CISSP-P2 Flashcards

Question

Which one of the following algorithms is not supported by the Digital Signature Standard under FIPS 186-4? A. Digital Signature Algorithm B. RSA C. ElGamal DSA D. Elliptic Curve DSA

Answer 1

C. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

Answer 2

B. X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.

Answer 3

B. Fault injection attacks compromise the integrity of a cryptographic device by causing some type of external fault, such as the application of high-voltage electricity. Implementation attacks rely on flaws in the cryptographic algorithm. Timing attacks measure the length of time consumed by encryption operations. Chosen ciphertext attacks require access to the algorithm and work by having the attacker perform encryption that results in an expected ciphertext.

Answer 4

C. HTTPS uses TCP port 443 for encrypted client/server communications over TLS. Port 22 is used by the secure shell (SSH) protocol. Port 80 is used by the unencrypted HTTP protocol. Port 1433 is used for Microsoft SQL Server database connections.

Answer 5

A. An attacker without any special access to the system would only be able to perform ciphertext-only attacks. Known plaintext and chosen plaintext attacks require the ability to encrypt data. Fault injection attacks require physical access to the facility.

Answer 6

A. Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password-cracking attacks.

Answer 7

C. The PFX format is most closely associated with Windows systems that store certificates in binary format, whereas the P7B format is used for Windows systems storing files in text format. The PEM format is another text format, and the CCM format does not exist.

Answer 8

B. Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.

Answer 9

D. The Merkle–Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.

Answer 10

20. B. SSH2 adds support for simultaneous shell sessions over a single SSH connection. Both SSH1 and SSH2 are capable of supporting multifactor authentication. SSH2 actually drops support for the IDEA algorithm, whereas both SSH1 and SSH2 support 3DES

Answer 11

A, D. Keys must be long enough to withstand attack for as long as the data is expected to remain sensitive. They should not be generated in a predictable way but, rather, should be randomly generated. Keys should be securely destroyed when they are no longer needed and not indefinitely retained. Longer keys do indeed provide greater security against brute force attacks.

Answer 12

A. Nonrepudiation prevents the sender of a message from later denying that they sent it. Confidentiality protects the contents of encrypted data from unauthorized disclosure. Integrity protects data from unauthorized modification. Availability is not a goal of cryptography.

Answer 13

B. The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

Answer 14

D. The Diffie–Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

Answer 15

A, D. Confusion and diffusion are two principles underlying most cryptosystems. Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key. Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Answer 16

B, C, D. AES provides confidentiality, integrity, and authentication when implemented properly. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message and cannot be achieved with a symmetric cryptosystem, such as AES.

Answer 17

D. Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks. All other cryptosystems, including transposition ciphers, substitution ciphers, and even AES, are vulnerable to attack, even if no attack has yet been discovered.

Answer 18

B, C, D. The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems

Answer 19

C. In a symmetric cryptosystem, a unique key exists for each pair of users. In this case, every key involving the compromised user must be changed, meaning that the key that the user shared with each of the other 19 users must be changed.

Answer 20

C. Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

Answer 21

A. Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction. Therefore, James only needs to create a single symmetric key to facilitate this communication.

Answer 22

B. M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

Answer 23

A. An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique ciphertext every time the same message is encrypted with the same key. Vigenère ciphers are an example of a substitution cipher technique. Steganography is a technique used to embed hidden messages within a binary file. Stream ciphers are used to encrypt continuous streams of data.

Answer 24

B. Galois/Counter Mode (GCM) and Counter with Cipher Block Chaining Message Authentication Code mode (CCM) are the only two modes that provide both confidentiality and data authenticity. Other modes, including Electronic Code Book (ECB), Output Feedback (OFB), and Counter (CTR) modes, only provide confidentiality.

Answer 25

D. Data that is stored in memory is being actively used by a system and is considered data in use. Data at rest is data that is stored on nonvolatile media, such as a disk. Data in motion is being actively transferred over a network.

Answer 26

B, C. The Advanced Encryption Standard (AES) and Rivest Cipher 6 (RC6) are modern, secure algorithms. The Data Encryption Standard (DES) and Triple DES (3DES) are outdated and no longer considered secure.

Answer 27

B. One important consideration when using CBC mode is that errors propagate—if one block is corrupted during transmission, it becomes impossible to decrypt that block and the next block as well. The other modes listed here do not suffer from this flaw.

Answer 28

C. Offline key distribution requires a side channel of trusted communication, such as in person contact. This can be difficult to arrange when users are geographically separated. Alternatively, the individuals could use the Diffie–Hellman algorithm or other asymmetric/public key encryption technique to exchange a secret key. Key escrow is a method for managing the recovery of lost keys and is not used for key distribution.

Answer 29

A. The AES-256 algorithm is a modern, secure cryptographic algorithm. 3DES, RC4, and Skipjack are all outdated algorithms that suffer from significant security issues.

Answer 30

20. C. A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys. You can calculate this value by using the formula (n * (n – 1) / 2). In this case, n = 6, resulting in (6 * 5) / 2 = 15 keys.

Answer 31

A. Cryptanalysis is the process of trying to reverse-engineer a cryptosystem, with the possible goal of uncovering the key used. Once this key is uncovered, all other messages encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to test the strength of the algorithm.

Answer 32

C. A brute force attack is resource-intensive. It tries all values until the correct one is obtained. As computers have more powerful processors added to them, attackers can carry out more powerful brute force attacks.

Answer 33

D. A hashing algorithm will take a string of variable length, the message can be any size, and compute a fixed-length value. The fixed-length value is the message digest. The MD family creates the fixed-length value of 128 bits, and SHA creates one of 160 bits.

Answer 34

C. Hashing algorithms generate message digests to detect whether modification has taken place. The sender and receiver independently generate their own digests, and the receiver compares these values. If they differ, the receiver knows the message has been altered.

Answer 35

C. SHA was created to generate secure message digests. Digital Signature Standard (DSS) is the standard to create digital signatures, which dictates that SHA must be used. DSS also outlines the digital signature algorithms that can be used with SHA: RSA, DSA, and ECDSA.

Answer 36

C. In an HMAC operation, a message is concatenated with a symmetric key and the result is put through a hashing algorithm. This provides integrity and system or data authentication. CBC-MAC uses a block cipher to create a MAC, which is the last block of ciphertext.

Answer 37

A. RSA can be used for data encryption, key exchange, and digital signatures. DSA can be used only for digital signatures.

Answer 38

C. The U.S. government has greatly reduced its restrictions on cryptography exportation, but there are still some restrictions in place. Products that use encryption cannot be sold to any country the United States has declared is supporting terrorism. The fear is that the enemies of the country would use encryption to hide their communication, and the government would be unable to break this encryption and spy on their data transfers.

Answer 39

C. A digital signature is a message digest that has been encrypted with the sender’s private key. A sender, or anyone else, should never have access to the receiver’s private key.

Answer 40

D. A digital signature provides authentication (knowing who really sent the message), integrity (because a hashing algorithm is involved), and nonrepudiation (the sender cannot deny sending the message).

Answer 41

A. DES has a key size of 64 bits, but 8 bits are used for parity, so the true key size is 56 bits. Remember that DEA is the algorithm used for the DES standard, so DEA also has a true key size of 56 bits, because we are actually talking about the same algorithm here. DES is really the standard, and DEA is the algorithm. We just call it DES in the industry because it is easier.

Answer 42

C. The reason a certificate is revoked is to warn others who use that person’s public key that they should no longer trust the public key because, for some reason, that public key is no longer bound to that particular individual’s identity. This could be because an employee left the company, or changed his name and needed a new certificate, but most likely it is because the person’s private key was compromised.

Answer 43

B. Data Encryption Standard was developed by NIST and the NSA to encrypt sensitive but unclassified government data.

Answer 44

D. A registration authority (RA) accepts a person’s request for a certificate and verifies that person’s identity. Then the RA sends this request to a certificate authority (CA), which generates and maintains the certificate.

