Practice Test 1 Flashcards by Maria Smith

What is the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm?

A. 256 bits

B. 512 bits

C. 1,024 bits

D. 2,048 bits

A. 256 bits

Explanation

The Advanced Encryption Standard (AES) supports the use of encryption keys that are 128 bits, 192 bits, or 256 bits in length.

How well did you know this?

Not at all

Perfectly

Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer‐grade wireless router and a cable modem connected via a commercial cable data contract.

After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?

A. The password is shared by all users, making traffic vulnerable.

B. A malicious user has installed a Trojan on the router.

C. A user has ARP spoofed the router, making all traffic broadcast to all users.

D. Open networks are unencrypted, making traffic easily sniffable.

Explanation

Unencrypted open networks broadcast traffic in the clear. This means that unencrypted sessions to websites can be easily captured with a packet sniffer. Some tools like FireSheep have been specifically designed to capture sessions from popular websites. Fortunately, many now use TLS by default, but other sites still send user session information in the clear. Shared passwords are not the cause of the vulnerability, ARP spoofing isn’t an issue with wireless networks, and a Trojan is designed to look like safe software, not to compromise a router.

How well did you know this?

Not at all

Perfectly

Ben intends to run an open (unencrypted) wireless network for guests to his organization’s facilities. What approach should he take to connect his business devices to a wireless network?

A. Run WPA3 on the same SSID.

B. Set up a separate SSID using WPA3.

C. Run the open network in Enterprise mod.

D. Set up a separate wireless network using WEP.

B. Set up a separate SSID using WPA3.

Explanation

Many modern wireless routers can provide multiple SSIDs. Ben can create a private, secure network for his business operations, but he will need to make sure that the customer and business networks are firewalled or otherwise logically separated from each other. Running WPA3 on the same SSID isn’t possible without creating another wireless network and would cause confusion for customers (SSIDs aren’t required to be unique). Running a network in Enterprise mode isn’t used for open networks, and WEP is outdated and incredibly vulnerable.

How well did you know this?

Not at all

Perfectly

Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create?

A. A shortcut trust

B. A forest trust

C. An external trust

D. A realm trust

Explanation

Kerberos uses realms, and the proper type of trust to set up for an Active Directory environment that needs to connect to a K5 domain is a realm trust.
A shortcut trust is a transitive trust between parts of a domain tree or forest that shortens the trust path, a forest trust is a transitive trust between two forest root domains, and an external trust is a nontransitive trust between AD domains in separate forests.

Kerberos realm trusts support secure cross-domain interactions is key!

How well did you know this?

Not at all

Perfectly

What’s Kerberos Realm Trusts (K5 Realm Trust)

Kerberos realm trusts support secure cross-domain interactions.

Kerberos is a network authentication protocol that uses tickets for secure communications between clients and services. In the context of Kerberos Realm Trusts (K5 Realm Trust), it typically refers to the trust relationships established between two Kerberos realms. These trusts allow for secure and authenticated access across different realms within the Kerberos infrastructure. Here’s an outline:

Key Concepts of K5 Realm Trusts:
Kerberos Realm: A Kerberos realm is an administrative domain within which all users, applications, and systems are trusted by a central authority called the Key Distribution Center (KDC). Realms often correspond to organizational or geographic boundaries.

Realm Trust: A trust relationship between two Kerberos realms allows users from one realm to securely access resources in another. This is useful in environments where collaboration across organizational units or domains is needed.

One-Way vs. Two-Way Trusts:

One-Way Trust: Realm A trusts Realm B, but the reverse is not necessarily true.

Two-Way Trust: Both realms trust each other, allowing bidirectional access.

Authentication Process in Trusted Realms: When a user from one realm attempts to access resources in another realm, the trust relationship allows the user’s ticket to be validated by the destination realm’s KDC. The process includes:

Cross-realm authentication, where the user’s credentials are verified across realms.

Ticket granting that allows secure access to the requested resource.

How well did you know this?

Not at all

Perfectly

Tell me the relationship between Kerberos realm trust, AD, Shortcut trusts, Forest Trust, External Trusts

Kerberos realm trusts and these Active Directory trust types share a similar principle: they establish a trust boundary for secure, cross-domain authentication. In essence:

Shortcut trusts work within forests to reduce Kerberos ticket verification hops.

Forest trusts expand Kerberos authentication across multiple forests, creating interoperability.

External trusts bridge isolated domains or non-Active Directory environments using Kerberos for secure access.

How well did you know this?

