Chapter 10 Practice Test 2 (Sybex) Flashcards
James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining?
A. SLA
B. RTO
C. MTD
D. RPO
D. RPO
Explanation:
The recovery point objective (RPO) identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. The recovery time objective (RTO) is the amount of time expected to return an IT service or component to operation after a failure. The maximum tolerable downtime (MTD) is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization. Service-level agreements (SLAs) are written contracts that document service expectations.
In his role, Chris is expected to protect the interests of the organization, and the customers whose information he is charged to protect. What term describes the preparation and research undertaken before decisions and actions are made?
A. Due care
B. Compliance
C. Due diligence
D. Regulatory action
C. Due diligence
Explanation:
Due care and due diligence can be a confusing pair of terms to keep straight. Chris is engaging in due diligence when he does the preparation and research. Once that is done, he must use due care while undertaking the actions. This is often described in the context of the prudent person rule: would a prudent person have taken the action given the same knowledge?
Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process?
A. Black box
B. White box
C.Gray box
D. Zero box
B. White box
Explanation:
White-box testing provides the tester with information about networks, systems, and configurations, allowing highly effective testing. It doesn’t simulate an actual attack like black- and gray-box testing can and thus does not have the same realism, and it can lead to attacks succeeding that would fail in a zero- or limited-knowledge attack.
Application banner information is typically recorded during what penetration testing phase?
A. Planning
B. Attack
C. Reporting
D. Discovery
D. Discovery
Explanation:
The discovery phase includes activities such as gathering IP addresses, network ranges, and hostnames, as well as gathering information about employees, locations, systems, and, of course, the services those systems provide. Banner information is typically gathered as part of discovery to provide information about what version and type of service is being provided.
Tony wants to conduct a disaster recovery plan test exercise for his organization. What type of exercise should he conduct if he wants it to be the most realistic event possible and is able to disrupt his organization’s operations to conduct the exercise?
A. Read-through
B. Full interruption
C. Walk-through
D. Simulation
B. Full interruption
Explanation:
The most realistic but also most disruptive option for disaster recovery plan testing is a full interruption. The least obtrusive but also least similar to real-world scenarios is a read-through. After that, walk-throughs and simulations are each closer to a true scenario, but parallel operations is often the most popular option because it can be done without disrupting the organization and still reasonably test capabilities.
Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device?
A. Record the MAC address of each system.
B. Require users to fill out a form to register each system.
C. Scan each system using a port scanner.
D. Use device fingerprinting via a web-based registration system.
D. Use device fingerprinting via a web-based registration system.
Explanation:
Device fingerprinting via a web portal can require user authentication and can gather data such as operating systems, versions, software information, and many other factors that can uniquely identify systems. Using an automated fingerprinting system is preferable to handling manual registration, and pairing user authentication with data gathering provides more detail than a port scan. MAC addresses can be spoofed, and systems may have more than one depending on how many network interfaces they have, which can make unique identification challenging.
Ben works in an organization that uses a formal data governance program. He is consulting with an employee working on a project that created an entirely new class of data and wants to work with the appropriate individual to assign a classification level to that information. Who is responsible for the assignment of information to a classification level?
A. Data creator
B. Data owner
C. CISO
D. Data custodian
B. Data owner
Explanation:
The data owner is normally responsible for classifying information at an appropriate level. This role is typically filled by a senior manager or director, who then delegates operational responsibility to a data custodian.
James wants to ensure that his company’s backups will survive a disaster that strikes the data center. Which of the following options is the best solution to this concern?
A. Off-site backups
B. A grandfather/father/son backup tiering system
C. Redundant backup systems
D. Snapshots to a SAN or NAS
A. Off-site backups
Explanation:
Off-site backups are the best option for disaster recovery in a scenario where a disaster directly impacts the data center. None of the other scenarios as described will directly address the issue, although snapshots to a remote storage location can act as a form of off-site backup.
Gabe is concerned about the security of passwords used as a cornerstone of his organization’s information security program. Which one of the following controls would provide the greatest improvement in Gabe’s ability to authenticate users?
A. More complex passwords
B. User education against social engineering
C. Multifactor authentication
D. Addition of security questions based on personal knowledge
C. Multifactor authentication
Explanation:
While all of the listed controls would improve authentication security, most simply strengthen the use of knowledge-based authentication. The best way to improve the authentication process would be to add a factor not based on knowledge through the use of multifactor authentication. This may include the use of biometric controls or token-based authentication.
