Missed Test Questions Flashcards

Question

Hot Site

Answer 1

Type of alternate processing facility that contains a full complement of computing equipment in working order with copies of data ready to go

Answer 2

The Value of the **data** it holds or processes

Answer 3

- Remote node operation - Remote control - Screen scraping - Service specific

Answer 4

Create golden tickets Attackers can create golden tickets with access the the Kerberos Service Account (KRBTGT).

Answer 5

Smartcard - Synchronous dynamic tokens / asynchronous dynamic tokens create passwords - Authentication apps make PINs used as passwords

Answer 6

States that when an agreement between parties is put into written form, the written doc is assumed to contain all the terms of the agreement, and no verbal agreements may modify the written agreement

Answer 7

IEEE 802.1X provides port-based access control and is useful both on wired and wireless connections to block access to systems and users that are unknown or that fail authentication. It is a common companion to NAC implementations. A family of protocols that provides for wireless communications using radio frequency transmissions. Wireless networks based on this standard use either 2.4 GHz or 5 GHz frequencies to support communications. The wireless networks made possible by this standard are called Wi-Fi today.

Answer 8

NIDSs and NIPSs can both detect attacks using pattern-matching (also known as signature-based detection and knowledge-based detection). A NIPS is placed inline with traffic and can prevent attacks from reaching an internal network. While a NIDS can be placed inline with the traffic, it isn’t placed inline by default.

Answer 9

A VPN is not a network segmentation; it is a secured encapsulation tunnel used to connect networks (or network segments) together. Screened subnets, VLANs, and an internal segmentation firewalls (ISFW) are used to segment a network.

Answer 10

UDP 1812 and TCP 49 Only with these ports open on the firewall between the WAP and the intranet will wireless endpoints be able to authenticate via ENT to one of these AAA services.

Answer 11

**DREAD** **D**amage potential **R**eproducibility **E**xploitability **A**ffected users **D**iscoverability **STRIDE** - Elevation of privilege - Repudiation - Denial of Service

Answer 12

Seeks to iteratively produce new prototypes of a system during the development process.

Answer 13

Performing the attacks without management's consent You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management.

Answer 14

- Allow for multiple concurrent applications within a single container - Offer customization of interaction between applications in separate containers

Answer 15

1. Job rotation 2. Separation of duties 3. Mandatory vacations

Answer 16

Can include 2+ networks and allow users in each network to share network resources. Can provide SSO

Answer 17

1. Deterrent 2. Repellent 3. Notification

Answer 18

C. Selecting a standard like PCI DSS

Answer 19

Personnel can perform sanitization steps improperly. Sanitization can be unreliable because personnel can perform the purging, degaussing, or other processes improperly.

Answer 20

**Anonymization** techniques remove all data so that it is difficult to identify the original identities. When done correctly, the GDPR no longer applies. *Pseudonymization* is the process of replacing some data with an identifier, such as a pseudonym. An external dataset holds the original data along with the pseudonym. However, if applying pseudonymization techniques, the GDPR still applies.

Answer 21

Bureau of Industry and Security (BIS) within the Department of Commerce sets regulations on the export of encryption products outside of the United States.

Answer 22

- Hides internal IP addressing scheme - Shares a few public internet address with a large number of internal clients - Uses the private IP addresses from RFC 1918 on an internal network Does `NOT` prevent from brute-force attacks

Answer 23

It evaluates the environment and the situation and makes decisions to block traffic that is abnormal. A risk-based access control model can be coded to block malicious traffic from infected IoT devices.

Answer 24

Hardware devices used to prevent the accidental writing of data to media that was collected as evidence

Answer 25

- Giving a quiz at the end - Have workers take a test 6 months after - Collect key security indicators that relate to insider security incidents over time

Answer 26

Series When security restrictions are performed in a series, they are performed one after the other in a linear fashion. Therefore, a single failure of a security control does not render the entire solution ineffective. Multiple security controls are only important so you can use them in a series, rather than have only one protection.

Answer 27

RADIUS provides - **authentication**, - **authorization** - **accounting**

Answer 28

Avoid the modification of evidence during the collection process

Answer 29

D. 1433/open

Answer 30

B. Block access to personal email from the company network. F. Prohibit access to social networks on company equipment.

Answer 31

B. A VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services

Answer 32

® symbol is reserved for trademarks that **have received** official registration status by the U.S. Patent and Trademark Office.

Answer 33

The ™ symbol would be used **before** receiving USPTO approval.

Answer 34

The © symbol is used to represent a copyright.

Answer 35

The † symbol is not associated with intellectual property protections.

Answer 36

Root Cause Analysis

Answer 37

uses the OAuth framework (described in RFC 6749) and is maintained by the OpenID Foundation. RFC 6749 describes OAuth and is maintained by the Internet Engineering Task Force (IETF). authentication solution on a website allowing users to authenticate with a third party. The website doesn’t see or store the user’s credentials.

Answer 38

Evaluates whether every if statement has been executed under all if and else conditions.

Answer 39

Condition coverage tests whether every logical test in the code has been executed under all sets of input.

Answer 40

Function coverage verifies that every function in the code has been called and returned results.

Answer 41

Loop coverage verifies that every loop in the code has been executed under conditions that cause code execution multiple times, only once, and not at all.

Answer 42

There are numerous examples DCE IDL or frameworks, such as - remote procedure calls (RPC), - the Common Object Request Broker Architecture (CORBA), - and the Distributed Component Object Model (DCOM)

Answer 43

a documented set of best IT security practices crafted by ISACA and the IT Governance Institute (ITGI).

Answer 44

A TGT provides **proof** that a subject has **authenticated** with a key distribution center (KDC) and can **request network service access**. - The TGT does verify the existence of a user account, but it does much more. - It proves the user has authenticated and can request a ticket. - A **ticket** (not a ticket-granting ticket) is an encrypted message that proves a user can access an object.

Answer 45

M escaping occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS. - This is a serious concern that must be addressed before full deployment into production of this new infrastructure solution.

Answer 46

The distributed data model has data stored in more than one database, but the data is still logically connected. - The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.

Answer 47

a database feature that allows applications to communicate with different types of databases without having to be directly programmed for interaction with each type. - ODBC acts as a proxy between applications and backend database drivers, giving application programmers greater freedom in creating solutions without having to worry about the backend database system.

Answer 48

ABAC model can require user devices to meet specific requirements, such as being up-to-date with a current operating system. Commonly used for SDNs

Answer 49

an element of Internet Key Exchange (IKE), is used to organize and manage the encryption keys that have been generated and exchanged by OAKLEY and SKEME. - A security association is the agreed-on method of authentication and encryption used by two entities (a bit like a digital keyring). - ISAKMPs’ use of security associations is what enables IPsec to support **multiple simultaneous VPNs** from each host.