Not at all

Perfectly

Which one of the following is typically considered a business continuity task?

A. Business impact assessment

B. Alternate facility selection

C. Activation of cold sites

D. Restoration of data from backup

A. Business impact assessment

Explanation

Developing a business impact assessment is an integral part of the business continuity planning effort. The selection of alternate facilities, activation of those facilities, and restoration of data from backup are all disaster recovery tasks.

How well did you know this?

Not at all

Perfectly

How many possible keys exist in a cryptographic algorithm that uses 6‐bit encryption keys?

A. 12

B. 16

C. 32

D. 64

Explanation

Binary keyspaces contain a number of keys equal to 2 raised to the power of the number of bits. Two to the sixth power is 64, so a 6‐bit keyspace contains 64 possible keys. The number of viable keys is usually smaller in most algorithms because of the presence of parity bits and other algorithmic overhead or security issues that restrict the use of some key values.

How well did you know this?

Not at all

Perfectly

Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?

A. Identity as a service

B. Employee ID as a service

C. Intrusion detection as a service

D. OAuth

A. Identity as a service

Explanation

Identity as a service (IDaaS) provides an identity platform as a third‐party service. This can provide benefits, including integration with cloud services and removing overhead for maintenance of traditional on‐premise identity systems but can also create risk because of third‐party control of identity services and reliance on an offsite identity infrastructure.

How well did you know this?

Not at all

Perfectly

Which one of the following is normally used as an authorization tool?

A. ACL

B. Token

C. Username

D. Password

A. ACL

Explanation

Access control lists (ACLs) are used for determining a user’s authorization level. Usernames are identification tools. Passwords and tokens are authentication tools.

How well did you know this?

Not at all

Perfectly

Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data?

A. 0

B. 1

C. 2

D. 3

B. 1

Explanation

RAID level 5 is also known as disk striping with parity. It uses three or more disks, with one disk containing parity information used to restore data to another disk in the event of failure. When used with three disks, RAID 5 is able to withstand the loss of a single disk.

How well did you know this?

Not at all

Perfectly

Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device is Fred’s best choice?

A. A switch

B. A bridge

C. A gateway

D. A router

Explanation

Fred should choose a router. Routers are designed to control traffic on a network while connecting to other similar networks. If the networks are very different, a bridge can help connect them. Gateways are used to connect to networks that use other protocols by transforming traffic to the appropriate protocol or format as it passes through them. Switches are often used to create broadcast domains and to connect endpoint systems or other devices.

How well did you know this?

Not at all

Perfectly

When Chris verifies an individual’s identity and adds a unique identifier like a user ID to an identity system, what process has occurred?

A. Identity proofing

B. Registration

C. Directory management

D. Session management

B. Registration

Explanation

Registration is the process of adding a user to an identity management system. This includes creating their unique identifier and adding any attribute information that is associated with their identity. Proofing occurs when the user provides information to prove who they are. Directories are managed to maintain lists of users, services, and other items. Session management tracks application and user sessions.

How well did you know this?

Not at all

Perfectly

Which of the following statements is true about heuristic‐based antimal‐ware software?

A. It has a lower false positive rate than signature detection.

B. It requires frequent definition updates to detect new malware.

C. It has a higher likelihood of detecting zero‐day exploits than signature detection.

D. It monitors systems for files with content known to be viruses.

C. It has a higher likelihood of detecting zero‐day exploits than signature detection.

Explanation

Heuristic‐based antimalware software has a higher likelihood of detecting a zero‐day exploit than signature‐based methods. Heuristic‐based software does not require frequent signature updates because it does not rely upon monitoring systems for the presence of known malware. The trade‐off with this approach is that it has a higher false positive rate than signature detection methods.

How well did you know this?

Not at all

Perfectly

Susan’s organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute‐force attacks?

A. Change maximum age from 1 year to 180 days.

B. Increase the minimum password length from 8 characters to 16 characters.

C. Increase the password complexity so that at least three character classes (such as uppercase, lowercase, numbers, and symbols) are required.

D. Retain a password history of at least four passwords to prevent reuse.

B. Increase the minimum password length from 8 characters to 16 characters.

Explanation

Password complexity is driven by length, and a longer password will be more effective against brute‐force attacks than a shorter password. Each character of additional length increases the difficulty by the size of the potential character set (for example, a single lowercase character makes the passwords 26 times more difficult to crack). While each of the other settings is useful for a strong password policy, they won’t have the same impact on brute‐force attacks.

How well did you know this?

Not at all

Perfectly

In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use?