Answer 45

C. DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of DES: a symmetric block cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key.

Answer 46

D. The first released public key cryptography algorithm was developed by Whitfield Diffie and Martin Hellman.

Answer 47

D. After a session key has been created, it must be exchanged securely. In most cryptosystems, an asymmetric key (the receiver’s public key) is used to encrypt this session key, and it is sent to the receiver.

Answer 48

A. DES carries out 16 rounds of mathematical computation on each 64-bit block of data it is responsible for encrypting. A round is a set of mathematical formulas used for encryption and decryption processes.

Answer 49

B. Data encryption always requires careful key management. Most algorithms are so strong today it is much easier to go after key management rather than to launch a brute force attack. Hashing algorithms are used for data integrity, encryption does require a good amount of resources, and keys do not have to be escrowed for encryption

Answer 50

D. Message A was encrypted with key A and the result is ciphertext Y. If that same message A were encrypted with key B, the result should not be ciphertext Y. The ciphertext should be different since a different key was used. But if the ciphertext is the same, this occurrence is referred to as key clustering.

Answer 51

B. The work factor of a cryptosystem is the amount of time and resources necessary to break the cryptosystem or its encryption process. The goal is to make the work factor so high that an attacker could not be successful in breaking the algorithm or cryptosystem.

Answer 52

B. Passwords are usually run through a one-way hashing algorithm so the actual password is not transmitted across the network or stored on a system in plaintext. This greatly reduces the risk of an attacker being able to obtain the actual password.

Answer 53

B. The RSA algorithm’s security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers used to generate that product.

Answer 54

A. DES is a symmetric algorithm. RSA is an asymmetric algorithm. DES is used to encrypt data, and RSA is used to create public/private key pairs.

Answer 55

A. When an HMAC function is used, a symmetric key is combined with the message, and then that result is put though a hashing algorithm. The result is an HMAC value. HMAC provides data origin authentication and data integrity.

Answer 56

B. Different values can be used independently or together to play the role of random key material. The algorithm is created to use specific hash, passwords, and\or salt values, which will go through a certain number of rounds of mathematical functions dictated by the algorithm.

Answer 57

A and B. The Electronic Code Book (ECB) mode should be used to encrypt credit card PIN values, and the Cipher Block Chaining (CBC) mode should be used to encrypt documents.

Answer 58

B. Since data is transmitting over dedicated WAN links, link encryptors can be implemented to encrypt the sensitive data as it moves from branch to branch.

Answer 59

C. The users can be authenticated by providing digital certificates to the software within a PKI environment. This is the best authentication approach, since SSL requires a PKI environment.

Answer 60

B. IPSec can be configured using the AH protocol, which enables system authentication but does not provide encryption capabilities. IPSec can be configured with the ESP protocol, which provides authentication and encryption capabilities.

Answer 61

D. Trusted Platform Module (TPM) is a microchip that is part of the motherboard of newer systems. It provides cryptographic functionality that allows for full disk encryption. The decryption key is wrapped and stored within the TPM chip.

Answer 62

A. A digital signature is a hash value that has been encrypted with the sender’s private key. A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. When e-mail clients have this type of functionality, each sender is authenticated through digital certificates

Answer 63

b. The availability service for data in storage deals with backup and archive storages. During a key’s crypto-period, keying material (i.e., keys and initialization vectors) should be stored in both normal operational storage and in backup storage. After the end of a key’s crypto-period, keying material should be placed in archive storage. The other three choices do not deal with backup and archive storages.

Answer 64

b. In general, escrow is something (for example, a document or an encryption key) that is delivered to a third party to be given to the grantee only upon the fulfillment of a predefined condition (i.e., a grantor and grantee relationship with a third party in the middle). Key escrow is the processes of managing (for example, generating, storing, transferring, and auditing) the two components of a cryptographic key by two component holders. A key component is the two values from which a key can be derived. A key escrow system entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called escrow agents). The other three choices are incorrect. Key list is a printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. Key loader is a self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module. Key exchange is the process of exchanging public keys and other information in order to establish secure communications.

Answer 65

b. Transaction privacy controls include secure sockets layer (SSL), transport layer security (TLS), and secure shell (SSH) to protect against loss of privacy for transactions performed by an individual. Mandatory access controls (MAC) define access control security policy.

Answer 66

b. Key rollover is the process of generating and using a new key (symmetric or asymmetric key pair) to replace one already in use. Rollover is done because a key has been compromised as a result of usage and age. The DNSSEC-aware resolver is incorrect because it is an entity that sends DNS queries, receives DNS responses, and understands the DNSSEC specification, even if it is incapable of performing validation. A zone-signing key is incorrect because it is an authentication key that corresponds to a private key used to sign a zone. A key signing key is incorrect because it is an authentication key that corresponds to a private key used to sign one or more other authentication keys for a given zone.

Answer 67

c. Secure hypertext transfer protocol (S-HTTP) is used for encrypting data flowing over the Internet, but it is limited to individual messages. Secure sockets layer (SSL) and transport layer security (TLS) are designed to establish a secure connection between two computers. Hypertext transfer protocol (HTTP) cannot do encryption and is not as secure as S-HTTP.

Answer 68

B. Entropy is the uncertainty of a random variable, which is stated in bits. Min-entropy is the worst-case measure of uncertainty for a random variable with the greatest lower bound. Min-entropy is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is a measure of the difficulty that an attacker has to guess the value of a secret (e.g., a password). Guessing entropy refers to an attacker that knows the actual password frequency distribution. Max-entropy and min-max entropy are not usually used in the context of entropy.

Answer 69

A. Changing cryptographic keys frequently and increasing the key length can fight against the brute force attacks on keys. Changing protocols and algorithms cannot fight against the brute force attacks because the changed protocols and algorithms could be subjected to the same attacks or different attacks.

Answer 70

A. Nonce is a time-varying and nonrepeating cryptographic value with the use of a timestamp, a sequence number, or combination, which are freshly generated random values. Checksums and check digits are used to ensure data accuracy during data entry and data transmission. Payload is a part of the data stream representing the user information in a communication. Protocol is a set of rules used by two or more entities that describe the message order and data structures for information exchange between the entities. A public key is a cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. A private key is a cryptographic key, used with a public key cryptographic algorithm that is uniquely associated with an entity and that is not made public.

Answer 71

D. A self-signed certificate is a public key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data but does not guarantee authenticity of the information. The trust of a self-signed certificate is based on the secure procedures used to distribute it. The X.509 certificate comes in two types: X.509 public key certificate (most common) and the X.509 attribute certificate (less common). A public key certificate is a set of data that uniquely identifies an entity and binds the public key to the entity. The private key is mathematically linked with a corresponding public key.

Answer 72

C. The AES-128 bit key is an example of optional-to-implement encryption algorithm that provides a greater security. Other variants of AES include AES-192 bit keys and AES-256 bit keys. The DES algorithm, RC2, and the RSA-512 bit key do not provide adequate security. The DES and RC2 are examples of mandatory-to-implement encryption algorithms that do not provide adequate security. Mandatory-to-implement algorithms will be in any product that meets the public standards, enabling interoperability between products. Optional-to-implement algorithms are next-generation algorithms with improved security that could increase the longevity of a system.

Answer 73

C. A lightweight directory access protocol (LDAP) is a centralized directory that becomes a major focal point as a tool for access control. It uses names, addresses, groups, roles, devices, files, and profiles to enable a modular, expandable access control and single sign-on solution to be deployed rapidly for all application systems. The other three choices do not have such capabilities as the LDAP does. An online certificate status protocol (OCSP) responder is a trusted system and provides signed status information, on a per certificate basis, in response to a request from a relying party. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An overthe-air rekeying (OTAR) protocol is used in digital radios to handle cryptographic security. LDAP, CRLs, and OCSP are used to provide a path validation in a public-key certificate.

