full backup. Once Tara establishes this baseline, she may then proceed to apply differential backups to bring the system back to a more recent state.

Question 31

Q

How many backups in total must Tara apply to the system to make the data it contains as current as possible?

A. 1
B. 2
C. 3
D. 4

Answer

A

B. 2

Explanation:
To restore the system to as current a state as possible, Tara must first apply Sunday’s full backup. She may then apply the most recent differential backup, from Wednesday at noon. Differential backups include all files that have changed since the most recent full backup, so the contents of Wednesday’s backup contain all of the data that would be contained in Monday and Tuesday’s backups, making the Monday and Tuesday backups irrelevant for this scenario.

Question 32

Q

In this backup approach, some data may be irretrievably lost. How long is the time period where any changes made will have been lost?

A. 3 hours.
B. 5 hours.
C. 8 hours.
D. No data will be lost.

Answer

A

A. 3 hours.

Explanation:

In this scenario, the differential backup was made at noon, and the server failed at 3 p.m. Therefore, any data modified or created between noon and 3 p.m. on Wednesday will not be contained on any backup and will be irretrievably lost.

Question 33

Q

If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible?

A. 1
B. 2
C. 3
D. 4

Answer

A

D. 4

Explanation:
By switching from differential to incremental backups, Tara’s weekday backups will only contain the information changed since the previous day. Therefore, she must apply all of the available incremental backups. She would begin by restoring the Sunday full backup and then apply the Monday, Tuesday, and Wednesday incremental backups.

Question 34

Q

If Tara made the change from differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest?

A. Monday’s incremental backup.
B. Tuesday’s incremental backup.
C. Wednesday’s incremental backup.
D. All three will be the same size.

Answer

A

D. All three will be the same size.

Explanation:
Each incremental backup contains only the information changed since the most recent full or incremental backup. If we assume that the same amount of information changes every day, each of the incremental backups would be roughly the same size.

Question 35

Q

The following figure shows an example of an attack where Mal, the attacker, has redirected traffic from a user’s system to their own, allowing them to read TLS encrypted traffic. Which of the following terms best describes this attack?

A. A DNS hijacking attack
B. An ARP spoofing attack
C. A man-in-the-middle attack
D. A SQL injection attack

Answer

A

C. A man-in-the-middle attack

Explanation:
A man-in-the-middle (increasingly often referred to as a person-in-the-middle, or on-path) attack allows an attacker to redirect traffic and thus read or modify it. This can be completely transparent to the end user, making it a dangerous attack if the malicious actor is successful. DNS hijacking would change a system’s domain name information, and there is no direct indication of that here. Similarly, ARP spoofing is one way to conduct a man-in-the-middle attack, but that detail is not here either. SQL injection is normally done via web applications to execute commands against a database server.

Question 36

Q

Bob has been tasked with writing a policy that describes how long data should be kept and when it should be purged. What concept does this policy deal with?

A. Data remanence
B. Record retention
C. Data redaction
D. Audit logging

Answer

A

B. Record retention

Explanation:
Record retention ensures that data is kept and maintained as long as it is needed and that it is purged when it is no longer necessary. Data remanence occurs when data is left behind after an attempt is made to remove it, whereas data redaction is not a technical term used to describe this effort. Finally, audit logging may be part of the records retained but doesn’t describe the lifecycle of data.

Question 37

Q

Which component of IPsec provides authentication, integrity, and nonrepudiation?

A. L2TP
B. Encapsulating Security Payload
C. Encryption Security Header
D. Authentication Header

Answer

A

D. Authentication Header

Explanation:
The Authentication Header provides authentication, integrity, and nonrepudiation for IPsec connections. The Encapsulating Security Payload provides encryption and thus provides confidentiality. It can also provide limited authentication. L2TP is an independent VPN protocol, and Encryption Security Header is a made-up term.

Question 38

Q

Renee notices that a system on her network recently received connection attempts on all 65,536 TCP ports from a single system during a short period of time. What type of attack did Renee most likely experience?

A. Denial-of-service
B. Reconnaissance
C. Malicious insider
D. Compromise

Answer

A

B. Reconnaissance

Explanation:
The attack described in the scenario is a classic example of TCP scanning, a network reconnaissance technique that may precede other attacks. There is no evidence that the attack disrupted system availability, which would characterize a denial-of-service attack; that it was waged by a malicious insider; or that the attack resulted in the compromise of a system.

Question 39

Q

What type of Windows audit record describes events like an OS shutdown or a service being stopped?

A. An application log
B. A security log
C. A system log
D. A setup log

Answer

A

C. A system log

Explanation:
C. Windows system logs include reboots, shutdowns, and service state changes. Application logs record events generated by programs, security logs track events like logins and uses of rights, and setup logs track application setup.