A. Public cloud

B. Private cloud

C. Community cloud

D. Shared cloud

C. Community cloud

Explanation

In the community cloud computing model, two or more organizations pool their resources to create a cloud environment that they then share.

How well did you know this?

Not at all

Perfectly

In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer’s exclusive use?

A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Shared cloud

B. Private cloud

Explanation

In the private cloud computing model, the cloud computing environment is dedicated to a single organization and does not follow the shared tenancy model. The environment may be built by the company in its own data center or built by a vendor at a co‐location site.

How well did you know this?

Not at all

Perfectly

How many possible keys exist when using a cryptographic algorithm that has an 8‐bit binary encryption key?

A. 16

B. 128

C. 256

D. 512

C. 256

Explanation

Binary keyspaces contain a number of keys equal to 2 raised to the power of the number of bits. Two to the eighth power is 256, so an 8‐bit keyspace contains 256 possible keys.

How well did you know this?

Not at all

Perfectly

Kolin is searching for a network security solution that will allow him to help reduce zero‐day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?

A. A firewall

B. A NAC system

C. An intrusion detection system

D. Port security

B. A NAC system

Explanation

Network access control (NAC) systems can be used to authenticate users and then validate their system’s compliance with a security standard before they are allowed to connect to the network. Enforcing security profiles can help reduce zero‐day attacks, making NAC a useful solution. A firewall can’t enforce system security policies, whereas an IDS can only monitor for attacks and alarm when they happen. Thus, neither a firewall nor an IDS meets Kolin’s needs. Finally, port security is a MAC address–based security feature that can restrict only which systems or devices can connect to a given port.

How well did you know this?

Not at all

Perfectly

What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems?

A. Stealth virus

B. Polymorphic virus

C. Multipartite virus

D. Encrypted virus

C. Multipartite virus

Explanation

Multipartite viruses use multiple propagation mechanisms to spread between systems. This improves their likelihood of successfully infecting a system because it provides alternative infection mechanisms that may be successful against systems that are not vulnerable to the primary infection mechanism.

How well did you know this?

Not at all

Perfectly

Sally’s organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it?

A. Integrity; IMAP

B. Repudiation; encryption

C. Nonrepudiation; digital signatures

Explanation

Sally needs to provide nonrepudiation, the ability to provably associate a given email with a sender. Digital signatures can provide nonrepudiation and are her best option. IMAP is a mail protocol, encryption can provide confidentiality, and DKIM is a tool for identifying domains that send email.

What two logical network topologies can be physically implemented as a star topology?

A. A bus and a mesh

B. A ring and a mesh

C. A bus and a ring

D. It is not possible to implement other topologies as a star.

C. A bus and a ring

Explanation

Both a logical bus and a logical ring can be implemented as a physical star. Ethernet is commonly deployed as a physical star by placing a switch as the center of a star, but Ethernet still operates as a bus. Similarly, Token Ring deployments using a multistation access unit (MAU) were deployed as physical stars but operated as rings.

Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower?

A. Likelihood

B. RTO

C. MTO

D. Impact

A. Likelihood

Explanation

Using encryption reduces risk by lowering the likelihood that an eavesdropper will be able to gain access to sensitive information.

Callback to a landline phone number is an example of what type of factor?

A. Something you know

B. Somewhere you are

C. Something you have

D. Something you are

B. Somewhere you are

Explanation

A callback to a landline phone number is an example of a “somewhere you are” factor because of the fixed physical location of a wired phone. A callback to a mobile phone would be a “something you have” factor.

Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario? A. Maintaining the hypervisor B. Managing operating system security settings C. Maintaining the host firewall D. Configuring server access control

A. Maintaining the hypervisor In an IaaS server environment, the customer retains responsibility for most server security operations under the shared responsibility model. This includes managing OS security settings, maintaining host firewalls, and configuring server access control. The vendor would be responsible for all security mechanisms at the hypervisor layer and below.

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? A. Matthew’s public key B. Matthew’s private key C. Richard’s public key D. Richard’s private key

B. Matthew’s private key Explanation An individual creates a digital signature by encrypting the message digest with his or her own private key.

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Richard receives the message from Matthew, what key should he use to decrypt the message? A. Matthew’s public key B. Matthew’s private key C. Richard’s public key D. Richard’s private key

D. Richard’s private key Explanation The recipient of a message uses his or her own private key to decrypt messages that were encrypted with the recipient’s public key. This ensures that nobody other than the intended recipient can decrypt the message.