Answer 50

provides confidentiality and integrity of packet contents. ESP provides encryption and limited authentication, and prevents replay attacks.

Answer 51

an element of Internet Key Exchange (IKE), is a means of exchanging keys securely.

Answer 52

provides assurances of message integrity and nonrepudiation. - AH also provides authentication and access control, and prevents replay attacks.

Answer 53

C. Review a random sample of 20% of accounts

Answer 54

A. Split-response attack B. Cache poisoning D. DOM XSS

Answer 55

cause the client to download content and store it in the cache that was not an intended element of a requested web page. Once files have been poisoned in the cache, then even when a legitimate web document calls on a cached item, the malicious item will be activated.

Answer 56

is effectively a field-powered proximity device. - RFID does not use a magnet, but an antenna to generate current from a magnet field provided by an external source.

Answer 57

A. 443 While SQL injection attacks do target databases, they do so by using web servers as intermediaries. Therefore, SQL injection attacks take place over web ports, such as 80 and 443, and not database ports, such as 1433 and 1521.

Answer 58

network vulnerability scanning tool that searches systems for known vulnerabilities while minimizing damage caused during the assessment.

Answer 59

DevSecOps approach integrates software development, cybersecurity, and operations into a single approach where the teams work closely together.

Answer 60

may be used to synchronize the clocks of all devices in an organization with a centralized source, improving the ability to correlate log entries from different sources.

Answer 61

Type of security management that should include acquisitions, divestitures, and governance committees.

Answer 62

a security protocol that automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking.

Answer 63

C. Preponderance of the evidence

Answer 64

To identify security classifications for sensitive data and define the requirements to protect it. - Information classification processes will typically include requirements to **protect sensitive data** at rest (in backups and stored on media), but not requirements for backing up and storing all data.

Answer 65

B. Root accounts C. Service accounts - Regular user accounts and guest accounts aren’t granted elevated privileges.

Answer 66

is any facility that provides only the physical space for recovery operations while the organization using the space provides its own hardware and software systems. - backup facility is large enough to support current operational capacity and load but lacks the supportive infrastructure

Answer 67

removes controls from a list of controls from a suggested baseline.

Answer 68

Preventing Fraud

Answer 69

C. CSMA/CA - IEEE 802.11 wireless networks use Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA) to manage (technically avoid) collisions. Ethernet (IEEE 802.3) uses Carrier-Sense Multiple Access with Collision Detection (CSMA/CD). Token Ring networks used token passing. Polling is used by some mainframe systems.

Answer 70

B. ECDSA Elliptic Curve Digital Signature Algorithm (ECDSA) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation.

Answer 71

B. Flood - Most general business insurance and homeowner’s insurance policies do not provide any protection against the risk of flooding or flash floods. If floods pose a risk to your organization, you should consider purchasing supplemental flood insurance under FEMA’s National Flood Insurance Program.

Answer 72

A countermeasure primary affects the **annualized rate of occurrence (ARO)**, because the countermeasure is designed to prevent (or mitigate or reduce) the occurrence of the risk, thus reducing its frequency per year.

Answer 73

Familiarity or liking as a social engineering principle attempts to exploit a person’s native trust in that which is familiar. - This could include claiming to know a coworker even when that person doesn’t exist.

Answer 74

B. UTP - UTP is the least resistant to EMI because it is unshielded. STP is a shielded form of twisted pair that resists EMI. Fiber is not affected by terrestrial EMI. Wireless is not a cable, but it could be affected by EMI if the interference occurred in the wireless transmission frequencies.

Answer 75

A **playbook** is a document or checklist that defines steps taken to validate an incident and steps taken in response to an incident. A **runbook** implements the checklists from a playbook.

Answer 76

is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.

Answer 77

D. Outbound traffic with a source address outside the range 10.8.6.0/24 Although it is true that John would probably want to filter out all of these types of traffic for various reasons, he would be specifically interested in filtering out outbound traffic with an address not belonging to his network (10.8.6.0/24) to achieve his stated goal of stopping malicious hackers originating a DDoS attack from his network. The other options are all forms of false addressing or spoofing filtering, but they don’t address the issue in this scenario.

Answer 78

SOC 3 engagements assess the organization’s controls that affect the security and privacy of information stored in a system. The results of a SOC 3 audit are intended for public disclosure.

Answer 79

D. Replay attack In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then **later** replays the captured message to open a new session. Challenge-response protocols and the use of ephemeral session keys also provide protection against replay attacks.

Answer 80

ensures that a server provides authentication before the client provides authentication. - This prevents employees from revealing their credentials to rogue servers.

Answer 81

B. RAID C. UPS D. Dual power supplies E. Offsite backups of system images and snapshots H. Replication I. Clustering For this scenario, many different redundancy, resiliency, or uptime management options should be considered. This includes option B: Redundant array of inexpensive disks (RAID) to maintain data availability; option C: Uninterruptible power supply (UPS) to protect against power issues; option D: Dual power supplies to provide redundancy against power supply failures; option E: Offsite backups to provide a recovery path in the event of a major disaster’ option H: Replication to ensure multiple similar servers are hosting cloned material so that no matter which server is accessed the most current version of data is available; and option I: Clustering that is used to operate numerous servers as a collective to support a single or primary resource and provide high availability. The following options are incorrect for this scenario: option A: Full-disk encryption (FDE), though a good security practice, is not related to redundancy, resiliency, or uptime management; option F: Multifactor authentication (MFA), though a good security practice, is not related to redundancy, resiliency, or uptime management; and option G: Security information and event management (SIEM) is a centralized application to automate the monitoring of network systems, which a good security practice, but is not related to redundancy, resiliency, or uptime management.

Answer 82

Provides cloud-based assets to two or more organizations. - A cloud application has been deployed and shared among several organizations with similar concerns.

Answer 83

Used in the cloud Involves destroying the encryption key used to encrypt data, making it permanently inaccessible. - Mainly affects symmetric algos because losing the key means loosing the data

Answer 84

B. RSA Asymmetric algos are more computationally demanding. AES, Blowfish are symmetric. ECC is asymmetric but uses a smaller key size

Answer 85

What it covers: Internal controls for financial statements and reporting Who needs one: Orgs providing a service that can impact a client's financial statements Ex) Payroll providers, collections agencies

Answer 86

What it covers: Internal controls for security, confidentiality, processing integrity, privacy, and availability of customer data. Who needs one: Orgs that store, process, or transmit any kind of customer data Ex) SaaS companies, Cloud storage services, data hosting service

Answer 87

What it covers: SOC 2 results but tailored for a public / general audience Who needs one: Orgs that require a SOC 2 who want to use compliance for marketing to the general public

Answer 88

**Type I:** evaluate an organization’s controls at a single point in time. **Type II:** examines how well those controls perform over a period of time (typically 3-12 months).