Question 40

Q

Melissa is in charge of her organization’s security compliance efforts and has been told that the organization does not install Windows patches until a month has passed since the patch has been released unless there is a zero-day exploit that is being actively exploited. Why would the company delay patching like this?

A. To minimize business impact of the installation
B. To allow any flaws with the patch to be identified
C. To prevent malware in the patches from being installed before it is identified
D. To allow the patch to be distributed to all systems

Answer

A

B. To allow any flaws with the patch to be identified

Explanation:
Many organizations delay patches for a period of time to ensure that any previously unidentified flaws are found before the patches are installed throughout their organization. Melissa needs to balance business impact against security in her role and may choose to support this or to push for more aggressive installation practices depending on the organization’s risk tolerance and security needs.

Question 41

Q

What level of RAID is also known as disk striping?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

Answer

A

A. RAID 0

Explanation:
RAID level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.

Question 42

Q

Jacob executes an attack against a system using a valid but low-privilege user account by accessing a file pointer that the account has access to. After the access check, but before the file is opened, he quickly switches the file pointer to point to a file that the user account does not have access to. What type of attack is this?

A. TOCTOU
B. Permissions creep
C. Impersonation
D. Link swap

Answer

A

A. TOCTOU

Explanation:
This is an example of a time of check/time of use, or TOC/TOU, attack. It exploits the difference between the times when a system checks for permission to perform an action and when the action is actually performed. Permissions creep would occur if the account had gained additional rights over time as the other’s role or job changed. Impersonation occurs when an attacker pretends to be a valid user, and link swap is not a type of attack.

Question 43

Q

What is the minimum number of disks required to implement RAID level 0?

A. 1
B. 2
C. 3
D. 5

Answer

A

B. 2

Explanation:
RAID 0, or disk striping, requires at least two disks to implement. It improves performance of the storage system but does not provide fault tolerance.

Question 44

Q

Fred’s company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest?

A. Digitally sign and encrypt all messages to ensure integrity.
B. Digitally sign but don’t encrypt all messages.
C. Use TLS to protect messages, ensuring their integrity.
D. Use a hashing algorithm to provide a hash in each message to prove that it hasn’t changed.

Answer

A

B. Digitally sign but don’t encrypt all messages.

Explanation:
Fred’s company needs to protect integrity, which can be accomplished by digitally signing messages. Any change will cause the signature to be invalid. Encrypting isn’t necessary because the company does not want to protect confidentiality. TLS can provide in-transit protection but won’t protect integrity of the messages, and of course a hash used without a way to verify that the hash wasn’t changed won’t ensure integrity either.

Question 45

Q

The leadership at Susan’s company has asked her to implement an access control system that can support rule declarations like “Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m.” What type of access control system would be Susan’s best choice?

A. ABAC
B. RBAC
C. DAC
D. MAC

Answer

A

A. ABAC

Explanation:
An attribute-based access control (ABAC) system will allow Susan to specify details about subjects, objects, and access, allowing granular control. Although a rule-based access control system (RBAC) might allow this, the attribute-based access control system can be more specific and thus is more flexible. Discretionary access control (DAC) would allow object owners to make decisions, and mandatory access controls (MACs) would use classifications; neither of these capabilities was described in the requirements.

Question 46

Q

Nora’s company operates servers on a five-year lifecycle. When they reach their end of life according to that process, the servers are sent to an e-waste recycler. Which of the following is the most effective control that Nora could implement to ensure that a data breach does not occur due to remanent data?

A. Zero wipe the drives before the servers leave the organization.
B. Remove the drives and shred them.
C. Reformat the drives before the servers are sent to the e-waste company.
D. Require certificates of disposal from the e-waste company.

Answer

A

B. Remove the drives and shred them.

Explanation:
The most effective control is to remove the drives and shred them, removing any chance for the servers to leave with data remaining on them. A trustworthy company that can provide a certificate of disposal with appropriate contractual controls may be a reasonable and cost-efficient alternative, but the company may also then want to zero wipe drives before the systems leave to reduce the risk if a system makes it out of the recycler’s control. The worst answer here is reformatting, which will not remove data.

Question 47

Q

Chris is deploying a gigabit Ethernet network using Category 6 cable between two buildings. What is the maximum distance he can run the cable according to the Category 6 standard?

A. 50 meters
B. 100 meters
C. 200 meters
D. 300 meters

Answer

A

B. 100 meters

Explanation:
B. The maximum allowed length of a Cat 6 cable is 100 meters, or 328 feet. Long distances are typically handled by a fiber run or by using network devices like switches or repeaters—not only because of the distance, but also because outdoor runs can experience lightning strikes, which won’t affect fiber. Knowing that copper twisted pair has distance limitations can be important in many network designs and influences where switches and other devices are placed.