The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept?
A. MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols
B. FCoE, a converged protocol that allows common applications over Ethernet
C. SDN, a converged protocol that allows network virtualization
D. CDN, a converged protocol that makes common network designs accessible
C. SDN, a converged protocol that allows network virtualization
Explanation:
Software-defined networking (SDN) is a converged protocol that allows virtualization concepts and practices to be applied to networks. MPLS handles a wide range of protocols like ATM, DSL, and others, but isn’t intended to provide the centralization capabilities that SDN does. A content distribution network (CDN) is not a converged protocol, and FCoE is Fibre Channel over Ethernet, a converged protocol for storage.
Susan is preparing to decommission her organization’s archival DVD-ROMs that contain Top Secret data. How should she ensure that the data cannot be exposed?
A. Degauss
B. Zero wipe
C. Pulverize
D. Secure erase
C. Pulverize
Explanation:
The best way to ensure that data on DVDs is fully gone is to destroy them, and pulverizing DVDs is an appropriate means of destruction. DVD-ROMs are write-only media, meaning that secure erase and zero wipes won’t work. Degaussing only works on magnetic media and cannot guarantee that there will be zero data remanence.
Susan is worried about a complex change and wants to ensure that the organization can recover if the change does not go as planned. What should she require in her role on the organization’s change advisory board (CAB)?
A. She should reject the change due to risk.
B. She should require a second change review.
C. She should ensure a backout plan exists.
D. She should ensure a failover plan exists.
C. She should ensure a backout plan exists.
Explanation:
Backout plans are required in some change management processes to ensure that the thought process and procedures for what to do if something does not go as planned are needed. Validating backout plan quality can be just as important as the change, and you may find, in many organizations, if nobody is watching
Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the internet?
A. Packets with a source address from Angie’s public IP address block
B. Packets with a destination address from Angie’s public IP address block
C. Packets with a source address outside Angie’s address block
D. Packets with a source address from Angie’s private address block
A. Packets with a source address from Angie’s public IP address block
Explanation:
All packets leaving Angie’s network should have a source address from her public IP address block. Packets with a destination address from Angie’s network should not be leaving the network. Packets with source addresses from other networks are likely spoofed and should be blocked by egress filters. Packets with private IP addresses as sources or destinations should never be routed onto the internet.
Matt is conducting a penetration test against a Linux server and successfully gained access to an administrative account. He would now like to obtain the password hashes for use in a brute-force attack. Where is he likely to find the hashes, assuming the system is configured to modern security standards?
A. /etc/passwd
B. /etc/hash
C. /etc/secure
D. /etc/shadow
D. /etc/shadow
Explanation:
Security best practices dictate the use of shadowed password files that move the password hashes from the widely accessible /etc/passwd file to the more restricted /etc/shadow file.
Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. She wants to ensure that a developer who checks in code cannot then approve their own code as part of the process. What information security principle is she most directly enforcing?
A. Separation of duties
B. Two-person control
C. Least privilege
D. Job rotation
A. Separation of duties
Explanation:
While developers may feel like they have a business need to be able to move code into production, the principle of separation of duties dictates that they should not have the ability to both write code and place it on a production server. The deployment of code is often performed by change management staff.
Which one of the following tools may be used to achieve the goal of nonrepudiation?
A.Digital signature
B. Symmetric encryption
C. Firewall
D. IDS
A.Digital signature
Explanation:
Applying a digital signature to a message allows the sender to achieve the goal of nonrepudiation. This allows the recipient of a message to prove to a third party that the message came from the purported sender. Symmetric encryption does not support nonrepudiation. Firewalls and IDS are network security tools that are not used to provide nonrepudiation.
In this diagram of the TCP three-way handshake, what should system A send to system B in step 3?
A. ACK
B. SYN
C. FIN
D. RST
A. ACK
Explanation:
A. System A should send an ACK to end the three-way handshake. The TCP three-way handshake is SYN, SYN/ACK, ACK.
What RADIUS alternative is commonly used for Cisco network gear and supports two-factor authentication?