Answer 89

Range from 0.0 to 10.0 with higher values indicating higher severity. If it is harder to exploit then it will lower the score

Answer 90

**Digital Signature** is basically an **encrypted hash** with the **sender's private key** - Takes a message - Hashes the message, to produce a cryptographic hash - encrypts the hash with the sender's private key - DS is sent along with plaintext message - When recieved, recv hashes the message - and then decodes the DS with the **sender's public key** - If you see that the decoded hash and the recv's hash **match** then you know that the sender is **authentic** AND the **message did not change** Ensures: - Nonrepudiation - Integrity

Answer 91

Aligning security with business objectives - over Compliance with industry standards

Answer 92

requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

Answer 93

B. Changing default passwords Changing default passwords on PBX systems provides the most effective increase in security. PBX systems typically do not support encryption, although some VoIP PBX systems may support encryption in specific conditions. PBX transmission logs may provide a record of fraud and abuse, but they are not a preventive measure to stop it from happening. Taping and archiving all conversations is also a detective measure rather than a preventive one against fraud and abuse.

Answer 94

is a standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear. It offers **no form of encryption**. It provides a means to transport the logon credentials from the client to the authentication server.

Answer 95

B. Detection C. Reporting D. Lessons learned Detection, reporting, and lessons learned are valid incident management steps. Prevention is done before an incident. Creating backups can help recover systems, but it isn’t one of the incident management steps. The seven steps (in order) are **detection, response, mitigation, reporting, recovery, remediation, and lessons learned**.

Answer 96

Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

Answer 97

1. They can conceal covert channels (and thus covert channels are allowed), 2. filters can be bypassed by traffic concealed in layered protocols, 3. and the logical boundaries put in place by network segments can be bypassed under some circumstances. Benefits: Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers.

Answer 98

occurs when the recipient of a message is able to demonstrate to a third party that the message came from the purported sender.

Answer 99

- The **Ready** state is used when a process is prepared to execute but the CPU is not available. - The **Running** state is used when a process is executing on the CPU. - The **Waiting** state is used when a process is blocked waiting for an external event. - The **Stopped** state is used when a process terminates.

Answer 100

C. Logic bomb The key to this question is that Lucas suspects the tampering took place before the employee departed. This is the signature of a logic bomb: malicious code that lies dormant until certain conditions are met. The other attack types listed here: privilege escalation, SQL injection, and remote code execution would more likely take place in real time.

Answer 101

D. Directory services The X.500 series of standards covers directory services. Kerberos is described in RFCs; biometric systems are covered by a variety of standards, including ISO standards; and provisioning standards include SCIM, SPML, and others.

Answer 102

A process that requires two people to perform a sensitive action

Answer 103

Service Provisioning Markup Language is an XML-based language designed to allow platforms to generate and respond to provisioning requests.

Answer 104

Simple Object Access Protocol a messaging protocol and could be used for any XML messaging but is not a markup language itself.

Answer 105

The right to be forgotten also known as the **right to erasure**, guarantees the data subject the ability to have their information removed from processing or use. It may be tied to consent given for data processing; if a subject revokes consent for processing, the data controller may need to take additional steps, including erasure.

Answer 106

Fiber Channel over Ethernet allows Fiber Channel communications over Ethernet networks, allowing existing high-speed networks to be used to carry storage traffic. This avoids the cost of a custom cable plant for a Fiber Channel implementation.

Answer 107

Multiprotocol label Switching, is used for high performance networking;

Answer 108

Diameter was designed to provide enhanced, modern features to replace RADIUS. Diameter provides better reliability and a broad range of improved functionality

Answer 109

The error message shown in the figure is the infamous “Blue Screen of Death” that occurs when a Windows system experiences a dangerous failure and enters a fail secure state. If the system had “failed open,” it would have continued operation. The error described is a memory fault that is likely recoverable by rebooting the system.

Answer 110

Cut and paste between virtual machines can bypass normal network-based data loss prevention tools and monitoring tools like an IDS or IPS. Thus, **it can act as a covert channel**, allowing the transport of data between security zones. So far, cut and paste has not been used as a method for malware spread in virtual environments and has not been associated with denial-of-service attacks. Cut and paste requires users to be logged in and does not bypass authentication requirements.

Answer 111

Nmap only scans 1000 TCP and UDP ports by default, including ports outside of the 0–1024 range of “well-known” ports. By using the defaults for nmap, Ben missed 64,535 ports.

Answer 112

A. VLAN hopping; use physically separate switches. VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won’t help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the problem if it’s on a port that must be allowed through.

Answer 113

provides the average amount of time before a device of that particular specification fails.

Answer 114

B. CSRF The anti-forgery state token exchanged during OAuth sessions is intended to prevent **cross-site request forgery**. This makes sure that the unique session token with the authentication response from Google’s OAuth service is available to verify that the user, not an attacker, is making a request. XSS attacks focus on scripting and would have script tags involved, SQL injection would have SQL code included, and XACML is the eXtensible Access Control Markup Language, not a type of attack.

Answer 115

**Type 2 (False Acceptance)** errors occur in biometric systems when an invalid subject is incorrectly authenticated as a valid user. In this case, nobody except the actual customer should be validated when fingerprints are scanned. **Type 1 (False Rejection)** errors occur when a valid subject is not authenticated; if the existing customer was rejected, it would be a Type 1 error

Answer 116

D. All of the above Any attempt to undermine the security of an organization or violation of a security policy is a security incident. Each of the events described meets this definition and should be treated as an incident.

Answer 117

C. A three-tier firewall design with at least one firewall A three-tier design separates three distinct protected zones and can be accomplished with a single firewall that has multiple interfaces. Single- and two-tier designs don’t support the number of protected networks needed in this scenario, while a four-tier design would provide a tier that isn’t needed.

Answer 118

The system administrators are acting in the roles of **data administrators** who grant access and will also act as **custodians** who are tasked with the day-to-day application of security controls. They are not acting as data owners who own the data itself. Typically, system administrators are delegated authority by system owners, such as a department head, and of course they are tasked with providing access to users.

Answer 119

C. PP Protection Profiles (PPs) specify the security requirements and protections that must be in place for a product to be accepted under the Common Criteria.

Answer 120

C. AES WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book, there have not been any practical real-world attacks against WPA2. DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

Answer 121

B. The MAC address, the network interface card’s manufacturer Machine Access Control (MAC) addresses are the hardware address the machine uses for layer 2 communications. The MAC addresses include an organizationally unique identifier (OUI), which identifies the manufacturer. MAC addresses can be changed, so this is not a guarantee of accuracy, but under normal circumstances you can tell what manufacturer made the device by using the MAC address.