Answer 74

B. Most commonly, the certificate revocation lists (CRLs) are distributed via lightweight directory access protocol (LDAP) directories or Web servers. The certificate management protocol (CMP) and HTTP uniform resource locators (HTTP URLs) are not used to distribute CRLs. Both the LDAP and HTTP URLs are used to specify the location of CRLs. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An LDAP is a centralized directory that becomes a major focal point as a tool for access control.

Answer 75

C. Encryption key breaking is not a common method because it is difficult to do and may take years to do. It requires an extensive knowledge of algorithms, hardware, and software that is not possessed by too many people. Password cracking involves guessing a password, which can then be used to gain access to a system. Packet sniffing involves placing a rogue program in a host computer or in a network switch. The program will then monitor all information packets as they go through the network. A malicious code can be sent along with Internet-based e-mail. When the message is received, the attacker’s code will be executed.

Answer 76

B. The user should not destroy the private key establishment key until all symmetric keys established using this key have been recovered or protected by encryption under a different key. Premature destruction of private key establishment keys may prevent recovery of the subscriber’s plaintext data. The keys in the other three choices can be destroyed safely.

Answer 77

B. The transport layer security (TLS) and secure socket layer (SSL) protocols are the primary end-to-end security protocols used to protect information on the Internet. TLS is an enhanced version of SSL; these protocols are similar but not identical. TLS is a robust protocol that is used to protect various links, such as authentication server to a wireless access point, the electronic mail link between client and server, or dedicated network infrastructure applications primarily involving machines with no human user involvement.

Answer 78

C. Mandatory-to-implement cryptographic algorithms will be in any cryptographic product that meets the public standards (for example, IETF’s RFCs and ANSI) enabling interoperability between products. AES is an optional-to-implement algorithm now that could become mandatory-to-implement in the future. DES and RC2 are mandatory and do not provide adequate security. DH is the Diffie Hellman algorithm, which is used to provide key agreement. ECDH is the elliptic curve Diffie-Hellman algorithm, which is used to support key establishment; 3-TDEA is three key TDEA; RSA is a public-key algorithm, whereas ECDSA is a digital signature algorithm.

Answer 79

D. A transport layer security (TLS) session requires server authentication and requests certificates from the client and the server. The RSA key transport method implicitly authenticates the server to the client. In a Diffie-Hellman (DH) key agreement, the server authenticates itself by supplying a signed static DH key in a certificate or by signing an ephemeral key and sending a certificate with its public signing key. Thus, the server will always send a certificate, with either a signing key or a key-establishment key. In a static-to-static DH key agreement, client certificates will not contain a signing key thus are not recommended to use in a TLS session. This is because the server may request a certificate from the client.

Answer 80

C. A key used for key wrapping is known as a key encrypting key, which is used to encrypt a symmetric key using another symmetric key. Key wrapping provides both confidentiality and integrity protection using a symmetric key. The other three choices are not used in key wrapping. Key transport is a key establishment procedure whereby one party (sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). Key update is a function performed on a cryptographic key to compute a new but related key. Key bundle is a set of keys used during one operation, typically a TDEA operation.

Answer 81

B. A key management infrastructure provides a unified and seamless structure for the generation, distribution, and management of cryptographic keys. It starts at the central oversight authority (the highest node, which is not used in the question) and moves down to key processing facility (the next highest node), service agent, client node, and user entities (the lowest node).

Answer 82

D. Service agents support an organization’s key management infrastructure as single point-of-access for other nodes, including key processing facility, client nodes, and user entities.

Answer 83

A. Recent advances in cryptographic technology have lead to the development of public key cryptographic algorithms. These algorithms are referred to as “asymmetric” because they rely on two different keys to perform cryptographic processing of data. These keys are generated and used in pairs consisting of private and public key components. Public key crypto-systems make possible authentication schemes in which a secret can be verified without the need to share that secret. In public key cryptography, each user independently generates two mathematically related keys. One is typically made public, so it is referred to as the public key. The other is kept private, so it is referred to as the user’s private key. The public key becomes in effect part of the user’s identity and should be made well known as necessary, like a phone number. Conversely, the private key should be known only to the user because it can be used to prove ownership of the public key and thus the user’s identity. It is computationally infeasible to derive a user’s private key from the corresponding public key, so free distribution of the public key poses no threat to the secrecy of the private key. The private key component of the public key cryptography is used to create the digital signatures. Similar to a written signature, a digital signature is unique to the signer except that it can be verified electronically. This is made possible by the fact that in public key crypto-systems, digital signatures are generated with the private key component of the public/private key pair. The corresponding public key is used to verify the signature. Because a given user’s private key does not need to be shared with other parties, there is a strong association between the user’s identity and possession of the private key. Key escrow cryptographic techniques are used in electronic surveillance of telecommunications by law enforcement officials. A definition of a key escrow system is that an encryption key or a document is delivered to a third person to be given to the grantee only upon the fulfillment of a condition. A key escrow system is one that entrusts the two components comprising a cryptographic key (for example, a device unique key) to two key component holders (also called “escrow agents”). The key component holders provide the components of a key to a “grantee” (for example, a law enforcement official) only upon fulfillment of the condition that the grantee has properly demonstrated legal authorization to conduct electronic surveillance of telecommunications encrypted using the specific device whose device unique key is being requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key that is then used to decrypt the telecommunications that are encrypted with that session key. The digital signature does not use the key escrow cryptography. The primary feature distinguishing secret key algorithms is the use of a single secret key for cryptographic processing. The use of advanced encryption standard (AES) is an example of secret key cryptography. The AES algorithm can be implemented with reasonable efficiency in the firmware of a smart token. Electronic signatures can use either secret key or public key cryptography. The digital signature is not using the secret key cryptography due to sharing of a secret key by two parties. Hybrid approaches are possible, where public key cryptography is used to distribute keys for use by secret key algorithms. However, the digital signature is not using the hybrid approaches.

Answer 84

D. All four items are examples of procedural security controls for recognizing trusted CA and RA roles. The CA is a trusted third party that generates, issues, signs, and revokes public key certificates. The CA can delegate responsibility for the verification of the subject’s identity to an RA. The RA is a trusted entity that establishes and vouches for the identity of a subscriber to a credentials service provider (CSP).

Answer 85

D. The emphasis should be to use nonrepeating values in message authentication to ensure that an attempt to replay an earlier successful authentication exchange will be detected. Timestamps, sequence numbers, and unpredictable values can detect replay attempts. Timestamps assume there is a common reference that logically links a claimant and verifier. On receipt of an authentication message, the verifier calculates the difference between the timestamp in the message and the time of receipt. If this difference is within the expected time window, the message is accepted. A message with a particular sequence number is accepted only once as agreed by the claimant and verifier in advance. Messages received by a verifier are checked for acceptability within the range of agreed-upon values. An unpredictable value, or challenge, is sent by the verifier, and he will ensure that the same challenge is not reused within the time frame of concern. The values used do not require true statistical randomness. The only requirement is that the values should be unpredictable with a high probability of nonrepeating. The problem with the statistical random value is that it deals with probabilities of occurrence and sampling methods, which will not meet the requirements of the other three choices.

Answer 86

A. Ephemeral keys are cryptographic keys that are generated for each execution of a key establishment process and that meet other requirements of the key (for example, unique to each message or session and short-lived). It may not be practical or necessary to maintain accounting records for relatively short-lived keys such as ephemeral keys. This is because user devices (for example, user entities at client nodes) generate ephemeral keys, and they are intended for use within the client node. The other three choices need accounting records. Encrypted keys are encrypted with a key encrypting key to disguise the value of the underlying plaintext key. The key encrypting key is used for the encryption or decryption of other keys.