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew sends Richard a message, what key should he use to encrypt the message? A. Matthew’s public key B. Matthew’s private key C. Richard’s public key D. Richard’s private key

C. Richard’s public key Explanation The sender of a message encrypts the message using the public key of the message recipient.

Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request? A. Harry B. Sally C. File server D. Document

D. Document Explanation In the subject/object model, the object is the resource being requested by a subject. In this example, Harry would like access to the document, making the document the object of the request.

Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet? A. Packets with a source address from Angie’s public IP address block B. Packets with a destination address from Angie’s public IP address block C. Packets with a source address outside Angie’s address block D. Packets with a source address from Angie’s private address block

A. Packets with a source address from Angie’s public IP address block Explanation All packets leaving Angie’s network should have a source address from her public IP address block. Packets with a destination address from Angie’s network should not be leaving the network. Packets with source addresses from other networks are likely spoofed and should be blocked by egress filters. Packets with private IP addresses as sources or destinations should never be routed onto the Internet.

During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident? A. Detection B. Recovery C. Remediation D. Reporting

D. Reporting Explanation During the Reporting phase, incident responders assess their obligations under laws and regulations to report the incident to government agencies and other regulators.

During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion? A. Identification B. Preservation C. Collection D. Production

B. Preservation Explanation During the preservation phase, the organization ensures that information related to the matter at hand is protected against intentional or unintentional alteration or deletion. The identification phase locates relevant information but does not preserve it. The collection phase occurs after preservation and gathers responsive information. The processing phase performs a rough cut of the collected information for relevance.

Susan has discovered that the smart card–based locks used to keep the facility she works at secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? A. Physical B. Administrative C. Compensation D. Recovery

C. Compensation Explanation She has placed compensation controls in place. Compensation controls are used when controls like the locks in this example are not sufficient. While the alarm is a physical control, the signs she posted are not. Similarly, the alarms are not administrative controls. These controls do not help to recover from an issue and are thus not recovery controls.

Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on‐premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible? A. 1 B. 2 C. 3 D. 4

D. 4 Explanation By switching from differential to incremental backups, Tara’s weekday backups will contain only the information changed since the previous day. Therefore, she must apply all the available incremental backups. She would begin by restoring the Sunday full backup and then apply the Monday, Tuesday, and Wednesday incremental backups.

Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on‐premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. What backup should Tara apply to the server first? A. Sunday’s full backup B. Monday’s differential backup C. Tuesday’s differential backup D. Wednesday’s differential backup

A. Sunday’s full backup Explanation Tara first must achieve a system baseline. She does this by applying the most recent full backup to the new system. This is Sunday’s full backup. Once Tara establishes this baseline, she may then proceed to apply differential backups to bring the system back to a more recent state.

Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? A. ALE B. SLE C. ARO D. AV

B. SLE Explanation The single loss expectancy (SLE) is the amount of damage that a risk is expected to cause each time that it occurs.

Which of the following is not a single sign‐on implementation? A. Kerberos B. ADFS C. CAS D. RADIUS

D. RADIUS Explanation Kerberos, Active Directory Federation Services (ADFS), and Central Authentication Services (CAS) are all SSO implementations. RADIUS is not a single sign‐on implementation, although some vendors use it behind the scenes to provide authentication for proprietary SSO.

Which one of the following is not a mode of operation for the Data Encryption Standard? A. CBC B. CFB C. OFB D. AES

D. AES Explanation The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The Advanced Encryption Standard (AES) is a separate encryption algorithm.

Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation? A. Advance and protect the profession. B. Act honorably, honestly, justly, responsibly, and legally. C. Protect society, the common good, necessary public trust and confidence, and the infrastructure. D. Provide diligent and competent service to principals.

A. Advance and protect the profession. Explanation Gina’s actions harm the CISSP® certification and information security community by undermining the integrity of the examination process. While Gina also is acting dishonestly, the harm to the profession is more of a direct violation of the code of ethics.

What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? A. 1 B. 2 C. 3 D. 4

B. 2 Explanation Triple DES functions by using either two or three encryption keys. When used with only one key, 3DES produces weakly encrypted ciphertext that is the insecure equivalent of DES.

What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service? A. A static packet filtering firewall B. An application‐level gateway firewall C. A circuit‐level gateway firewall D. A stateful inspection firewall

B. An application‐level gateway firewall Explanation An application‐level gateway firewall uses proxies for each service it filters. Each proxy is designed to analyze traffic for its specific traffic type, allowing it to better understand valid traffic and to prevent attacks. Static packet filters and circuit‐level gateways simply look at the source, destination, and ports in use, whereas a stateful packet inspection firewall can track the status of communication and allow or deny traffic based on that understanding.