Question 48

Q

Howard is a security analyst working with an experienced computer forensics investigator. The investigator asks him to retrieve a forensic drive controller, but Howard cannot locate a device in the storage room with this name. What is another name for a forensic drive controller?

A. RAID controller
B. Write blocker
C. SCSI terminator
D. Forensic device analyzer

Answer

A

B. Write blocker

Explanation:
One of the main functions of a forensic drive controller is preventing any command sent to a device from modifying data stored on the device. For this reason, forensic drive controllers are also often referred to as write blockers.

Question 49

Q

The web application that Saria’s development team is working on needs to provide secure session management that can prevent hijacking of sessions using the cookies that the application relies on. Which of the following techniques would be the best for her to recommend to prevent this?

A. Set the Secure attribute for the cookies, thus forcing TLS.
B. Set the Domain cookie attribute to example.com to limit cookie access to servers in the same domain.
C. Set the Expires cookie attribute to less than a week.
D. Set the HTTPOnly attribute to require only unencrypted sessions.

Answer

A

A. Set the Secure attribute for the cookies, thus forcing TLS.

Explanation:
Setting the Secure cookie will only allow cookies to be sent via HTTPS TLS or SSL sessions, preventing man-in-the-middle attacks that target cookies. The rest of the settings are problematic. For example, cookies are vulnerable to DNS spoofing. Domain cookies should usually have the narrowest possible scope, which is actually accomplished by not setting the Domain cookie. This allows only the originating server to access the cookie. Cookies without the Expires or Max-age attributes are ephemeral and will only be kept for the session, making them less vulnerable than stored cookies. Normally, the HTTPOnly attribute is a good idea, but it prevents scripting rather than requiring unencrypted HTTP sessions.

Question 50

Q

Ben’s company has recently retired its fleet of multifunction printers. The information security team has expressed concerns that the printers contain hard drives and that they may still have data from scans and print jobs. What is the technical term for this issue?

A. Data pooling
B. Failed clearing
C. Data permanence
D. Data remanence

Answer

A

D. Data remanence

Explanation:
Data remanence describes data that is still on media after an attempt has been made to remove it. Failed clearing and data pooling are not technical terms, and data permanence describes how long data lasts.

Question 51

Q

What access control scheme labels subjects and objects and allows subjects to access objects when the labels match?

A. DAC
B. MAC
C. Rule-based access control (RBAC)
D. Role-based access control (RBAC)

Answer

A

B. MAC

Explanation:
Mandatory access control (MAC) applies labels to subjects and objects and allows subjects to access objects when their labels match. Discretionary access control (DAC) is controlled by the owner of objects, rule-based access control applies rules throughout a system, and role-based access control bases rights on roles, which are often handled as groups of users.

Question 52

Q

A cloud-based service that provides account provisioning, management, authentication, authorization, reporting, and monitoring capabilities is known as what type of service?

A. PaaS
B. IDaaS
C. IaaS
D. SaaS

Answer

A

B. IDaaS

Explanation:
Identity as a service (IDaaS) provides capabilities such as account provisioning, management, authentication, authorization, reporting, and monitoring. Platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS).

Question 53

Q

Sally wants to secure her organization’s VoIP systems. Which of the following attacks is one that she shouldn’t have to worry about?

A. Eavesdropping
B. Denial-of-service
C. Blackboxing
D. Caller ID spoofing

Answer

A

C. Blackboxing

Explanation:
Eavesdropping, denial-of-service attacks, and caller ID spoofing are all common VoIP attacks. Blackboxing is a made-up answer, although various types of colored boxes were associated with phone phreaking.

Question 54

Q

Marty discovers that the access restrictions in his organization allow any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access most directly violates which information security principle?

A. Separation of duties
B. Two-person control
C. Need to know
D. Least privilege

Answer

A

D. Least privilege

Explanation:
This broad access may indirectly violate all of the listed security principles, but it is most directly a violation of least privilege because it grants users privileges that they do not need for their job functions.

Question 55

Q

Fred needs to transfer files between two servers on an untrusted network. Since he knows the network isn’t trusted, he needs to select an encrypted protocol that can ensure that his data remains secure. What protocol should he choose?

A. SSH
B. TCP
C. SFTP
D. IPsec

Answer

A

C. SFTP

Explanation:
C. The Secure File Transfer Protocol (SFTP) is specifically designed for encrypted file transfer. SSH is used for secure command-line access, whereas TCP is one of the bundles of internet protocols commonly used to transmit data across a network. IPsec could be used to create a tunnel to transfer the data but is not specifically designed for file transfer.

Question 56

Q

Chris uses a packet sniffer to capture traffic from a TACACS+ server. What protocol should he monitor, and what data should he expect to be readable?