Answer 87

C. The consequences of willful or negligent mishandling of cryptographic keying materials (for example, keys and initialization vectors) should be commensurate with the potential harm that the policy violation can result in for the organization and other affected parties. The actual harm cannot be known in advance, and there is no guarantee that harm will occur for certain.

Answer 88

A. Notification of users of compromised keys, emergency key revocation, and secure replacement of the compromised keys are a part of normal recovery procedures. Key destruction must take place only when an external attacker is involved, not when user errors and system problems are involved during the course of regular work. The other three choices are normally used during the compromise recovery process.

Answer 89

D. The AES-128 bit key in counter mode with CBC-MAC provides both encryption and integrity protection. The AES-128 bit in CBC mode and the AES-128 bit in counter mode provide only encryption whereas the HMAC SHA1-96 bit provides only integrity protection. The encrypted ESP should not be used without integrity protection because the ESP needs both encryption and integrity protection.

Answer 90

A. The authentication header (AH) protects the Internet Protocol (IP) header and the data following the IP header. However, the AH processing introduces unnecessary complexity. Because the encapsulating security protocol (ESP) can provide equivalent functionality as the AH, the use of AH is not recommended due to its complexity in processing. Moreover, the ESP protects the source and destination addresses in the IP header in both transport and tunnel modes. Hence, the ESP is better than the AH.

Answer 91

C. The counter value in the AES-GCM or AES-GMAC is used for more than one packet with the same key. Therefore, the security of these algorithms’ confidentiality mechanism is compromised. The DES-CBC mode is susceptible to compromise. Also, the AES-GCM and AES-GMAC should not be used with manually distributed keys. Automated keying using the Internet key exchange (IKE) establishes secret keys for the two peers within each security association (SA) with low probability of duplicate keys.

Answer 92

C. After completion of the handshake sequence, the transport layer security (TLS) protocol provides a secure communication channel between the server and client for the duration of a communication session. All cipher suites provide authentication and integrity protection for transferred data, and most TLS cipher suites also provide encryption. If encryption is provided, data is encrypted when sent and decrypted when received. TLS does not, however, provide a cryptographic nonrepudiation service to allow a validation of the session data or authentication after the communication session has been ended by a third party.

Answer 93

D. The secure/multipurpose Internet mail extension (S/MIME) provides a consistent way to send and receive secure Internet mail. However, S/MIME is not restricted to e-mail; it can be used with any transport mechanism that employs MIME protocols, such as HTTP. The TDEA in CBC mode or AES-128-bit key in CBC mode is used to provide encryption only.

Answer 94

D. An end user is the individual using a client to access the system. Even within a centrally managed environment, end users may find that they have a significant amount of control over some of the security features within an S/MIME implementation. End users should not send the same message both encrypted and in plaintext. The end users can do the other three choices.

Answer 95

A. Either the Rivest, Shamir, and Adelman (RSA) or digital signature algorithm (DSA) with key sizes greater than or equal to 1024 bits is used to provide digital signatures. They are not used for hash values and key agreement, although less than 1024-bit keys are used for encryption.

Answer 96

C. The Diffie-Hellman (DH) algorithm is used to provide key agreement. The DH algorithm cannot provide digital signatures, hash values, and encryption.

Answer 97

A. The proof-of-possession is a verification process whereby it is proven that the owner of a key pair actually has the private key associated with the public key. The owner demonstrates the possession by using the private key in its intended manner. Without the assurance of possession, it would be possible for the certificate authority to bind the public key to the wrong entity. The other three choices do not demonstrate proof-of-possession.

Answer 98

D. The security strength of a cryptographic algorithm as well as entropy, hash function, and the Internet Protocol (IP) address identifier are specified in bits.

Answer 99

A. Certificate authorities (CAs) generally issue a self-signed certificate (called root certificate), which is also called a trust anchor. CAs that a relying party trusts directly are called trust anchors. When multiple trust anchors are recognized, the set of trust anchors is referred to as the trust list. CA certificates play a key role in many protocols and applications and are generally kept in what is often called a root certificate store. Trust keys are used in trust anchors. Root certificate store is used in validating certificate path.

Answer 100

C. Cryptographic hash algorithms (hash functions) do not require keys. The hash functions generate a relatively small digest (hash value) from a large input that is difficult to reverse. However, in some instances such as in the generation of hashed message authentication codes (HMAC), keyed hash functions are used. Symmetric key algorithms (known as secret/private) transform data that is difficult to undo without knowledge of a secret key. Asymmetric key algorithms (known as public) use two related keys to perform their functions (i.e., a public key and a private key forming a key pair).

Answer 101

B. Although message integrity is often provided using noncryptographic techniques known as error detection codes, these codes can be altered by an attacker for his benefit and hence create insecurity. Use of message authentication code (MAC) can alleviate this problem as it is based on block cipher algorithm. The cryptographic checksum is an algorithm that uses the bits in the transmission to create a checksum value and hence is secure. A noncryptographic technique does not use a cryptographic key.

Answer 102

A. Key wrapping is the encryption of a key by a key encrypting key using a symmetric algorithm. Key wrapping provides both confidentiality and integrity services to the wrapped material and does not provide services listed in the other three choices

Answer 103

A. The man-in-the-middle (MitM) attack takes advantage of the store-and-forward mechanism used by insecure networks such as the Internet. Digital signatures and split knowledge procedures are effective against such attacks. Faster hardware and packet filters are effective against denial-of-service (DoS) attacks.

Answer 104

A. Digital signatures cannot by themselves provide confidentiality service; instead, they provide authentication, integrity, and non repudiation services. Specific algorithms used for digital signatures include DSA, RSA, PKCS, and ECDSA.

Answer 105

B. The transport layer security (TLS) protocol is protected by strong cryptographic integrity, an authentication mechanism, and encrypted payload. The TLS can detect any attack or noise event but cannot recover from errors. If an error is detected, the protocol run is simply terminated. Hence, the TLS needs to work with the TCP (transport control protocol) to recover from errors.

Answer 106

B. The digital signature algorithm (DSA) produces digital signatures of 320, 448, or 512 bits using the key size of 160, 224, or 256 respectively. Hence, the length of the digital signature is two-times the length of the key size.

Answer 107

A. Cryptographic key establishment schemes are used to set up keys to be used between communicating entities. The scheme uses key transport and key agreement. The key transport is the distribution of a key from one entity to another entity. The key agreement is the participation by both entities in the creation of shared keying material (for example, keys and initialization vectors). The key establishment scheme does not deal with the other three choices.

Answer 108

B. Forward error-correcting codes are a subset of noncryptographic checksums (i.e., they use an algorithm without secret information in terms of a cryptographic key) that can be used to correct a limited number of errors without retransmission. If forward error-correction is applied before encryption and errors are inserted in the ciphertext during transmission, it is difficult to decrypt, thus making the errors uncorrectable. Therefore, it is preferable to apply the forward errorcorrection mechanism after the encryption process. This will allow the error correction by the receiving entity’s system before the ciphertext is decrypted, resulting in correct plaintext.

Answer 109

A. Shared secrets are generated during a key establishment process. Intermediate results of cryptographic operations are generated using secret information. Therefore, both shared secrets and intermediate results should not exist outside the cryptographic boundary of the crypto-module due to their sensitivity and criticality. The other three choices either do not exist outside the cryptographic boundary or they are less sensitive and critical.

Answer 110

C. The crypto-period of a symmetric key is the period of time from the beginning of the originator usage period to the end of the recipient usage period.

Answer 111

A. Both random number generator (RNG) seeds and intermediate results should be destroyed after use due to their sensitivity. Domain parameters remain in effect until changed. Shared secrets and initialization vectors should be destroyed as soon as they are no longer needed. A nonce should not be retained longer than needed for cryptographic processing.