A. RADIUS+
B. TACACS+
C. XTACACS
D. Kerberos
B. TACACS+
Explanation:
TACACS+ is the most modern version of TACACS, the Terminal Access Controller Access-Control System. It is a Cisco proprietary protocol with added features beyond what RADIUS provides, meaning it is commonly used on Cisco networks. XTACACS is an earlier version, Kerberos is a network authentication protocol rather than a remote user authentication protocol, and RADIUS+ is a made-up term.
What two types of attacks are VoIP call managers and VoIP phones most likely to be susceptible to?
A. DoS and malware
B. Worms and Trojans
C. DoS and host OS attacks
D. Host OS attacks and buffer overflows
C. DoS and host OS attacks
Explanation:
Call managers and VoIP phones can be thought of as servers or appliances and embedded or network devices. That means that the most likely threats that they will face are denial-of-service (DoS) attacks and attacks against the host operating system. Malware and Trojans are less likely to be effective against a server or embedded system that doesn’t browse the internet or exchange data files; buffer overflows are usually aimed at specific applications or services.
Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point-of-sale terminals to those packages on a preapproved list. What approach should Vivian use?
A.Antivirus
B. Heuristic
C. Whitelist
D. Blacklist
C. Whitelist
Explanation:
The blacklist approach to application control blocks certain prohibited packages but allows the installation of other software on systems. The whitelist approach uses the reverse philosophy and only allows approved software. It is worth noting that the terms blacklist and whitelist are increasingly deprecated and that you may encounter terms like block list or deny list and allow list as language and terminology shifts. As you prepare for the exam and your professional work, make sure to consider these equivalents. Antivirus software would only detect the installation of malicious software after the fact. Heuristic detection is a variant of antivirus software.
For questions 21–23, please refer to the following scenario: Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200-year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility.
Based on the information in this scenario, what is the exposure factor for the effect of a flood on DataTech's data center? A. 2 percent B. 20 percent C. 100 percent D. 200 percent
B. 20 percent
Explanation:
B. The exposure factor is the percentage of the facility that risk managers expect will be damaged if a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case, that is $20 million in damage divided by the $100 million facility value, or 20 percent.
Based on the information in this scenario, what is the annualized rate of occurrence for a flood at DataTech's data center? A. 0.002 B. 0.005 C. 0.02 D. 0.05
B. 0.005
Explanation:
The annualized rate of occurrence is the number of times each year that risk analysts expect a risk to happen in any given year. In this case, the analysts expect floods once every 200 years, or 0.005 times per year.
Based on the information in this scenario, what is the annualized loss expectancy for a flood at DataTech’s data center?
A. $40,000
B. $100,000
C. $400,000
D. $1,000,000
B. $100,000
Explanation:
The annualized loss expectancy is calculated by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence (ARO). In this case, the SLE is $20 million, and the ARO is 0.005. Multiplying these numbers together gives you the ALE of $100,000.
Which accounts are typically assessed during an account management assessment?
A. A random sample
B. Highly privileged accounts
C. Recently generated accounts
D. Accounts that have existed for long periods of time
B. Highly privileged accounts
Explanation:
The most frequent target of account management reviews are highly privileged accounts, as they create the greatest risk. Random samples are the second most likely choice. Accounts that have existed for a longer period of time are more likely to have a problem due to privilege creep than recently created accounts, but neither of these choices is likely unless there is a specific organizational reason to choose them.
Cloud computing uses a shared responsibility model for security, where the vendor and customer both bear some responsibility for security. The division of responsibility depends upon the type of service used. Place the cloud service offerings listed here in order from the case where the customer bears the least responsibility to where the customer bears the most responsibility.
- IaaS
- SaaS
- PaaS
A. 1, 2, 3
B. 2, 1, 3
C. 3, 2, 1
D. 2, 3, 1
D. 2, 3, 1
Explanation:
The cloud service offerings in order from the case where the customer bears the least responsibility to where the customer bears the most responsibility are SaaS, PaaS, and IaaS. In an infrastructure as a service (IaaS) cloud computing model, the customer retains responsibility for managing operating system and application security, while the vendor manages security at the hypervisor level and below. In a platform as a service (PaaS) environment, the vendor takes on responsibility for the operating system, but the customer writes and configures any applications. In a software as a service (SaaS) environment, the vendor takes on responsibility for the development and implementation of the application while the customer merely configures security settings within the application.
What type of error occurs when a valid subject using a biometric authenticator is not authenticated?