Answer 122

B. Mishandling of drives by the third party Susan’s organization is limiting its risk by sending drives that have been sanitized before they are destroyed. This limits the possibility of a data breach if drives are mishandled by the third party, allowing them to be stolen, resold, or simply copied. The destruction of the drives will handle any issues with data remanence, while classification mistakes are not important if the drives have been destroyed. Data permanence and the life span of the data are not important on a destroyed drive.

Answer 123

C. Move the devices to a secured network segment The most reasonable choice presented is to move the devices to a secure and isolated network segment. This will allow the devices to continue to serve their intended function while preventing them from being compromised. All of the other scenarios either create major new costs or deprive her organization of the functionality that the devices were purchased to provide.

Answer 124

C. Verification The verification process is similar to the certification process in that it validates security controls. Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.

Answer 125

D. Air-gapping **Air-gaps** are physical separations between systems or devices that prevent communications or connections between them. This prevents network-based attacks and limits the ways that attackers could access the devices. **Store-and-forward** stores communications and send them after checking for errors. **In-band** administration occurs over existing interfaces or connections; **out-of-band** administration uses a separate network or management interface.

Answer 126

A. Information security C. Senior management D. Public affairs CSIRT representation normally includes at least representatives of senior management, information security professionals, legal representatives, public relations staff, human resources, and engineering/technical staff. Law enforcement personnel would not be included on such a team and would only be consulted as necessary.

Answer 127

D. Vendor In a serverless computing model, the vendor does not expose details of the operating system to its customers. Therefore, the vendor retains full responsibility for configuring it securely under the shared responsibility model of cloud computing.

Answer 128

**Service packs** are collections of **many** different updates that serve as a major update to an operating system or application. **Hotfixes, updates, and security fixes** are all synonyms for **single** patches designed to correct a single problem.

Answer 129

A. Heartbeat sensor Heartbeat sensors send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.

Answer 130

D. A system inventory A system inventory is most frequently used to associate individuals with systems or devices. This can help when tracking their support history and aids in provisioning the proper tools, permissions, and data to a system. Both barcode and RFID property tags are used to identify systems, which can then be checked against a system inventory. Finally, enterprise content management tools are used to manage files and data as part of workflows and other business processes.

Answer 131

C. SOC 2, Type 2 An SOC 2, Type 2 report includes information about a data center’s security, availability, processing integrity, confidentiality, and privacy, and includes an auditor’s opinion on the operational effectiveness of the controls. **SOC 3 does not have types**, and a SOC 2 Type 1 is only conducted at a point in time.

Answer 132

C. Export controls may limit what hardware can be imported to China. Hardware and software can be subject to import and export controls. In the case of AI computation hardware, there are specific limits on what can be exported to China, including limits on performance. Sharif needs to engage the appropriate experts to determine what can and cannot be exported. AI hardware is legal in China, dollar values are not typically the limiting factor for hardware import/export restrictions, and ethics are not a regulatory issue.

Answer 133

D. RAID 5 **RAID 5** is commonly used because it balances resilience and efficiency of storage space used by relying on distributed parity. **RAID 0** uses two disks as a single volume, allowing for an increase in speed but a decrease in reliability. In **RAID 1**, also known as disk mirroring, systems contain two physical disks. Each disk contains copies of the same data, and either one may be used in the event the other disk fails **RAID 3** is rarely used and uses byte-level striping and a dedicated parity disk.

Answer 134

D. Annually

Answer 135

C. Deploy and use a SIEM tool. A security information and event management (SIEM) tool is designed to provide automated analysis and monitoring of logs and security events. A SIEM tool that receives access to logs can help detect and alert on events such as logs being purged or other breach indicators. An IDS can help detect intrusions, but IDSs are not typically designed to handle central logs. A central logging server can receive and store logs but won’t help with analysis without taking additional actions. Syslog is simply a log format.

Answer 136

B. Patent Patents have the shortest duration of the techniques listed: at most, 20 years. Copyrights last for 70 years beyond the death of the author if owned by an individual, or 95 years from publication or 120 years from creation if owned by a corporation. Trademarks are renewable indefinitely, and trade secrets are protected as long as they remain secret.

Answer 137

C. Documenting the decision-making process In a risk acceptance strategy, the organization chooses to take no action other than documenting the risk. Purchasing insurance would be an example of risk transference. Relocating the data center would be risk avoidance. Reengineering the facility is an example of a risk mitigation strategy.

Answer 138

C. An HTML5-based VPN An HTML5-based VPN will provide Elle’s staff with access to the applications they need without requiring the installation of a client that might be challenging or impossible without managed machines. A client-based IPsec VPN provides additional opportunities for control that a broadly deployed base of directly accessed machines via RDP does not, making it the second-best choice here. Deploying fiber for direct connections for end users is not viable for most organizations based on cost and complexity.

Answer 139

C. A token Tokens are hardware devices (something you have) that generate a one-time password (OTP) based on time or an algorithm. They are typically combined with another factor like a password to authenticate users. CAC and PIV cards are U.S. government–issued smartcards.

Answer 140

B. APIs, UIs, and physical interfaces Application programming interfaces (APIs), user interfaces (UIs), and physical interfaces are all tested during the software testing process. Network interfaces are not typically tested, and programmatic interfaces are another term for APIs.

Answer 141

D. Release of a security patch Zero-day vulnerabilities remain in the dangerous zero-day category until the release of a patch that corrects the vulnerability. At that time, it becomes the responsibility of IT professionals to protect their systems by applying the patch. Implementation of other security controls, such as encryption or firewalls, does not change the nature of the zero-day vulnerability.

Answer 142

B. ATT&CK MITRE’s ATT&CK framework is broadly adopted by threat modeling and threat intelligence organizations and is used as a default model in many software packages and tools. The Diamond Model specifically addresses how to think about intrusions but does not address broader threats, and the other answers were made up for this question.

Answer 143

C. Identification and authentication Access control systems rely on identification and authentication to provide accountability. Effective authorization systems are desirable, but not required, since logs can provide information about who accessed what resources, even if access to those resources is not managed well. Of course, poor authorization management can create many other problems.

Answer 144

A. Separation of duties While developers may feel like they have a business need to be able to move code into production, the principle of separation of duties dictates that they should not have the ability to both write code and place it on a production server. The deployment of code is often performed by change management staff. Two-person control requires two individuals to perform an action to ensure appropriate oversight. Least privilege is the concept of only providing privileges required to perform a role, and job rotation moves individuals through job roles to ensure that different people perform tasks preventing an individual from exploiting their job function over time.

Answer 145

C. X.509 X.509 defines standards for public key certificates like those used with many smartcards. X.500 is a series of standards defining directory services. The Service Provisioning Markup Language (SPML) and the Security Assertion Markup Language (SAML) aren’t standards that Alex should expect to see when using a smartcard to authenticate.