Answer 112

B. The strength of cryptographic protection is determined by the weakest algorithm and the key size used. This is explained as follows: A 160-bit ECDSA and 128-bit AES provide 80 bits of security. A 256-bit ECDSA and 128-bit AES provide 128 bits of security. A 256-bit SHA and 1024-bit RSA provide 80 bits of security. A 256-bit SHA and 2048-bit RSA provide 112 bits of security. Therefore, 80 bits of security is weaker than 112 bits and 128 bits of security.

Answer 113

B. A cryptographic algorithm’s originator usage period is the period of time that a cryptographic algorithm and the key size are used to apply cryptographic protection. When the security life of the data is taken into account, cryptographic protection should not be applied to data using a given algorithm and key size if the security life of the data extends beyond the end of the algorithm security lifetime. Hence, the algorithm security life is the algorithm originator usage period plus the security life of the data.

Answer 114

A. A shared secret is a secret value that has been computed using a key agreement scheme and is used as input to a key derivation function. Hence, shared secrets should not be distributed while the other three choices can be safely distributed most of the time. Because the initialization vectors are often stored with the data that they protect, a determined attacker (not a normal attacker) could take advantage of them for hacking.

Answer 115

D. The private signature key need not be backed up because nonrepudiation would be in question. This is because proof-of-origin and proof-of-delivery are needed for a successful nonrepudiation using private signature key by the originator (i.e., the signatory). Therefore, the private signature key should be protected in a safe and secure location. The other three choices can be backed up without any question.

Answer 116

B. A checksum is a program that forms a cryptographic checksum of files in a computer system to allow their integrity to be checked at will. However, the checksum program adds overhead to the system in terms of adding more bytes to each program and increases boot-up time by several minutes. Any attempt to recompile a program will be flagged as a “virus type” activity (when it is not) and will be stopped. It misleads a program recompilation process.

Answer 117

A. An archive for keying material (i.e., keys and initialization vectors) should provide both integrity and access control. When archived, keying material should be archived prior to the end of the crypto-period of the key. When no longer required, the keying material should be destroyed. Private signature key need not be archived because it is private but should be protected in a safe and secure location.Both symmetric and public authentication keys should be archived until no longer required to authenticate the data. A symmetric master key should be archived until no longer needed to derive other keys.

Answer 118

A. A digital signature provides for nonrepudiation of origin. A simpler alternative to a digital signature is a hash function, where the message is indexed to a digest for integrity checking. It requires that both parties trust one another. However, it is of limited use because it does not provide for repudiation of origin. A digital certificate contains identification information about its holder. It includes a public key and a unique private key. Exchanging keys and certificates allows two parties to verify each other’s identities before communicating. A handwritten signature is similar to a digital signature in that it places a unique mark on a document that verifies the identity of the sender. A major problem with the handwritten signature is that it can be forged. A certificate authority is a third party that distributes public and private key pairs.

Answer 119

A. Domain parameters should be archived until all keying material, signatures, and signed data using the domain parameters are removed from the archive. The other three choices should not be archived due to their secrecy and because they are temporary in nature. One exception is that a shared secret is sometimes permanent as in a preshared key (PSK) for a site-to-site IPsec VPN.

Answer 120

A. Where symmetric keys or private asymmetric keys are used to protect only a single user’s local information in communications between a single pair of users, the compromise recovery process can be relatively simple and inexpensive. The damage assessment and mitigation measures are often local matters. On the other hand, damage assessment can be complex and expensive where (i) a key is shared by or affects a large number of users, (ii) certification authority’s (CA’s) private key is replaced, (iii) transport keys are widely used, (iv) keys are used by many users of large distributed databases, and (v) a key is used to protect a large number of stored keys.

Answer 121

B. For all cryptographically based mechanisms, the strength of the mechanism lies partly in the strength of the cryptographic algorithm (including key size), partly in the security of any communication protocol, and in large part, in the protection provided to secret key material (i.e., keys and initialization vectors). A secret key is a symmetric key that is not made public and requires protection from disclosure.

Answer 122

B. In general, protocols and applications are designed to use cryptographic algorithms from one mathematical family. For most uses, digital signature keys and key establishment keys should provide consistent cryptographic strength. For example, applications that encounter certificates with elliptic curve digital signature algorithm (ECDSA) digital signatures would expect to use elliptic curve DiffieHellman (ECDH) for the key establishment key. Rivest, Shamir, and Adelman (RSA) is not compatible with ECDSA, whereas it is compatible with DH. It is advisable that users obtain an authentication type key, a digital signature key, and a key establishment key that are complementary in nature to ensure that the keys can be used together in protocols and applications. Complementary algorithms for public keys enhance interoperability.

Answer 123

B. Reliable delivery of data implies that all messages presented to the sending TCP/IP stack are delivered in proper sequence by the receiving TCP/IP stack. These messages may be broken up into packets and fragmented or segmented as they are sent and routed through any arrangement of local-area, wide-area, or metropolitan-area networks. During routing through networks, data are augmented with cyclical redundancy checks or forward error correction techniques to help ensure that the delivered messages are identical to the transmitted messages. Reliable delivery means that the messages are properly reassembled and presented in proper sequence to the peer protocol TLS entity. Here, the TLS relies on the communications functionality of the OSI/ISO lower layer protocols.

Answer 124

D. The TLS version 1.1 mandates the use of the TLS and RSA with 3DES-EDE-CBC and SHA-1 cipher suite, and is more commonly used. The DES with RC4-40, RC2-CBC-40, and DES-40 cannot be combined with TLS because the algorithm is deprecated. The TLS and DHE-DSA with 3DES-EDE-CBCand SHA-1 is not often used. The TLS version 1.0 uses the TLS and DHE-DSS with 3DES-EDE-CBC and SHA-1.

Answer 125

C. The transport layer security (TLS) protocol’s security specification for ensuring the confidentiality goal is 3DES-EDE-CBC. RSA is used for key establishment, a DSA is used for digital signatures, and MD5 is used for hash function purposes.

Answer 126

C. A digital certificate is a password-protected and encrypted file that contains identification information about its holder. It is not a modem-protected file.

Answer 127

B. The ISO/ITU-T X.509 standard defines two types of certificates: the X.509 public key certificate and the X.509 attribute certificate. Most commonly, an X.509 certificate refers to the X.509 public key certificate. The public key certificate contains three nested elements: (i) the tamper-evident envelope (digitally signed by the source), (ii) the basic certificate content (for example, identifying information and public key), and (iii) extensions that contain optional certificate information. The X.509 attribute certificate is less commonly used.

Answer 128

D. In the recursive feature, the message is parsed one protection at a time until it yields a standard HTTP content type. Here, protections are applied in layers, one layer after another to achieve higher levels of protection. S-HTTP uses a simple challenge-response to ensure that data being returned to the server is “fresh.” Algorithm independence means new cryptographic methods can be easily implemented. Syntax compatibility means that the standard HTTP messages are syntactically the same as secure HTTP messages.

Answer 129

D. The Secure Sockets Layer (SSL) is an open and nonproprietary protocol that provides services such as mutual authentication, message privacy, and message integrity. Mutual handshake is not done by SSL.

Answer 130

C. Traffic padding is a function that generates a continuous stream of random data or ciphertext. True data is mixed with extraneous data thus making it difficult to deduce the amount of traffic, that is, traffic analysis. Encryption is good with traffic padding because it can disguise the true data very well and requires a key to decipher the encrypted data. Passwords are incorrect because they are most often associated with user authentication, not with traffic padding. Smart tokens and memory tokens are incorrect because they are also used to authenticate users. Memory tokens store, but do not process, information, whereas smart tokens both store and process information.

Answer 131

D. File labels are used in computer job runs to process application systems data to ensure that the right file is used. Encryption algorithms, due to their encryption and decryption mechanisms and by keeping the encryption keys secure, provide integrity to the message transmitted or stored. Hashing algorithms are a form of authentication that provides data integrity. File seal is adding a separate signature to software and partly works with virus checking software. When the file seal and virus checking software signatures do not match, it is an indication that data integrity has been compromised.