A. UDP; none—TACACS+ encrypts the full session.
B. TCP; none—TACACS+ encrypts the full session.
C. UDP; all but the username and password, which are encrypted.
D. TCP; all but the username and password, which are encrypted.

Answer

A

B. TCP; none—TACACS+ encrypts the full session.

Explanation:
TACACS+ uses TCP and encrypts the entire session, unlike RADIUS, which only encrypts the password and operates via UDP.

Question 57

Q

Use your knowledge of Kerberos authentication and authorization as well as the following diagram to answer questions 57–59.
If the client has already authenticated to the KDC, what does the client workstation send to the KDC at point A when it wants to access a resource?

A. It resends the password
B. A TGR
C. Its TGT
D. A service ticket

Answer

A

C. Its TGT

Explanation:
The client sends its existing valid TGT to the KDC and requests access to the resource.

Question 58

Q

What occurs between steps A and B?

A. The KDC verifies the validity of the TGT and whether the user has the right privileges for the requested resource.
B. The KDC updates its access control list based on the data in the TGT.
C. The KDC checks its service listing and prepares an updated TGT based on the service request.
D> The KDC generates a service ticket to issue to the client.

Answer

A

A. The KDC verifies the validity of the TGT and whether the user has the right privileges for the requested resource.

Explanation:
The KDC must verify that the TGT is valid and whether the user has the right privileges to access the service it is requesting access to. If it does, it generates a service ticket and sends it to the client (step B).

Question 59

Q

What system or systems does the service that is being accessed use to validate the ticket?

A. The KDC.
B. The client workstation and the KDC.
C. The client workstation supplies it in the form of a client-to-server ticket and an authenticator.
D. The KVS.

Answer

A

C. The client workstation supplies it in the form of a client-to-server ticket and an authenticator.

Explanation:
When a client connects to a service server (SS), it sends the following two messages: The client-to-server ticket, encrypted using the service’s secret key A new authenticator, including the client ID and timestamp that is encrypted using the client/server session key. The server or service that is being accessed receives all of the data it needs in the service ticket. To do so, the client uses a client-to-server ticket received from the ticket granting service.

Question 60

Q

What does a service ticket (ST) provide in Kerberos authentication?

A. It serves as the authentication host.
B. It provides proof that the subject is authorized to access an object.
C. It provides proof that a subject has authenticated through a KDC and can request tickets to access other objects.
D. It provides ticket granting services.

Answer

A

B. It provides proof that the subject is authorized to access an object.

Explanation:
The service ticket in Kerberos authentication provides proof that a subject is authorized to access an object. Ticket granting services are provided by the TGS. Proof that a subject has authenticated and can request tickets to other objects uses ticket-granting tickets, and authentication host is a made-up term.

Question 61

Q

Judy is preparing to conduct a business impact analysis. What should her first step be in the process?

A. Identify threats to the business.
B. Identify risks to the organization.
C. Identify business priorities.
D. Conduct likelihood analysis.

Answer

A

C. Identify business priorities.

Explanation:
The first step in a business impact analysis is to identify the business’s priorities. Judy should ensure that business areas are all represented and that the functions of each department or area are assessed. Once that is done, she can move on to identifying risks, evaluating likelihood and impact, and then prioritizing the resources available to the business to address the identified priorities.

Question 62

Q

What is the most common risk that cellular phone hotspots create for business networks?

A. They can provide attackers with a nonsecured network path into your network.
B. They can be used like rogue access points for man-in-the-middle attacks.
C. They allow wireless data to be intercepted.
D. They are unencrypted and can be easily sniffed.

Answer

A

A. They can provide attackers with a nonsecured network path into your network.

Explanation:
A. Organizations are most often concerned about hotspots creating an unsecured network connection into their secure network via laptops or other devices that are connected to them. Bridging a cellular connection to a network connection to the business’s network creates a path that bypasses security controls. Hotspots could be used as rogue access points, but this is a less common scenario. They do not specifically allow wireless data to be intercepted and, in most modern implementations, are encrypted, thus limiting the likelihood of sniffing providing useful data.

Question 63

Q

Which one of the following fire suppression systems poses the greatest risk of accidental discharge that damages equipment in a data center?

A. Wet pipe
B. Dry pipe
C. Deluge
D. Preaction

Answer

A

A. Wet pipe

Explanation:
Dry pipe, deluge, and preaction systems all use pipes that remain empty until the system detects signs of a fire. Wet pipe systems use pipes filled with water that may damage equipment if there is damage to a pipe.

Question 64

Q

Amanda’s healthcare provider maintains such data as details about her health, treatments, and medical billing. What type of data is this?

A. Protected health information
B. Personally identifiable information
C. Protected health insurance
D., Individual protected data

Answer

A

A. Protected health information

Explanation:
Protected health information (PHI) is defined by HIPAA to include health information used by healthcare providers, such as medical treatment, history, and billing. Personally identifiable information is information that can be used to identify an individual, which may be included in the PHI but isn’t specifically this type of data. Protected health insurance and individual protected data are both made-up terms.