Answer 146

D. RPO The **recovery point objective (RPO)** identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. The **recovery time objective (RTO)** is the amount of time expected to return an IT service or component to operation after a failure. The **maximum tolerable downtime (MTD)** is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization. **Service-level agreements (SLAs)** are written contracts that document service expectations.

Answer 147

A. Metasploit can only test vulnerabilities it has plug-ins for. Metasploit provides an extensible framework, allowing penetration testers to create their own exploits in addition to those that are built into the tool. Unfortunately, penetration testing can only cover the point in time when it is conducted. When conducting a penetration test, the potential to cause a denial of service due to a fragile service always exists, but it can test processes and policies through social engineering and operational testing that validates how those processes and policies work.

Answer 148

B. Highly privileged accounts The most frequent target of account management reviews are highly privileged accounts, as they create the greatest risk. Random samples are the second most likely choice. Accounts that have existed for a longer period of time are more likely to have a problem due to privilege creep than recently created accounts, but neither of these choices is likely unless there is a specific organizational reason to choose them.

Answer 149

C. Create rule The create rule allows a subject to create new objects and also creates an edge from the subject to that object, granting rights to the new object.

Answer 150

C. Threat intelligence feeds **CAPEC, or Common Attack Pattern Enumeration and Classification**, is a dictionary of known attack patterns. **STIX is the Structured Threat Information eXpression** language used to describe threats in a standardized way, and **TAXII, the Trusted Automated eXchange of Indicator Information**, defines how threat information can be shared and exchanged. All of these are examples of threat intelligence feed standards.

Answer 151

B. A background check **Background checks** are frequently performed to identify potential issues before hiring a new employee. They can identify a variety of concerns and are commonly used across many industries. **Nondisclosure agreements (NDAs)** are used during and after employment to protect confidential information. **Noncompetes** are used to prevent employees from working in a similar industry for a given period of time after departure. **COA, or certificate of authenticity**, is not used in employment situations.

Answer 152

A. User-owned mobile devices **Breach-and-attack simulation (BAS)** tools typically leverage SaaS platforms as well as software agents and virtual machines to perform simulated attacks, which they leverage to provide detailed reports about security issues and their relative risk levels.

Answer 153

B. PAT **Port address translation (PAT)** is used to allow a network to use any IP address set inside without causing a conflict with the public Internet. PAT is often confused with **network address translation (NAT)**, which maps one internal address to one external address. **IPsec** is a security protocol suite, **software-defined networking (SDN)** is a method of defining networks programmatically, and **IPX** is a non-IP network protocol.

Answer 154

C. Inode information leakage from a Linux system is a critical vulnerability allowing direct access to the filesystem using node references. While inode information leakage could represent a security concern, it does not pose the same immediate and direct risk as clickjacking, XSS vulnerabilities, or even the contextual importance of knowing the server’s operating system. Clickjacking and cross-site scripting are both important issues, and knowing that the server is a Linux server is also important.

Answer 155

A. The Transport layer When a data stream is converted into a segment (TCP) or a datagram (UDP), it transitions from the Session layer to the Transport layer. This change from a message sent to an encoded segment allows it to then traverse the Network layer.

Answer 156

A. Deploy a WAF. Deploying a web application firewall (WAF) may reduce the likelihood or impact of a web application vulnerability and is, therefore, a good example of risk mitigation. Encryption is also a risk mitigation control, but it is less likely be effective against a web application security flaw. Purchasing an insurance policy is an example of risk transference, not risk mitigation. Discontinuing use of the software is an example of risk avoidance, not risk mitigation.

Answer 157

B. ESP The **Encapsulating Security Payload (ESP)** protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

Answer 158

B. Data in use **Data in use** is data that is in a temporary storage location while an application or process is using it. Thus, data in memory is best described as data in use or ephemeral data. **Data at rest** is in storage, while **data in transit** is traveling over a network or other channel. **Data at large** is a made-up term.

Answer 159

A. Disable password expiration. Service accounts are commonly set to not have expiring passwords to **prevent service outages**. Organizations may choose to rotate passwords on a regular basis using automation tools as part of their password management strategy to help avoid issues with exposed or compromised service passwords. Disabling complexity requirements and setting a minimum password age are not commonly done for service accounts

Answer 160

A. Prevent the use of sudo su -. Ensure that users cannot bypass logging by switching to the root user using sudo su -. Instead, users who need the ability to perform privileged actions should be added to the sudoers list and then logged as themselves performing the actions. Adding all users is likely an overly broad action, whereas removing all users would not allow individual logging under their accounts, nor would they have rights to take administrative actions. Disabling sudo doesn’t allow administrative tasks except as root, which defeats this requirement as well.

Answer 161

1. Application Layer 2. Transport Layer 3. Internet Layer 4. Network Access Layer

Answer 162

D. Tagging Tags that include information about the life span of the data and when it has expired can help with life-cycle management processes, part of data maintenance for organizations. Tags can be as simple as timestamps, or they can include additional metadata like the data type, creator, or purpose that can help inform the retention and disposal process. Rotation of files like logs is commonly done to limit how much space they take up, but rotation itself does not address disposal requirements and information that would guide the disposal process. DRM, or digital rights management, and DLP, or data loss prevention, both address data security and use but not disposal.

Answer 163

D. iSCSI **Internet Small Computer Systems Interface (iSCSI)** is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.

Answer 164

A. Parameterization This code is an example of parameterization, which can help avoid SQL injection. Note that each parameter has a placeholder, which is then passed to the query.

Answer 165

D. Review its data classifications and classify the data appropriately When the value of data changes due to legal, compliance, or business reasons, reviewing classifications and reclassifying the data is an appropriate response. Once the review is complete, data can be reclassified and handled according to its classification level. Simply relabeling the data avoids the classification process and may not result in the data being handled appropriately. Similarly, selecting a new baseline or simply encrypting the data may not handle all of the needs that the changes affecting the data create.

Answer 166

C. SIPS SIPS, the secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure. SVOIP and PBSX are not real protocols, but SRTP is the secure version of RTP, the Real time Transport Protocol.

Answer 167

A. Application, Presentation, and Session Data streams are associated with the Application, Presentation, and Session layers. Once they reach the Transport layer, they become segments (TCP) or datagrams (UDP). From there, they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer.

Answer 168

D. Assurance Assurance, when it comes to software, is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. It is a term typically used in military and defense environments.

Answer 169

C. PHI Protected health information (PHI) is specifically defined by HIPAA to **include information about an individual’s medical bills**. PCI could refer to the payment card industry’s security standard but would apply only in relation to payment cards. PII is a broadly defined term for personally identifiable information, and personal billing data isn’t a broadly used industry term.

Answer 170

B. dd The Linux tool dd creates a bit-by-bit copy of the target drive that is well suited to forensic use, and special forensic versions of dd exist that can provide even more forensic features. Simply copying files using a tool like xcopy does not create a forensically sound copy. DBAN is a drive wiping tool and would cause Megan to lose the data she is seeking to copy. ImageMagick is a graphics manipulation and editing program.