Answer 132

B. Functional capabilities can be placed inside network components to control access and protect information from misuse. Automated access control systems can require users and systems to log on to a network by identifying themselves and providing an automated password or similar control. Link and end-to-end encryption devices can protect information from misuse during transmission over a circuit or through a network. Link encryption is the application of online crypto-operation to a link of a communications system so that all information passing over the link is encrypted in its entirety. End-toend encryption is the encryption of information at its origin and decryption at its intended destination without any intermediate decryption. Administrative control is incorrect because it deals with handling the paperwork associated with operating a network. The scope includes receiving requests for service from prospective users, notifying operations personnel of dates that devices should be connected and disconnected, maintaining a directory of network users and services, authorizing users to access the network and, issuing passwords. Cost control is incorrect because it deals with cost recovery and avoidance. It includes price setting for network services and billing the users. The price of network services is often a function of the volume of information exchanged, the duration of usage, the distance between parties, and the time of day of usage. Technical control is incorrect because it includes activities such as failure detection, problem diagnosis, and service restoration of network components. The scope includes alarms, status indicators, test equipment interfaces, remote controls, and automatic monitoring.

Answer 133

A. Passive wiretapping includes not only information release but also traffic analysis (using addresses, other header data, message length, and message frequency). Security measures such as traffic padding can be used to prevent traffic analysis attacks. Active wiretapping includes message stream modifications, including delay, duplication, deletion, or counterfeiting.

Answer 134

C. A hash-based message authentication code (HMAC) is based on a symmetric key authentication method using hash functions. A symmetric key is a cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code (MAC), and to verify the code. Asymmetric key is incorrect because there are two related keys in asymmetric keys; a public key and a private key that are used to perform complementary operations, such as encryption and decryption, or signature generation and signature verification. Public key is incorrect because it is the public part of an asymmetric key pair that is typically used to verify signatures or encrypt data. Private key is incorrect because it is the secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.

Answer 135

C. A message authentication code (MAC) is a cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data.

Answer 136

D. A hash function maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions must satisfy the following two properties: one-way and collision resistant. It is computationally infeasible to find any input that map to any prespecified output or two distinct inputs that map to the same output. Offline attack is an attack where the attacker obtains some data through eavesdropping that he can analyze in a system of his own choosing. Online attack is an attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

Answer 137

A. Entropy is a measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits as it relates to information theory. It is a statistical parameter. Random number is incorrect because it can be used to generate passwords or keys. Nonce is incorrect because it is a value used in security protocols that is never repeated with the same key. Pseudonym is incorrect because it is a subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing.

Answer 138

A. Salt is a nonsecret value that is used in a cryptographic process, usually to ensure that an attacker cannot reuse the results of computations for one instance. Shared secret is incorrect because it is a secret used in authentication that is known to the claimant and the verifier. Min-entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. Guessing entropy is incorrect because it is a measure of the difficulty that an attacker has to guess the average password used in a system.

Answer 139

C. Digital watermarks are used to prove proprietary rights. It is the process of irreversibly embedding information into a digital signal. An example is embedding copyright information about the copyright owner. Digital libraries are storage places for data and programs. Digital signals are electronic switches in computers and are represented as binary digits called bits. Digital signatures are a security authorization method to prove that a message was not modified.

Answer 140

B. Steganography is a part of cryptology that deals with hiding messages and obscuring who is sending or receiving them. Message traffic is padded to reduce the signals that otherwise would come from the sudden beginning of messages. Quantum cryptography is based on quantum-mechanics principles where eavesdroppers alter the quantum state of the system. Cryptology is the science and study of writing, sending, receiving, and deciphering secret messages. It includes authentication, digital signatures, steganography, and cryptanalysis. Cryptology includes both cryptography and cryptanalysis. Cryptology is the science that deals with hidden communications. Cryptography involves the principles, means, and methods used to render information unintelligible and for restoring encrypted information to intelligible form.

Answer 141

D. The cipher block chaining method is used to convert a block encryption scheme with a variable length key into a stream encryption of arbitrarily sized messages. In link encryption, all information passing over the link is encrypted in its entirety. Link encryption is also called an online encryption. Simultaneous encryption of all channels of a multichannel telecommunications trunk is called a bulk encryption. In end-to-end encryption, the information is encrypted at its origin and decrypted at its intended destination without any intermediate decryption. End-to-end encryption is also called an offline encryption. In link encryption, bulk encryption, and end-to-end encryption, the algorithm takes a fixed-length block of message (for example, 64 bits in the case of both DES and IDEA).

Answer 142

B. A checksum is digits or bits summed according to arbitrary rules and used to verify the integrity of data. All forms of checksums have the same objective, that is, to ensure that the conveyed information has not been changed in transit from sender to recipient. The difference between these checksums is how strong the protective mechanism is for changing the information, that is, how hard it will be to attack for a knowledgeable attacker, not for a natural source. A message authentication code is a cryptographic checksum with the highest form of security against attacks. The public key is used to encrypt the message prior to transmission, and knowledge of a private (secret) key is needed to decode or decrypt the received message. A data checksum is incorrect because it catches errors that are the result of noise or other more natural or nonintentional sources. For example, most of these errors are due to human errors. A digital signature is incorrect because it is a form of authenticator. It is decrypted using the secret decryption key and sent to the receiver. The receiver may encrypt, using the public key, and may verify the signature, but the signature cannot be forged because only the sender knows the secret decryption key. Nonpublic key algorithms can also be used for digital signatures. The basic difference between the message authentication code and the digital signature is that although message authentication codes require a secret (private) key to verify, digital signatures are verifiable with a public key, that is, a published value. Message authentication codes are used to exchange information between two parties, where both have knowledge of the secret key. A digital signature does not require any secret key to be verified. A cyclic redundancy check (CRC) is incorrect because it uses an algorithm for generating error detection bits, and the receiving station performs the same calculation as the transmitting station. If the results differ, then one or more bits are in error. Both message authentication codes and digital signatures operate with keys (whether public or private), are based on cryptography, and are hard to attack by intruders. On the other hand, data checksums and cyclic redundancy checks operate on algorithms, are not based on cryptography, and are easily attacked by intruders.

Answer 143

A. For confidentiality service, encryption with an approved algorithm is needed for the cryptographic module. Moreover, the encryption mechanism should not be an easier way to recover the key encrypting key than it is to recover the key being encrypted. In other words, recovering the key being encrypted should be relatively easier and recovering the key encrypting key should be difficult.

Answer 144

D. Checksums are of two types: a cryptographic checksum and a noncryptographic checksum. A cyclic redundancy code is a noncryptographic checksum, which is designed to detect random bit changes, not purposeful alterations or malicious tampering. These checksums are good at finding a few bits changed at random. The other three incorrect choices are based on cryptographic checksum techniques. Message authentication code is a message digest with a password attached to it. The intent is that someone cannot re-create the code with the same input unless that person also knows the secret key (password). A digital signature is a message digest encrypted with someone’s private key to certify the contents. Digital signatures perform three important functions: integrity, authentication, and nonrepudiation. A message digest is a hash code produced by a mathematical function. It takes variable length input and reduces it to a small value, and a small change in the input results in a significant change in the output. Secure hash algorithms create a short message digest. The message digest is then used, with the sender’s private key and the algorithm specified in digital signature standard, to produce a message-specific signature. Verifying the digital signature standard involves a mathematical operation on the signature and message digest, using the sender’s public key and the hash standard.