A. A Type 1 error
B. A Type 2 error
C. A Type 3 error
D. A Type 4 error
A. A Type 1 error
Explanation:
Type 1 errors occur when a valid subject is not authenticated. Type 2 errors occur when an invalid subject is incorrectly authenticated. Type 3 and Type 4 errors are not associated with biometric authentication.
An emergency button under the desk is a common example of what type of physical security system?
A. An airgap button
B. A keylogger
C. A pushbutton lock
D. A duress system
D. A duress system
Explanation:
D. Duress systems are intended to allow employees to notify security or others when they are in a dangerous situation or when they need help. Duress systems may be as simple as a push button and as complex as a code word or digital system that allows specific entries to trigger alarms while still performing a desired or deceptive but real-appearing action.
Henry runs Nikto against an Apache web server and receives the output shown here.
Which of the following statements is the least important to include in his report?
A. The missing clickjacking x-frame options could be used to redirect input to a malicious site or frame.
B. Cross-site scripting protections should be enabled, but aren’t.
C. Inode information leakage from a Linux system is a critical vulnerability allowing direct access to the filesystem using node references.
D. The server is a Linux server.
C. Inode information leakage from a Linux system is a critical vulnerability allowing direct access to the filesystem using node references.
Explanation:
Exposing inode information is not as important as the other information shown. Clickjacking and cross-site scripting are both important issues, and knowing that the server is a Linux server is also important.
George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony?
A. Testimonial evidence rule
B. Parol evidence rule
C. Best evidence rule
D. Hearsay rule
D. Hearsay rule
Explanation:
The hearsay rule says that a witness cannot testify about what someone else told them, except under very specific exceptions. The courts have applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator. In this question, scenario George might also be able to provide a sworn affidavit, but the question doesn’t include that option. The best evidence rule states that copies of documents may not be submitted into evidence if the originals are available. The parol evidence rule states that if two parties enter into a written agreement, that written document is assumed to contain all of the terms of the agreement. Testimonial evidence is a type of evidence, not a rule of evidence.
Which of the following is not a valid use for key risk indicators (KRIs)?
A. Provide warnings before issues occur.
B. Provide real-time incident response information.
C. Provide historical views of past incidents.
D. Provide insight into risk tolerance for the organization.
B. Provide real-time incident response information.
Explanation:
B. While key risk indicators can provide useful information for organizational planning and a deeper understanding of how organizations view risk, KRIs are not a great way to handle a real-time security response. Monitoring and detection systems like IPS, SIEM, and other tools are better suited to handling actual attacks.
Which one of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread?
A. Trojan horse
B. Worm
C. Logic bomb
D. Virus
B. Worm
Explanation:
Worms have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction to spread. Logic bombs do not spread from system to system but lie in wait until certain conditions are met, triggering the delivery of their payload.
As part of your company’s security team, you have been asked to advise on how to ensure that media is not improperly used or stored. What solution will help staff members in your organization to handle media appropriately?
A. Labeling with sensitivity levels
B. Encrypting the sensitive media
C. Dual control media systems
D. A clear desk policy
A. Labeling with sensitivity levels
Explanation:
As simple as the answer may seem, labeling media or even color coding it with sensitivity levels and ensuring staff are appropriately trained on what the levels mean will normally have the biggest impact. Encrypting media can help, but without the labels, files may be stored on inappropriate media. A clear desk policy can help if casual media theft is an issue but is not likely to be an important control in this scenario. Dual control is used to ensure that a task cannot be performed by a single staff member to avoid malfeasance and is not directly useful here.
Alaina wants to use a broadly adopted threat modeling framework for her organization’s threat intelligence efforts. Which of the following would you advise her to adopt if she wants to use pre-existing tools to help her threat modeling team integrate both internally created intelligence and external threat feed data?
A. The Diamond Model of Intrusion Analysis
B. ATT&CK
C. Microsoft’s Threat-JUMP modeling system
D. Threat-EN
B. ATT&CK
Explanation:
MITRE’s ATT&CK framework is broadly adopted by threat modeling and threat intelligence organizations and is used as a default model in many software packages and tools. The Diamond Model specifically addresses how to think about intrusions but does not address broader threats, and the other answers were made up for this question.
Which one of the following is not a principle of the Agile approach to software development?