Answer 171

Secure Copy Protocol (SCP), secure file transfer protocol.

Answer 172

A. This is an encrypted email message. The **S/MIME secure email format uses the P7S format** for encrypted email messages. If the recipient does not have a mail reader that supports S/MIME, the message will appear with an attachment named smime.p7s.

Answer 173

Windows systems will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254 if they cannot contact a DHCP server.

Answer 174

1. Detection 2. response, 3. mitigation, 4. reporting, 5.recovery, 6. remediation, and 7. lessons learned

Answer 175

B. Foreign key The tail number is a database field because it is stored in the database. It is also a primary key because the question states that the database uniquely identifies aircraft using this field. Any primary key is, by definition, also a candidate key. There is no information provided that the tail number is a foreign key used to reference a different database table.

Answer 176

A. Data owner The data owner is a senior manager who bears ultimate responsibility for data protection tasks. The data owner typically delegates this responsibility to one or more data custodians.

Answer 177

A. Detection Alejandro is in the first stage of the incident response process, detection. During this stage, the intrusion detection system provides the initial alert, and Alejandro performs preliminary triaging to determine if an intrusion is actually taking place and whether the scenario fits the criteria for activating further steps of the incident response process (which include response, mitigation, reporting, recovery, remediation, and lessons learned).

Answer 178

A. Enrollment Enrollment, or registration, is the initial creation of a user account in the provisioning process. Clearance verification and background checks are sometimes part of the process that ensures that the identity of the person being enrolled matches who they claim to be. Initialization is not used to describe the provisioning process.

Answer 179

B. Waterfall The waterfall model uses an approach that develops software sequentially, spending quite a bit of time up front on the development and documentation of requirements and design. The spiral and Agile models focus on iterative development and are appropriate when requirements are not well understood or iterative development is preferred. DevOps is an approach to integrating development and operations activities and is not an SDLC model.

Answer 180

B. Simulation Warren could use a survey or third-party assessment to evaluate the effectiveness of the campaign, but the best evidence would be provided by a phishing simulation where the organization measures user responses to simulated phishing attacks. Code reviews would not be useful in evaluating the effectiveness of antiphishing campaigns.

Answer 181

B. Software Quality Management In level 2, the Repeatable level of the SW-CMM, the organization introduces basic life-cycle management processes. Reuse of code in an organized fashion begins, and repeatable results are expected from similar projects. The crucial process areas for this level include Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance, and Software Configuration Management. Software Quality Management is a process that occurs during level 4, the Managed stage of the SW-CMM.

Answer 182

B. Irises don’t change as much as other factors. Iris scans have a longer useful life than many other types of biometric factors because they don’t change throughout a person’s life span (unless the eye itself is damaged). Iris scanners can be fooled in some cases by high-resolution images of an eye, and iris scanners are not significantly cheaper than other scanners.

Answer 183

B. 514 Syslog uses UDP port 514. TCP-based implementations of syslog use TCP port 601 when unencrypted and use TCP port 6514 when encrypted with TLS. The other ports may look familiar because they are commonly used TCP ports: 443 is HTTPS, 515 is the LPD print service, and 445 is used for Windows SMB.

Answer 184

B. System owner NIST SP 800-18 describes system owner responsibilities that include helping to develop system security plans, maintaining the plan, ensuring training, and identifying, implementing, and assessing security controls. A data owner is more likely to delegate these tasks to the system owner. Custodians may be asked to enforce those controls, whereas a user will be directly affected by them

Answer 185

D. None Modern recommendations from the National Institute of Standards and Technology (NIST) are that users should not be forced to change their passwords through the use of password expiration policies. More information on these recommendations can be found in NIST Special Publication (SP) 800-63B, “Digital Identity Guidelines.”

Answer 186

D. Repudiation and tampering Modification of audit logs will allow repudiation because the data cannot be trusted, and thus actions can be provably denied. The modification of the logs is also a direct example of tampering. It might initially be tempting to answer elevation of privileges and tampering, as the attacker made changes to files that should be protected, but this is an unknown without more information. Similarly, the attacker may have accessed the files, resulting in information disclosure in addition to tampering, but again, this is not specified in the question. Finally, this did not cause a denial of service, and thus that answer can be ignored.

Answer 187

A. Business logic errors Business logic errors are most likely to be missed by automated functional testing. If a complete coverage code test was conducted, runtime, input validation, and error handling issues are likely to have been discovered by automated testing. Any automated system is more likely to miss business logic errors, because humans are typically necessary to understand business logic issues.

Answer 188

B. Anomaly-based intrusion detection Anomaly-based intrusion detection systems may identify a zero-day vulnerability because it deviates from normal patterns of activity. Signature-based detection methods would not be effective because there are no signatures for zero-day vulnerabilities. Strong patch management would not be helpful because, by definition, zero-day vulnerabilities do not have patches available. Full-disk encryption would not detect an attack because it is not a detective control.

Answer 189

D. Remote journaling Remote journaling transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, typically hourly. Transaction logging is not a recovery technique alone; it is a process for generating the logs used in remote journaling. In an electronic vaulting approach, automated technology moves database backups from the primary database server to a remote site on a scheduled basis, typically daily. Remote mirroring maintains a live database server at the backup site and mirrors all transactions at the primary site on the server at the backup site.

Answer 190

B. Foreign key Foreign keys are used to create relationships between tables in a database. The database enforces referential integrity by ensuring that the foreign key used in a table has a corresponding record with that value as the primary key in the referenced table.

Answer 191

A. Remote attestation Remote attestation creates a hash value from the system configuration to confirm the integrity of the configuration. Binding and sealing are techniques used by the TPM to encrypt data. The random number generator (RNG) function of the TPM is used to support cryptographic operations.

Answer 192

C. The CA that issued the certificate Certificates may only be added to a certificate revocation list by the certificate authority that created the digital certificate.

Answer 193

B. Gamification D. Phishing simulations All of these techniques are valid components of a security awareness and training program. However, users generally find policy reviews and classroom training boring. Gamification and phishing simulations are designed to bring interactivity to the effort and make it more interesting and engaging for users.

Answer 194

A. Star Ethernet networks in modern organizations use a star topology, where each device is directly connected to the switch and receives only traffic intended for that device. This reduces the possibility of eavesdropping on other devices.

Answer 195

A. Encryption software U.S. export control laws contain special provisions around the use of encryption technology, and Evelyn should include details about the software used by her firm in the training. These regulations do not affect content filtering controls, firewall rules, or phishing simulations.

Answer 196

C. Remediation The remediation phase of incident handling focuses on conducting a root-cause analysis to identify the factors contributing to an incident and implementing new security controls, as needed.