Answer 145

A. Password hashing requires storing a password in its hash form, which is better than storing an unencrypted password. When a password is supplied, it computes the password’s hash and compares it with the stored value. If they match, the password is correct. An attacker cannot derive the password from the hashes. It is good to hide the hashed password list. The other three incorrect choices are weak forms of handling a password. Encrypting passwords leads to judgmental errors. A password can be easily guessed if the user selects the password from a word dictionary. An exhaustive search may then “crack” the password.

Answer 146

C. Message padding adds bits to a message to make it a desired length—for instance, an integral number of bytes. Traffic padding involves adding bogus traffic into the channel to prevent traffic analysis, which is a passive attack. Data checksums are digits or bits summed according to arbitrary rules and used to verify the integrity of data. The one-time pad contains a random number for each character in the original message. The pad is destroyed after its initial use.

Answer 147

A. RSA’s technique can be used for document encryption as well as creating digital signatures. DSS is a public key cryptographic system for computing digital signatures only, but not for encryption. Both RSA and DSS appear to be similar. DES is a secret key cryptographic scheme. IDEA is also a secret key cryptographic scheme gaining popularity. Both DES and IDEA use secret (private) key algorithms, whereas DSS and RSA use public key algorithms.

Answer 148

A. A digital signature authorizes and legitimizes the transaction by using a secret decryption key to send it to the receiver. An actual signature written on the computer is incorrect because it is not an actual signature. Instead, a digital signature is decrypted using the secret decryption key and sent to the receiver. Checksum is incorrect because it is a technique to ensure the accuracy of transmission, and it ensures the integrity of files. There is no such thing as an analog signature because a digital signature is needed.

Answer 149

C. Encryption can be used to prevent eavesdroppers from obtaining data traveling over unsecured networks. The items mentioned in the other three choices do not have the same features as encryption. Authentication is the act of verifying the identity of a user and the user’s eligibility to access computerized information. Access controls determine what users can do in a computer system. Intrusion detection systems are software or hardware systems that detect unauthorized use of, or attack upon, a computer or network.

Answer 150

B. The public key system is more secure because transmission involves the public key only; the private key is never transmitted and is kept secret by its holder. On the other hand, in a private key system, both the sender and the recipient know the secret key and thus it can be less secure. Authentication and encryption key systems are incorrect because they can be either public (more secure) or private (less secure) key systems.

Answer 151

C. Improper error handling during a transmission between a sender and a receiver can result in side channel attacks, which can result in integrity failures. A security policy should define the response to such a failure. Remedies for integrity failures can include retransmission limited to a predetermined number of times and storing the error data in an audit log for later identification of the source of the error. The other three choices do not allow side channel attacks because they do not deal with transmission errors. Confidentiality deals with privacy and nondisclosure of information, and more. Availability deals with making data and systems within the reach of users. Labels are used to identify attributes, parameters, or the intended use of a key.

Answer 152

C. Public key methods are much slower than private methods and cause overhead, which are their main disadvantages. The public key contains alphanumeric characters. The public key systems use digital signatures for authentication.

Answer 153

B. There are three routes of data interception: direct observation, interception of data transmission, and electromagnetic interception. Data encryption can be a solution to data interception.

Answer 154

C. The XTS-AES mode was designed for the cryptographic protection of data on storage devices that use fixed length data units, and it was not designed for encryption of data in transit. This mode also provides confidentiality for the protected data but not authentication of data or access control.

Answer 155

D. A radius server with extensible authentication protocol (EAP) and transport layer security (TLS) authentication is used to identify and authenticate devices on LANs and/or WANs. It is not used for authenticating system users. The other three choices are used for PKI based authentication of system users.

Answer 156

B. The message authentication code (MAC) provides data authentication and integrity. A MAC is a cryptographic checksum on the data that is used to provide assurance that the data has not changed and that the MAC was computed by the expected entity. It cannot provide other security services.

Answer 157

D. Traffic flow security is a technique to counter traffic analysis attacks, which is the protection resulting from encrypting the source and destination addresses of valid messages transmitted over a communications circuit. Security is assured due to use of link encryption and because no part of the data is known to an attacker. Traffic padding, which generates mock communications or data units to disguise the amount of real data units being sent, also protects traffic analysis attacks. The other two items cannot control traffic analysis attacks. Traffic flow signal control is used to conduct traffic flow analysis. Traffic encryption key is used to encrypt plaintext or to super-encrypt previously encrypted text and/or to decrypt ciphertext.

Answer 158

C. Black core refers to a communications network architecture in which user data traversing a core (global) Internet Protocol (IP) network is end-to-end encrypted at the IP layer. RED refers to data/information or messages that contain sensitive or classified information that is not encrypted whereas BLACK refers to information that is encrypted. Striped core is a communications network architecture in which user data traversing a core (global) IP network is decrypted, filtered, and re-encrypted one or more times. The process of decryption filtering, and re-encryption is performed within a “red gateway”; consequently, the core is “striped” because the data path is alternatively black, red, and black.

Answer 159

C. Digital signature generation should provide security strength of 112 bits or more. Digital signature verification should provide security strength of 80 bits or more. Less than 80 bits or a range between 80 and 112 bits are not acceptable for the digital signature generation.

Answer 160

D. A digital signature is an electronic analogue of a handwritten signature in that it can be used to prove to the recipient, or a third party, that the originator in fact signed the message. It is an encrypted digest of the text that is sent along with a message, usually a text message, but possibly one that contains other types of information, such as pictures. A digital signature authenticates the identity of the sender of the message and also guarantees that no one has altered the document. On the other hand, an electronic signature is a cryptographic mechanism that performs a similar function to a handwritten signature. It is used to verify the origin and contents of a message (for example, an e-mail message). It is a method of signing an electronic message that (i) identifies and authenticates a particular person as the source of the electronic message and (ii) indicates such person’s approval of the information contained in the electronic message. Electronic signatures can use either secret key or public key cryptography.Hence, electronic signatures and digital signatures are not the same.

Answer 161

A. Traffic flow confidentiality protects against sensitive information being disclosed by observing network traffic flows. It uses traffic (message) padding and address hiding controls. In traffic padding, “dummy” traffic is generated to confuse the intruder. Address hiding requires that protocol header information be protected from unauthorized attack via cryptographic means. Testword is incorrect because a string of characters is appended to a transaction by the sending party and verified by the receiving party. A testword is an early technology realization of a seal or signature used in financial transactions. A seal or signature involves cryptographically generating a value that is appended to a plain text data item. Both testwords and seals are used to increase the data integrity of financial transactions.

Answer 162

B. Scalability means the system can be made to have more or less computational power by configuring it with a larger or smaller number of processors, amount of memory, interconnection bandwidth, number of total connections, input/output bandwidth, and amount of mass storage. Scalability is a technology or organizational issue, not a cryptography issue. Interoperability is incorrect because it is needed in cryptography where two or more systems can interact with one another and exchange data according to a prescribed method to achieve predictable results. Mobility is incorrect because it is needed in cryptography to authenticate between local and remote systems. Portability is incorrect because it is needed in cryptography between operating systems and application systems. The other three choices are cryptography issues to deal with.

Answer 163

A. Secure hash algorithm -1 (SHA-1), which is 160 bits, provides less security than SHA-224, SHA-256, and SHA-384. Cryptographic hash functions that compute a fixed size message digest (MD) from arbitrary size messages are widely used for many purposes in cryptography, including digital signatures. A hash function produces a short representation of a longer message. A good hash function is a one-way function: It is easy to compute the hash value from a particular input; however, backing up the process from the hash value back to the input is extremely difficult. With a good hash function, it is also extremely difficult to find two specific inputs that produce the same hash value. Because of these characteristics, hash functions are often used to determine whether data has changed. Researchers discovered a way to “break” a number of hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD, and SHA-0. New attacks on SHA-1 have indicated that SHA-1 provides less security than originally thought. Therefore, the use of SHA-1 is not recommended for generating digital signatures in new systems. New systems should use one of the larger and better hash functions, such as SHA-224, SHA-256, SHA-384, and SHA-512.