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization’s new centralized logging? A. Deploy and use an IDS. B. Send logs to a central logging server. C. Deploy and use a SIEM. D. Use syslog.

C. Deploy and use a SIEM. Explanation A security information and event management (SIEM) tool is designed to provide automated analysis and monitoring of logs and security events. A SIEM tool that receives access to logs can help detect and alert on events like logs being purged or other breach indicators. An IDS can help detect intrusions, but IDSs are not typically designed to handle central logs. A central logging server can receive and store logs but won’t help with analysis without taking additional actions. Syslog is simply a log format.

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future? A. Encrypt local logs. B. Require administrative access to change logs. C. Enable log rotation. D. Send logs to a bastion host.

D. Send logs to a bastion host. Explanation Sending logs to a secure log server, sometimes called a bastion host, is the most effective way to ensure that logs survive a breach. Encrypting local logs won’t stop an attacker from deleting them, and requiring administrative access won’t stop attackers who have breached a machine and acquired escalated privileges. Log rotation archives logs based on time or file size and can also purge logs after a threshold is hit. Rotation won’t prevent an attacker from purging logs.

In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud

A. Public cloud Explanation In the public cloud computing model, the vendor builds a single platform that is shared among many different customers. This is also known as the shared tenancy model.

Michelle is in charge of her organization’s mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen? A. Mandatory passcodes and application management B. Full device encryption and mandatory passcodes C. Remote wipe and GPS tracking D. Enabling GPS tracking and full device encryption

B. Full device encryption and mandatory passcodes Explanation While full device encryption doesn’t guarantee that data cannot be accessed, it provides Michelle’s best option for preventing data from being lost with a stolen device when paired with a passcode. Mandatory passcodes and application management can help prevent application‐based attacks and unwanted access to devices but won’t keep the data secure if the device is lost. Remote wipe and GPS location is useful if the thief allows the device to connect to a cellular or Wi‐Fi network. Unfortunately, many modern thieves immediately take steps to ensure that the device will not be trackable or allowed to connect to a network before they capture data or wipe the device for resale.

Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility? A. Simulation test B. Tabletop exercise C. Parallel test D. Checklist review

C. Parallel test Explanation During a parallel test, the team activates the disaster recovery site for testing, but the primary site remains operational. A simulation test involves a roleplay of a prepared scenario overseen by a moderator. Responses are assessed to help improve the organization’s response process. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems.

What RADIUS alternative is commonly used for Cisco network gear and supports two‐factor authentication? A. RADIUS+ B. TACACS+ C. XTACACS D. Kerberos

B. TACACS+ Explanation TACACS+ is the most modern version of TACACS, the Terminal Access Controller Access‐Control System. It is a Cisco proprietary protocol with added features beyond what RADIUS provides, meaning it is commonly used on Cisco networks. XTACACS is an earlier version, Kerberos is a network authentication protocol rather than a remote user authentication protocol, and RADIUS+ is a made‐up term.

Don’s company is considering the use of an object‐based storage system where data is placed in a vendor‐managed storage environment through the use of API calls. What type of cloud computing service is in use? A. IaaS B. PaaS C. CaaS D. SaaS

A. IaaS Explanation In this scenario, the vendor is providing object‐based storage, a core infrastructure service. Therefore, this is an example of infrastructure as a service (IaaS).

Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point‐of‐sale terminals to those packages on a preapproved list. What approach should Vivian use? A. Antivirus B. Heuristic C. Whitelist D. Blacklist

C. Whitelist Explanation The blacklist approach to application control blocks certain prohibited packages but allows the installation of other software on systems. The whitelist approach uses the reverse philosophy and allows only approved software. Antivirus software would only detect the installation of malicious software after the fact. Heuristic detection is a variant of antivirus software.

George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony? A. Testimonial evidence rule B. Parol evidence rule C. Best evidence rule D. Hearsay rule

D. Hearsay rule Explanation The hearsay rule says that a witness cannot testify about what someone else told them, except under specific exceptions. The courts have applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator. The best evidence rule states that copies of documents may not be submitted into evidence if the originals are available. The parol evidence rule states that if two parties enter into a written agreement, that written document is assumed to contain all the terms of the agreement. Testimonial evidence is a type of evidence, not a rule of evidence.