Answer 65

A

B. Manual

Explanation:
Manual testing uses human understanding of business logic to assess program flow and responses. Mutation or generational fuzzing will help determine how the program responds to expected inputs but does not test the business logic. Interface testing ensures that data exchange between modules works properly but does not focus on the logic of the program or application.

Answer 66

A

A. Type 1

Explanation:
A Type 1 authentication factor is something you know. A Type 2 authentication factor is something you have, like a smartcard or hardware token. A Type 3 authentication factor is something you are, like a biometric identifier. There is no such thing as a Type 4 authentication factor.

Answer 67

A

B. She has to make sure that appropriate security controls are in place to protect the data.

Explanation:
B. System owners develop and maintain system security plans with system administrators, and they have to ensure that appropriate security controls are in place on those systems. System owners also share responsibility for data protection with data owners. System administrators grant appropriate access and apply the controls, whereas data owners own the classification process.

Answer 68

A

A. Misuse case testing

Explanation:
A. Jack is performing misuse case analysis, a process that tests code based on how it would perform if it was misused instead of used properly. Use case testing tests valid use cases, whereas static code analysis involves reviewing the code itself for flaws rather than testing the live software. Hacker use case testing isn’t an industry term for a type of testing.

Answer 69

A

A. Stored procedures
B. Escaping all user-supplied input
C. Parameterized queries
D. Input validation

Explanation:
All of these options are useful to help prevent SQL injection. Stored procedures limit what can be done via the database server, and escaping user input makes dangerous characters less likely to be a problem. Parameterized queries limit what can be sent in a query, and input validation adds another layer of protection by limiting what can be successfully input by a user.

Answer 70

A

C. 65,536 TCP and 65,536 UDP ports

Explanation:
Both TCP and UDP port numbers are a 16-digit binary number, which means there can be 216 ports, or 65,536 ports, numbered from 0 to 65,535.

Answer 71

A

A. Vulnerabilities

Explanation:
MITRE’s Common Vulnerabilities and Exploits (CVE) dictionary and NIST’s National Vulnerability Database (NVD) both provide information about vulnerabilities.

Answer 72

A

D. A record retention policy

Explanation:
Record retention policies are used to establish what data organizations retain and how long they will retain it for. Keeping data longer than necessary can increase risk to the organization, but having data when needed for investigations, legal compliance, or other business purposes is also important. EOL, or end of life, and EOS, or end of support, apply to hardware or software and not to data. Data classification policies are used to help classify data, which may influence how long it is retained, but classification policies themselves typically do not set retention timeframes.

Answer 73

A

D. Automated recovery without undue data loss

Explanation:
In an automated recovery, the system can recover itself against one or more failure types. In an automated recovery without undue loss, the system can recover itself against one or more failure types and also preserve data against loss. In function recovery, the system can restore functional processes automatically. In a manual recovery approach, the system does not fail into a secure state but requires an administrator to manually restore operations.

Answer 74

A

A. Antenna placement, antenna type, antenna power levels

Explanation:
Antenna placement, antenna design, and power level control are the three important factors in determining where a signal can be accessed and how usable it is. A captive portal can be used to control user logins, and antenna design is part of antenna types. The FCC does provide maximum broadcast power guidelines but does not require a minimum power level.

Answer 75

A

C. Physically destroy the drive.

Explanation:
Physically destroying the drive is the best way to ensure that there is no remnant data on the drive. SSDs are flash media, which means that you can’t degauss them, whereas both random pattern writes and the built-in erase commands have been shown to be problematic due to the wear leveling built into SSDs as well as differences in how they handle erase commands.

Answer 76

A

A. Confidentiality

Explanation:
Confidentiality ensures that data cannot be read by unauthorized individuals while stored or in transit.

Answer 77

A

B. 1 Recon – 2 Weaponize – 3 Deliver – 4 Exploit – 5 Control – 6 Execute – 7 Maintain

Explanation:
The proper order is as follows: 1 Recon– 2 Weaponize– 3 Deliver– 4 Exploit– 5 Control– 6 Execute– 7 Maintain.

Answer 78

A

C. PCI-DSS

Explanation:
PCI-DSS, or the Payment Card Industry Data Security Standard is the industry standard Gary’s company will need to comply with. ISO27001 and 27002 are information security management standards. FIPS 140 is a standard for cryptographic modules.

Answer 79

A

B. Preventing an unpatched laptop from being exploited immediately after connecting to the network

Explanation:
B. A post-admission philosophy allows or denies access based on user activity after connection. Since this doesn’t check the status of a machine before it connects, it can’t prevent the exploit of the system immediately after connection. This doesn’t preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won’t handle system checks before the systems are admitted to the network.