A. The most efficient method of conveying information is electronic.
B. Working software is the primary measure of progress.
C. Simplicity is essential.
D. Businesspeople and developers must work together daily.
A. The most efficient method of conveying information is electronic.
Explanation:
The Agile approach to software development states that working software is the primary measure of progress, that simplicity is essential, and that businesspeople and developers must work together daily. It also states that the most efficient method of conveying information is face to face, not electronic.
Harry is concerned that accountants within his organization will modify data to cover up fraudulent activity in accounts that they normally access. Which one of the following controls would best defend against this type of attack?
A. Encryption
B. Access controls
C. Integrity verification
D. Firewalls
C. Integrity verification
Explanation:
C. Encryption, access controls, and firewalls would not be effective in this example because the accountants have legitimate access to the data. Integrity verification software would protect against this attack by identifying unexpected changes in protected data.
Ben wants to use the concept of crime prevention through environmental design to help secure his facility. Which of the following is not a common example of this design concept in use?
A. Mounting cameras in full view to act as a deterrent
B. Limiting the size of planters to avoid having them used to hide behind
C. Locating data centers at the edge of the building to enhance security
D. Making delivery access driveways and entrances less visible to the public
C. Locating data centers at the edge of the building to enhance security
Explanation:
Crime prevention through environmental design (CPTED) focuses on making crime less likely due to design elements. Data centers are often placed near the core of a building to make them easier to secure and less likely to be impacted by natural disasters or accidents. Mounting cameras where they can be seen, avoiding the creation of easy hiding places, and keeping delivery areas less visible and thus less attractive to access are all common techniques used in CPTED.
Meena wants to ensure that her supply chain risks are well managed. Which of the following is not a common practice she should include in her supply chain risk management (SCRM) plan?
A. Use contractual controls such as insurance and liability limitations where appropriate.
B. Sole source to provide vendor stability.
C. Ensure multiple suppliers exist for critical components.
D. Validate the financial stability of potential suppliers.
B. Sole source to provide vendor stability.
Explanation:
Sole sourcing can create additional fragility in supply chains due to reliance on a single supplier. Contractual controls including requirements for supplier insurance and liability limitations, having multiple suppliers, and validating their financial stability are all common ways to help reduce supply chain risk.
Using the following table and your knowledge of the auditing process, answer questions 38–40. As they prepare to migrate their data center to an infrastructure as a service (IaaS) provider, Susan’s company wants to understand the effectiveness of their new provider’s security, integrity, and availability controls. What SOC report would provide them with the most detail, including input from the auditor on the effectiveness of controls at the IaaS provider?
A. SOC 1.
B. SOC 2.
C. SOC 3.
D. None of the SOC reports is suited to this, and they should request another form of report.
B. SOC 2.
Explanation:
SOC 2 reports are released under NDA to select partners or customers and can provide detail on the controls and any issues they may have. A SOC 1 report would only provide financial control information, and a SOC 3 report provides less information since it is publicly available.
Susan wants to ensure that the audit report that her organization requested includes input from an external auditor and information about control implementation over a period of time. What type of report should she request?
A. SOC 2, Type 1
B. SOC 3, Type 1
C. SOC 2, Type 2
D. SOC 3, Type 2
C. SOC 2, Type 2
Explanation:
An SOC 2, Type 2 report includes information about a data center’s security, availability, processing integrity, confidentiality, and privacy, and includes an auditor’s opinion on the operational effectiveness of the controls. SOC 3 does not have types, and an SOC 2 Type 1 is only conducted at a point in time.
When Susan requests an SOC 2 report, she receives an SOC 1 report. What issue should Susan raise?
A. SOC 1 reports only reveal publicly available information.
B. SOC 1 reports cover financial data.
C. SOC 1 reports only cover a point in time.
D. SOC 1 reports only use a three-month period for testing.
B. SOC 1 reports cover financial data.
Explanation:
B. Susan asked for a security controls report (SOC 2) and received a financial internal controls report (SOC 1). This question doesn’t specify whether a Type 1 or Type 2 report is desired, but most security practitioners will prefer a Type 2 report if they can get it since it tests the actual controls and their implementation instead of their descriptions.
Brad wants to engage third-party auditors to assess a vendor that his company will be signing a contract with. If Brad wants to assess the vendor’s security policies and controls as well as the effectiveness of those controls as implemented over time, what SOC level and type should he request the auditors perform?