Answer 197

C. Ben must have a conspicuously posted privacy policy on his site. The California Online Privacy Protection Act requires that commercial websites that collect personal information from users in California conspicuously post a privacy policy. The act does not require compliance with the EU GDPR, nor does it use the GDPR concepts of notice or choice, and it does not require encryption of all personal data.

Answer 198

C. Second floor Data centers should be located in the core of a building. Locating it on lower floors makes it susceptible to flooding and physical break-ins. Locating it on the top floor makes it vulnerable to wind and roof damage.

Answer 199

B. Preventing an unpatched laptop from being exploited immediately after connecting to the network A post-admission philosophy allows or denies access based on user activity after connection based on a predefined authorization matrix. Since this doesn’t check the status of a machine before it connects, it can’t prevent the exploit of the system immediately after connection. This doesn’t preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won’t handle system checks before the systems are admitted to the network.

Answer 200

D. A gateway Ed’s best option is to install an IPv6 to IPv4 gateway that can translate traffic between the networks. A bridge would be appropriate for different types of networks, whereas a router would make sense if the networks were similar. A modern switch might be able to carry both types of traffic but wouldn’t be much help translating between the two protocols.

Answer 201

D. A KPI The mean time to detect a compromise is a security KPI, or key performance indicator. KPIs are used to determine how effective practices, procedures, and staff are.

Answer 202

B. It provides proof that the subject is authorized to access an object. The service ticket in Kerberos authentication provides proof that a subject is authorized to access an object. Ticket granting services are provided by the TGS. Proof that a subject has authenticated and can request tickets to other objects and uses ticket-granting tickets, and authentication host is a made-up term.

Answer 203

A. Antenna placement, antenna type, antenna power levels Antenna placement, antenna design, and power levels are the three important factors in determining where a signal can be accessed and how usable it is. A captive portal can be used to control user logins, and antenna design is part of antenna types. The FCC does provide maximum broadcast power guidelines but does not require a minimum power level.

Answer 204

C. IPsec An IPsec VPN will allow Andrea to keep her networks running as layer 2 flattened networks when necessary while providing the security for her traffic that she wants. TLS operates at a higher network layer, although traffic could be tunneled through it. BGP is a routing protocol, and AES is an encryption algorithm.

Answer 205

D. Authentication Header The Authentication Header provides authentication, integrity, and nonrepudiation for IPsec connections. The Encapsulating Security Payload provides encryption and thus provides confidentiality. It can also provide limited authentication. L2TP is an independent VPN protocol, and Encryption Security Header is a made-up term.

Answer 206

A. ABAC An attribute-based access control (ABAC) system will allow Susan to specify details about subjects, objects, and access, allowing granular control. Although a rule-based access control system (RBAC) might allow this, the attribute-based access control system can be more specific and thus is more flexible. Discretionary access control (DAC) would allow object owners to make decisions, and mandatory access controls (MACs) would use classifications; neither of these capabilities was described in the requirements.

Answer 207

C. 65,536 TCP and 65,536 UDP ports Both TCP and UDP port numbers are a 16-digit binary number, which means there can be 216 ports, or 65,536 ports, numbered from 0 to 65,535.

Answer 208

A. They can provide attackers with an unsecured network path into your network. Organizations are most often concerned about hotspots creating an unsecured network connection into their secure network via laptops or other devices that are connected to them. Bridging a cellular connection to a network connection to the business’s network creates a path that bypasses security controls. Hotspots could be used as rogue access points, but this is a less common scenario. They do not specifically allow wireless data to be intercepted and, in most modern implementations, are encrypted, thus limiting the likelihood of sniffing providing useful data.

Answer 209

A. RAID 0 RAID level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.

Answer 210

A. Stored procedures B. Escaping all user-supplied input C. Parameterized queries D. Input validation All of these options are useful to help prevent SQL injection. Stored procedures limit what can be done via the database server, and escaping user input makes dangerous characters less likely to be a problem. Parameterized queries limit what can be sent in a query, and input validation adds another layer of protection by limiting what can be successfully input by a user.

Answer 211

C. OCSP The Online Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 212

C. Its TGT. The client sends its existing valid TGT to the KDC and requests access to the resourc

Answer 213

B. To allow any flaws with the patch to be identified Many organizations delay patches for a period of time to ensure that any previously unidentified flaws are found before the patches are installed throughout their organization. Melissa needs to balance business impact against security in her role and may choose to support this or to push for more aggressive installation practices depending on the organization’s risk tolerance and security needs.

Answer 214

D. The long-term support and patching model for the IoT devices may create security and operational risks for the organization. Henry’s biggest concern should be the long-term security and supportability of the IoT devices. As these devices are increasingly embedded in buildings and infrastructure, the support model and security model are important to understand. Both the lack of separate administrative access and the lack of strong encryption can be addressed by placing the IoT devices on a dedicated subnet or network that prevents other users from accessing the devices directly. This will help limit the risk without undue expense or complexity and is a common practice. Finally, lack of storage space can be a concern but is not the most important when looking at the risks IoT devices can create.

Answer 215

B. Gaining access Once additional tools have been installed, penetration testers will typically use them to gain additional access. From there they can further escalate privileges, search for new targets or data, and, once again, install more tools to allow them to pivot further into infrastructure or systems.

Answer 216

B. End of support The end of support of a device or product typically occurs after the end of life and end of sales. Support may continue for a period of months or even years, but eventually support stops too. General availability is found during the main part of a life cycle, rather than at the end, and helps note when the product is out of testing and can be acquired or used by customers or others instead of specific groups like beta testers or early release partners.

Answer 217

C. A software-defined network Software-defined networking provides a network architecture that can be defined and configured as code or software and separates routing processes from packet switching while centralizing control. The 5-4-3 rule is an old design rule for networks that relied on repeaters or hubs. A converged network carries multiple types of traffic like voice, video, and data. A hypervisor-based network may be software defined, but it could also use traditional network devices running as virtual machines.

Answer 218

D. No access The principle of least privilege should guide Joe in this case. He should apply no access permissions by default and then give each user the necessary permissions to perform their job responsibilities. Read only, editor, and administrator permissions may be necessary for one or more of these users, but those permissions should be assigned based upon business need and not by default.

Answer 219

A. Retina scans can reveal information about medical conditions. Retina scans can reveal additional information, including high blood pressure and pregnancy, causing privacy concerns. Newer retina scans don’t require a puff of air, and retina scanners are not the most expensive biometric factor. Their false positive rate can typically be adjusted in software, allowing administrators to adjust their acceptance rate as needed to balance usability and security.

Answer 220

B. Two RAID level 1, also known as disk mirroring, uses a minimum of two disks that contain identical information. If one disk fails, the other contains the data needed for the system to continue operation.