Answer 80

A

B. Implicit deny

Explanation:
The principle of implicit denial states that any action that is not explicitly allowed is denied. This is an important concept for firewall rules and other access control systems.
Implementing least privilege ensures that subjects have only the rights they need to accomplish their job. While explicit deny and final rule fall-through may sound like important access control concepts, neither is.

Answer 81

A

B. Web defacement

Explanation:
Risks are the combination of a threat and a vulnerability. Threats are the external forces seeking to undermine security, such as the hacker in this case. Vulnerabilities are the internal weaknesses that might allow a threat to succeed. In this case, web defacement is the risk. In this scenario, if the hacker attempts a SQL injection attack (threat) against the unpatched server (vulnerability), the result is website defacement (risk).

Answer 82

A

D. A KPI

Explanation:
The mean time to detect a compromise is a security KPI, or key performance indicator. KPIs are used to determine how effective practices, procedures, and staff are.

Answer 83

A

A. Statistical sampling.

Explanation:
A. Val can use statistical sampling techniques to choose a set of records for review that are representative of the entire day’s data. Clipping chooses only records that exceed a set threshold, so it is not a representative sample. Choosing records based on the time they are recorded may not produce a representative sample because it may capture events that occur at the same time each day and miss many events that simply don’t occur during the chosen time period.

Answer 84

A

D. Fiber optic

Explanation:
Fiber-optic cable is more expensive and can be harder to install than stranded copper cable or coaxial cable in some cases, but it isn’t susceptible to electromagnetic interference (EMI). That makes it a great solution for Jen’s problem, especially if she is deploying EMI-hardened systems to go with her EMI-resistant network cables.

Answer 85

A

D. Request control

Explanation:
The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analyses, and developers can prioritize tasks.

Answer 86

A

B. Change control

Explanation:
B. Change control provides an organized framework within which multiple developers can create and test solutions prior to rolling them out into a production environment.

Answer 87

A

C. Release control

Explanation:
C. Release control includes acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.

Answer 88

A

A. Configuration control

Explanation:
Configuration control ensures that changes to software versions are made in accordance with the change control and configuration management process. Updates can be made only from authorized distributions in accordance with those policies.

Answer 89

A

B. Salt reuse

Explanation:
Ben is reusing his salt. When the same salt is used for each hash, all users with the same password will have the same hash, and the attack can either attempt to steal the salt or may attempt to guess the salt by targeting the most frequent hash occurrences based on commonly used passwords. Short salts are an issue, but the salts used here are 32 bytes (256 bits) long. There is no salting algorithm used or mentioned here; salt is an added value for a hash, and plaintext salting is a made-up term.

Answer 90

A

B. Purchasing insurance

Explanation:
Risk transference involves actions that shift risk from one party to another. Purchasing insurance is an example of risk transference because it moves risk from the insured to the insurance company.

Answer 91

A

C. OCSP

Explanation:
C. The Online Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 92

A

B. A CASB

Explanation:
A cloud access security broker is a tool that sits between on-premises and cloud systems, monitoring traffic and enforcing security policies. This scenario exactly matches what a CASB is designed to do. The other answers were made up; none of these is an actual cloud security device or tool (at least as of the writing of this book!).

Answer 93

A

B. It uses a handshake.

Explanation:
TCP’s use of a handshake process to establish communications makes it a connection-oriented protocol. TCP does not monitor for dropped connections, nor does the fact that it works via network connections make it connection-oriented.

Answer 94

A

A. Gamification

Explanation:
Gamification uses common components from games like points, scores, and competition to engage participants in a security awareness program. None of the other answers uses these together unless they use a gamification component.

Answer 95

A

C. Impact

Explanation:
C. The two most important elements of a qualitative risk assessment are determining the probability and impact of each risk upon the organization. Likelihood is another word for probability. Cost should be taken into account but is only one element of impact, which also includes reputational damage, operational disruption, and other ill effects.

Answer 96

A

B. A frame

Explanation:
B. When a message reaches the Data Link layer, it is called a frame. Data streams exist at the Application, Presentation, and Session layers, whereas segments and datagrams exist at the Transport layer (for TCP and UDP, respectively).

Answer 97

A

A. Revocation of certification

Explanation:
A. If the (ISC)2 peer review board finds that a certified individual has violated the (ISC)2 Code of Ethics, the board may revoke their certification. The board is not able to terminate an individual’s employment or assess financial penalties.

Answer 98

A

D. The waterfall methodology is compatible with the SDLC.

Explanation:
SDLC approaches include steps to provide operational training for support staff as well as end-user training. The SDLC may use one of many development models, including the waterfall and spiral models. The SDLC does not mandate the use of an iterative or sequential approach; it allows for either approach.