A. A SOC 1, Type 2
B. A SOC 2, Type 1
C. A SOC 1, Type 1
D. A SOC 2, Type 2
D. A SOC 2, Type 2
Explanation:
D. An SOC 2 assessment looks at controls that affect security, and a Type 2 report validates the operating effectiveness of the controls. SOC 1 engagement assesses controls that might impact financial reporting, and a Type 1 report provides the auditors opinions of the descriptions of controls provided by management at a single point in time—not the actual implementations of the controls.
Bell–LaPadula is an example of what type of access control model?
A. DAC
B. RBAC
C. MAC
D. ABAC
C. MAC
Explanation:
Bell–LaPadula uses security labels on objects and clearances for subjects and is therefore a MAC model. It does not use discretionary, rule-based, role-based, or attribute-based access control.
Martha is the information security officer for a small college and is responsible for safeguarding the privacy of student records. What law most directly applies to her situation?
A. HIPAA
B. HITECH
C. COPPA
D. FERPA
D. FERPA
Explanation:
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of students in any educational institution that accepts any form of federal funding.
What U.S. federal law mandates the security of protected health information?
A. FERPA
B. SAFE Act
C. GLBA
D. HIPAA
D. HIPAA
Explanation:
The Health Insurance Portability and Accountability Act (HIPAA) mandates the protection of protected health information (PHI). The SAFE Act deals with mortgages, the Graham–Leach–Bliley Act (GLBA) covers financial institutions, and FERPA deals with student data.
Which one of the following techniques can an attacker use to exploit a TOC/TOU vulnerability?
A. File locking
B. Exception handling
C. Algorithmic complexity
D. Concurrency control
C. Algorithmic complexity
Explanation:
Attackers may use algorithmic complexity as a tool to exploit a time of change/time of use (TOC/TOU) condition. By varying the workload on the CPU, attackers may exploit the amount of time required to process requests and use that variance to effectively schedule the exploit’s execution. File locking, exception handling, and concurrency controls are all methods used to defend against TOC/TOU attacks.
Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages?
A. The facility code
B. The log priority
C. The security level
D. The severity level
D. The severity level
Explanation:
Implementations of syslog vary, but most provide a setting for severity level, allowing configuration of a value that determines what messages are sent. Typical severity levels include debug, informational, notice, warning, error, critical, alert, and emergency. The facility code is also supported by syslog, but is associated with which services are being logged. Security level and log priority are not typical syslog settings.
What RAID level is also known as disk mirroring?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5
B. RAID 1
Explanation:
B. In RAID 1, also known as disk mirroring, systems contain two physical disks. Each disk contains copies of the same data, and either one may be used in the event the other disk fails.
Isaac recently purchased a 48 port switch from his switch vendor. The switch vendor has announced that the model of switch that Isaac purchased will reach end of life next year. What does this tell Isaac about the devices?
A. The devices will stop being sold next year.
B. The devices will stop functioning next year.
C. The devices will no longer be supported next year.
D. The devices will be supported for a minimum of three more years.
A. The devices will stop being sold next year.
Explanation:
Most vendors use the term end of life, or EOL, to denote when the product will stop being sold.
End of support typically comes sometime after end of life, and this problem does not specify when end of support (EOS) will occur. Devices will still function after end of life and likely after end of support, but security professionals should raise concerns about the security of devices or software after the end of support because patches and updates will likely no longer be available.
Surveys, interviews, and audits are all examples of ways to measure what important part of an organization’s security posture?
A. Code quality
B. Service vulnerabilities
C. Awareness
D. Attack surface
C. Awareness
Explanation:
C. Interviews, surveys, and audits are all useful for assessing awareness. Code quality is best judged by code review, service vulnerabilities are tested using vulnerability scanners and related tools, and the attack surface of an organization requires both technical and administrative review.
Tom is the general counsel for an internet service provider, and he recently received notice of a lawsuit against the firm because of copyrighted content illegally transmitted over the provider’s circuits by a customer. What law protects Tom’s company in this case?
A. Computer Fraud and Abuse Act
B. Digital Millennium Copyright Act
C. Wiretap Act
D. Copyright Code
B. Digital Millennium Copyright Act
Explanation:
The Digital Millennium Copyright Act extends common carrier protection to online service providers, which are not liable for the “transitory activities” of their customers.