Answer 221

C. Infiniband over Ethernet Infiniband over Ethernet is commonly used for purposes like this, allowing direct memory access over Ethernet while providing high bandwidth and low latency. iSCSI is used for storage, VoIP is used for telephony, and Compute Express Link (CXL) is used for CPU to device and CPU to memory connections.

Answer 222

B. Cookies C. URL rewriting Common session management techniques include the use of cookies, hidden form fields, URL rewriting, and built-in frameworks like Java’s HTTPS session. IP tracking may be included in session information but is not itself a complete session identifier, and TLS token binding is used to make TLS sessions more secure, not to provide session identification.

Answer 223

B. Resource capacity agreement A resource capacity agreement is the most appropriate for Chas’s concern, as it specifically addresses the availability of resources in a disaster scenario. This type of agreement ensures that the cloud provider has sufficient resources to meet the needs of their clients, even in the event of multiple simultaneous disasters. It directly tackles the issue of resource allocation and availability, which is Chas’s primary concern. In contrast, a nondisclosure agreement is more about confidentiality and doesn’t address resource capacity. A mutual assistance agreement typically involves agreements between organizations for support during emergencies but doesn’t guarantee specific resource availability. A business partnership agreement is broader and may not specifically cover the detailed aspects of resource availability in disaster scenarios.

Answer 224

B. DAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibility Discretionary access control (DAC) can provide greater scalability by leveraging many administrators, and those administrators can add flexibility by making decisions about access to their objects without fitting into an inflexible mandatory access control system (MAC). MAC is more secure due to the strong set of controls it provides, but it does not scale as well as DAC and is relatively inflexible in comparison.

Answer 225

C. Bank PCI DSS is a standard promulgated by the Payment Card Industry Security Standards Council (PCI SSC) but is enforced through contractual relationships between merchants and their banks. Therefore, the bank would be the appropriate entity to initiate an investigation under PCI DSS. Local and federal law enforcement agencies (such as the FBI) could decide to pursue a criminal investigation if the circumstances warrant it, but they do not have the authority to enforce PCI DSS requirements.

Answer 226

B. Step 2 PCI DSS provides a set of required security controls and standards. Step 2 would be guided by the requirements of PCI DSS. PCI DSS will not greatly influence step 1 because all of the systems handle credit card information, making PCI DSS apply to all systems covered. Steps 3 and 4 will be conducted after PCI DSS has guided the decisions in step 2.

Answer 227

C. Standard contractual clauses The European Union provides standard contractual clauses that may be used to facilitate data transfer. That would be the best choice in a case where two different companies are sharing data. If the data was being shared internally within a company, binding corporate rules would also be an option. The EU/U.S. Privacy Shield was a safe harbor agreement that would previously have allowed the transfer but is no longer valid.

Answer 228

D. Economic Espionage Act The Economic Espionage Act imposes fines and jail sentences on anyone found guilty of stealing trade secrets from a U.S. corporation. It gives true teeth to the intellectual property rights of trade secret owners. Copyright law does not apply in this situation because there is no indication that the information was copyrighted. The Lanham Act applies to trademark protection cases. The Glass-Steagall Act was a banking reform act that is not relevant in this situation.

Answer 229

C. Double NATing is not possible using the same IP range. Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the Internet, and changing to PAT would not fix the issue.

Answer 230

C. Dedicated towers and antennas for secure service subscribers While security features vary from provider to provider, encryption, device-based authentication (for example, using certificates), and SIM-based authentication are all common options for 4G connectivity solutions. Joanna should work with her provider to determine what capabilities are available and assess whether they meet her needs.

Answer 231

D. Cut-through switching Cut-through switching forwards packets as soon as the destination address is known without waiting for the rest of the frame to arrive. This means that packets are not checked for integrity before being forwarded, optimizing throughput and reducing latency at the expense of error checking. Store-and-forward waits for the entire frame to allow it to be checked using a cyclic redundancy check (CRC) before forwarding it. Blind and forward switching were made up for this question.

Answer 232

D. Validation Once a vulnerability scanner identifies a potential problem, validation is necessary to verify that the issue exists. Reporting, patching, or other remediation actions can be conducted once the vulnerability has been confirmed.

Answer 233

A. MFA Requiring multifactor authentication (MFA) is a common security measure used to prevent unauthorized access to an account in case of password loss or exposure. SSO allows the use of an account throughout systems or services. Federation connects different organizations together, allowing the use of credentials between trusted partners, and password rotation can help, but lost passwords remain dangerous until the rotation happens allowing days, weeks, or even months of potential vulnerable time.

Answer 234

B. SCADA Supervisory control and data acquisition (SCADA) systems are used to control and gather data from industrial processes. They are commonly found in power plants and other industrial environments.

Answer 235

C. The database would roll back the transaction, ignoring the results of both commands. A database failure in the middle of a transaction causes the rollback of the entire transaction. In this scenario, the database would not execute either command because doing so would violate the atomicity property of the transaction.

Answer 236

D. Surveys Most organizations use surveys to assess security awareness. Phishing simulators are also frequently used, but only test awareness of phishing issues and techniques, not general security awareness. Gamified applications are continuing to grow in popularity, but the ease of use and availability of surveys make them the most popular. Finally, assessment tests may be used when compliance knowledge assessments are required to meet a specific standard, but testing is not as common as surveying.

Answer 237

A. An awareness campaign about trusted third parties While many solutions are technical, if a trusted third party redirects to an unexpected authentication site, awareness is often the best defense. Using TLS would keep the transaction confidential but would not prevent the redirect. Handling redirects locally works only for locally hosted sites, and using a third-party service requires off-site redirects. An IPS might detect an attacker’s redirect, but tracking the multitude of load-balanced servers most large providers use can be challenging, if not impossible. In addition, an IPS relies on visibility into the traffic, and SAML integrations should be encrypted for security, which would require a man-in-the-middle type of IPS to be configured.

Answer 238

D. Encryption software The export of encryption software to certain countries is regulated under U.S. export control laws. Memory chips, office productivity applications, and hard drives are less likely to be covered by these regulations, unless they contain hardware dedicated to encryption.

Answer 239

A. Serial number The certificate revocation list contains the serial numbers of digital certificates issued by a certificate authority that have later been revoked.

Answer 240

B. Implementing RAID RAID technology provides fault tolerance for hard drive failures and is an example of a business continuity action. Restoring from backup tapes, relocating to a cold site, and restarting business operations are all disaster recovery actions.

Answer 241

D. Preaction A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Answer 242

C. Electronic vaulting In an electronic vaulting approach, automated technology moves database backups from the primary database server to a remote site on a scheduled basis, typically daily. Transaction logging is not a recovery technique alone; it is a process for generating the logs used in remote journaling. Remote journaling transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, typically hourly. Remote mirroring maintains a live database server at the backup site and mirrors all transactions at the primary site on the server at the backup site.

Missed Test Questions Flashcards

(270 cards)