Answer 99

A

A. Bell–LaPadula

Explanation:
The Bell–LaPadula model includes the Simple Security Property, which prevents an individual from reading information that is classified at a level higher than the individual’s security clearance.

Answer 100

A

C. A captive portal

Explanation:
Captive portals are designed to show a page that can require actions like accepting an agreement or recording an email address before connecting clients to the internet. NAC is designed to verify whether clients meet a security profile, which doesn’t match the needs of most coffee shops. A wireless gateway is a tool to access a cellular or other network, rather than a way to interact with users before they connect, and 802.11 is the family of IEEE wireless standards.

Answer 101

A

D. When they are off because the drive is fully encrypted

Explanation:
The files on the drive are at their most secure when the system is off and the drive is encrypted and not in a readable state. BitLocker decrypts files as needed when in use, meaning that any time after the system is booted files may be accessed, particularly if the user is logged in and access to the system can be gained or if malware is running.

Answer 102

A

C. IPsec

Explanation:
An IPsec VPN will allow Andrea to keep her networks running as layer 2 flattened networks when necessary while providing the security for her traffic that she wants. TLS operates at a higher network layer, although traffic could be tunneled through it. BGP is a routing protocol, and AES is an encryption algorithm.

Answer 103

A

A. They should use the same requirements as data over any public network.

Explanation:
Cellular networks have the same issues that any public network does. Encryption requirements should match those that the organization selects for other public networks like hotels, conference WiFi, and similar scenarios. Encrypting all data is difficult and adds overhead, so it should not be the default answer unless the company specifically requires it. WAP is a dated wireless application protocol and is not in broad use; requiring it would be difficult. WAP does provide TLS, which would help when in use.

Answer 104

A

D. Connect to his company’s encrypted VPN service.

Explanation:
D. Fred’s best option is to use an encrypted, trusted VPN service to tunnel all of his data usage. Trusted WiFi networks are unlikely to exist at a hacker conference, normal usage is dangerous due to the proliferation of technology that allows fake towers to be set up, and discontinuing all usage won’t support Fred’s business needs.

Answer 105

A

B. The phone cannot contact a network.

Explanation:
Remote wipe tools are a useful solution, but they work only if the phone can access either a cellular or WiFi network. Remote wipe solutions are designed to wipe data from the phone regardless of whether it is in use or has a passcode. Providers unlock phones for use on other cellular networks rather than for wiping or other feature support.

Answer 106

A

C. RTO

Explanation:
The goal of business continuity planning exercises is to reduce the amount of time required to restore operations. This is done by minimizing the recovery time objective (RTO).

Answer 107

A

C. COBIT

Explanation:
The COBIT, or Control Objectives for Information and related Technologies, framework describes common requirements that organizations should have in place for their information systems. It is the only audit or compliance framework on the list. ITSM is the acronym for Information Technology Service Management; CIS is the Center for Information Security, which provides guidelines for system security that can be used to assess systems but is not itself an audit framework; and ATT&CK is a framework for describing threats and attack methodologies.

Answer 108

A

B. 1, 3, 2, 4

Explanation:
B. The disaster recovery test types, listed in order of their potential impact on the business from the least impactful to the most impactful, are as follows: Checklist review Tabletop exercise Parallel test Full interruption test Checklist reviews are the least impactful type of exercise because they do not even require a meeting. Each team member reviews the checklist on their own. Tabletop exercises are slightly more impactful because they require bringing together the DR team in the same room. Parallel tests require the activation of alternate processing sites and require significant resources. Full interruption tests are the most impactful type of exercise because they involve shifting operations to the alternate site and could disrupt production activity.

Answer 109

A

C. Availability

Explanation:
Redundancy is part of many availability designs. Dual power supplies allow multiple levels of availability support; they allow you to connect servers to distinct power infrastructures and also provide the ability to run if a single power supply dies. Some servers are even set up to use more than two power supplies. Another approach to this type of availability is to use more systems, rather than more expensive systems with greater support for availability.

Answer 110

A

C. Recovery

Explanation:
The CISSP CBK uses a six-stage process: Detection, Response, Mitigation, Reporting, Recovery, and Remediation. This diagram is missing Recovery. Other standards differ, using different terms or slightly different processes.

Answer 111

A

B. Attackers may use XSS filter evasion techniques against this approach.

Explanation:
While removing the tag from user input, it is not sufficient, as a user may easily evade this filter by encoding the tag with an XSS filter evasion technique. Frank was correct to perform validation on the server rather than at the client, but he should use validation that limits user input to allowed values, rather than filtering out one potentially malicious tag.

Answer 112

A

A. An SLA

Explanation:
A service level agreement, or SLA, contains details about how the service will be provided, what level of outages or downtime is acceptable, and what remedies may exist in the case of outages or other issues. Megan should ensure that the SLA contains both appropriate performance guarantees and penalties that will be of sufficient magnitude to compensate her company for issues while motivating the service provider to maintain a reliable service. RPA is robotic process automation, an automation technology. NDA is a nondisclosure agreement, a legal document used to help control for the risk of information or data being exposed or shared. An MOU is a memorandum of understanding and is used when two organizations want to work together to document a shared vision or the goals they share.

Answer 113

A

C. BAA

Explanation:
HIPAA requires that anyone working with personal health information on behalf of a HIPAA-covered entity be subject to the terms of a business associates agreement (BAA).

Answer 114

A

A. Full interruption test

Explanation:
During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive. During a parallel test, the team actually activates the disaster recovery site for testing, but the primary site remains operational. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems.

Answer 115

A

D. A gateway

Explanation:
Ed’s best option is to install an IPv6 to IPv4gateway that can translate traffic between the networks. A bridge would be appropriate for different types of networks, whereas a router would make sense if the networks were similar. A modern switch might be able to carry both types of traffic but wouldn’t be much help translating between the two protocols.

Answer 116

A

D. The long-term support and patching model for the IoT devices may create security and operational risk for the organization.

Explanation:
Henry’s biggest concern should be the long-term security and supportability of the IoT devices. As these devices are increasingly embedded in buildings and infrastructure, the support model and security model are important to understand. Both the lack of separate administrative access and the lack of strong encryption can be addressed by placing the IoT devices on a dedicated subnet or network that prevents other users from accessing the devices directly. This will help limit the risk without undue expense or complexity and is a common practice. Finally, lack of storage space can be a concern, but is not the most important when looking at the risks IoT devices can create.

Answer 117

A

C. UDP

Explanation:
C. UDP, the User Datagram Protocol, is a connectionless, best-effort protocol that is often used when sending data quickly without strong requirements for reliability features like error correction and detection or flow control to make sense. TCP is connection-oriented and provides those and other reliability features. ICMP, the Internet Control Message Protocol, is used to check routes and paths as well as availability, but is not used for significant data transfer in normal cases. SNMP is a network management monitoring protocol.

Answer 118

A

B. Organizations must provide individuals with lists of employees with access to information.

Explanation:
The EU General Data Protection Regulation does not require that organizations provide individuals with employee lists.

Answer 119

A

B. Warm site

Explanation:
Tammy should choose a warm site. This type of facility meets her requirements for a good balance between cost and recovery time. It is less expensive than a hot site but facilitates faster recovery than a cold site. A red site is not a type of disaster recovery facility.

Answer 120

A

B. Transport

Explanation:
When data reaches the Transport layer, it is sent as segments (TCP) or datagrams (UDP). Above the Transport layer, data becomes a data stream, while below the Transport layer they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer.

Answer 121

A

D. 384 bits

Explanation:
The Advanced Encryption Standard supports encryption with 128-bit keys, 192-bit keys, and 256-bit keys.

Answer 122

A

D. API

Explanation:
D. An application programming interface (API) allows developers to create a direct method for other users to interact with their systems through an abstraction that does not require knowledge of the implementation details. Access to object models, source code, and data dictionaries also indirectly facilitate interaction but do so in a manner that provides other developers with implementation details.

Answer 123

A

B. Request a SOC 2 Type II report.

Explanation:
Ian’s best bet is an SOC report, and an SOC 2 Type II report will assess security controls and their application over time, telling him if the organization is responsibly maintaining their security efforts. An SOC 1 report looks at financial controls, and a Type I report only looks at how controls are described, not their application over time. Ian is unlikely to be allowed to run a vulnerability scan against a major provider’s infrastructure either internally or externally.

Answer 124

A

B. Authorization

Explanation:
The permissions granted on files in Linux designate what authorized users can do with those files—read, write, or execute. In the image shown, all users can read, write, and execute index.html , whereas the owner can read, write, and execute example.txt , the group cannot, and everyone can write and execute it.

Answer 125

A

The protocols match with the descriptions as follows: TCP: C. Transports data over a network in a connection-oriented fashion. UDP: D. Transports data over a network in a connectionless fashion. DNS: B. Performs translations between FQDNs and IP addresses. ARP: A. Performs translations between MAC addresses and IP addresses. The Domain Name System (DNS) translates human-friendly fully qualified domain names (FQDNs) into IP addresses, making it possible to easily remember websites and hostnames. ARP is used to resolve IP addresses into MAC addresses. TCP and UDP are used to control the network traffic that travels between systems. TCP does so in a connection-oriented fashion using the three-way handshake, while UDP uses connectionless “best-effort” delivery.

Brainscape's Knowledge GenomeTM

Chapter 12 Practice Test 4 (Sybex) Flashcards

Brainscape's Knowledge Genome^TM