Answer 164

B. In symmetric cryptography, the same key is used for both encryption and decryption. If there are four entities such as A, B, C, and D, there are six possible relationships such as A-B, A-C, A-D, BC, B-D, and C-D. Therefore, six keys are required. It uses the formula (n)(n–1)/2 where “n” equals the number of entities.

Answer 165

A. Triple data encryption algorithm (TDEA) encrypts data in blocks of 64 bits, using three keys that define a key bundle. The use of three distinctly different (i.e., mathematically independent) keys is highly recommended because this provides the most security from TDEA; this is commonly known as three-key TDEA (3TDEA or 3TDES). The use of two-key TDEA (2TDEA or 2TDES), in which the first and third keys are identical and the second key is distinctly different, is highly discouraged. Other configurations of keys in the key bundle shall not be used.

Answer 166

B. Critical security parameters (CSP) contain security-related information (for example, secret and private cryptographic keys, and authentication data such as passwords and PINs) whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module. Public security parameters (PSP) deal with security-related public information (for example, public keys) whose modification can compromise the security of a cryptographic module. Sensitive security parameters (SSP) contain both CSP and PSP. In other words, SSP = CSP + PSP. A trusted channel is generally established to transport the SSPs, data, and other critical information shared by the cryptographic module and the module’s operator. The other three choices are incorrect. A port is a physical entry or exit point of a cryptographic module that provides access to the module for physical signals represented by logical information flows. The port security parameters along with data/program security parameters are not that important to the cryptographic module. The private security parameters do not exist.

Answer 167

A. Encryption using keys of 40 or fewer bits is only acceptable for use behind the firewall. Leading cryptographers recommend businesses use key lengths of at least 75 bits, with 90 bits being preferable. The Data Encryption Standard (DES) uses 56 keys, which is still acceptable for near term use.

Answer 168

D. In the implementation phase, the focus is on configuring the system for use in the operational environment. This includes configuring the cryptographic controls. After the system has been configured, certification testing is performed to ensure that the system functions as specified and that the security controls are operating effectively. The security provided by a cryptographic control depends on the mathematical soundness of the algorithm, the length of the cryptographic keys, key management, and mode of operation. A weakness in any one of these components may result in a weakness or compromise to the security of the cryptographic control. A weakness may be introduced at any phase of the system life cycle.

Answer 169

C. Cryptography may provide methods that protect security relevant software, including audit trails, from undetected modification. This is addressed as part of the integrity controls. Physical access controls are incorrect because they deal with prevention, detection, physical replacement or modification of the cryptographic system, and the keys within the system. Logical access controls are incorrect because they may provide a means of isolating the cryptographic software from attacks and modifications. The cryptographic module boundary may consist of the hardware, operating system, and cryptographic software. User authentication is incorrect because it includes use of cryptographic authentication to provide stronger authentication of users.

Answer 170

B. It is a rule to follow in the operation and maintenance phase, not in the implementation phase. For example, cryptographic keys that are never changed, even when disgruntled employees leave the organization, are not secure. The other three choices are incorrect because they are the rules that guide the implementation of cryptography.

Answer 171

111. a. Configuration management (CM) is needed most for high-risk areas such as hardware and firmware and system software maintenance and update. CM ensures the integrity of managing system and security features through controlling changes made to a system’s hardware, firmware, software, and documentation. The documentation may include user guidance, test scripts, test data, and test results. The hardware and firmware maintenance scope covers adding new capabilities, expanding the system to accommodate more users, replacing nonfunctional equipment, changing platforms, and upgrading hardware components. The system software maintenance and update scope includes adding new capabilities, fixing errors, improving performance, and replacing keys. The application software maintenance scope covers updating passwords, deleting users from access lists, updating remote access, and changing roles and responsibilities of users and maintenance personnel, which are mostly routine in nature. The cryptographic key maintenance scope includes key archiving, key destruction, and key change, as it is mostly done in the disposal phase

Answer 172

A. Acquiring the keying material from backup or by reconstruction is commonly known as key recovery. The other items deal with key registration, which results in the binding of keying material to information or attributes associated with a particular entity. A trusted third party (for example, Kerberos realm server or a PKI certification authority) performs the binding.

Answer 173

D. The keying material backup on an independent, secure storage medium provides a source for key recovery. Keying material maintained in backup should remain in storage for at least as long as the same keying material is maintained in storage for normal operational use. Not all keys need be backed up. For example, random number generator (RNG) seed need not be backed up because it is a secret value that is used to initialize a deterministic random bit generator. In addition, storing the RNG seed would actually decrease the security of the keys by increasing the risk of the material being used to reverse-engineer the keys. Domain parameters are incorrect because they can be backed up. It is a parameter used with some public key algorithm to generate key pairs, to create digital signatures, or to establish keying material. Passwords are incorrect because they can be backed up. A password is a string of characters (for example, letters, numbers, and other symbols) that are used to authenticate an identity or to verify access authorization. Audit information is incorrect because it can be backed up and can be used to trace events and actions.

Answer 174

C. During the post-operational phase, keying material is no longer in operational use, but access to the keying material may still be possible. A key management archive is a repository containing keying material and other related information of historical interest. Not all keying material needs to be archived. For example, passwords which often change need not be archived because storing passwords for the keys can increase the risk of disclosure. Initialization vector is incorrect because it can be archived. It can be retained until it’s no longer needed to process the protected data. An initialization vector is a vector used in defining the starting point of a cryptographic process. Audit information can be archived and can be retained until no longer needed. Domain parameters are incorrect because they can be archived. These parameters can be retained until all keying material, signatures, and signed data using the domain parameters are removed from the archive.

Answer 175

C. On a more frequent basis, the actions of the humans who use, operate, and maintain the system should be reviewed to verify that they continue to follow established security procedures. Strong cryptographic systems can be compromised by lax and inappropriate human actions. Highly unusual events should be noted and reviewed as possible indicators of attempted attacks on the system. Security plans, security procedures, and protective mechanisms are incorrect because they are considered as part of the human actions audit and they continue to support the cryptographic key management policy.

Answer 176

D. Without access to the cryptographic keys that are needed to decrypt information, organizations risk losing their access to that information. Consequently, it is prudent to retain backup copies of the keys necessary to decrypt stored enciphered information, including master keys, key encrypting keys, public signature verification keys, and authorization keys. These items should be stored until there is no longer any requirement for access to the underlying plain text information.

Answer 177

D. A cryptographic key management system must have three components to operate: a point-to-point environment, a key distribution center environment, and a key translation center environment. A key disclosure center environment is not relevant here.

Answer 178

C. Nonrepudiation services are obtained by employing various techniques or mechanisms such as digital signatures, digital message receipts, and timestamps, not integrity checks. Integrity checks are used with operating systems.

Answer 179

C. Key zeroization means key destruction. It is a method of erasing electronically stored keys by altering the contents of key storage so as to prevent the recovery of keys. The other three choices do not need key zeroization. Key recovery is a function in the life cycle of keying material in that it allows authorized entities to retrieve keying material from the key backup or archive. Key regeneration and key correction are needed when a key is compromised.

Answer 180

C. Binding an individual’s identity to the public key corresponds to the protection afforded to the individual’s private signature key. Digital certificates are used in this process.

Answer 181

C. Public key technology and digital certificates can be used to support authentication, encryption, nonrepudiation, and data integrity, but not availability.

Answer 182

C. Quantum cryptography is related to quantum computing technology, but viewed from a different perspective. Quantum cryptography is a possible replacement for public key algorithms that hopefully will not be susceptible to the attacks enabled by quantum computing. Quantum computing deals with large word size quantum computers in which the security of integer factorization and discrete log-based public-key cryptographic algorithms would be threatened. This would be a major negative result for many cryptographic key management systems that rely on these algorithms for the establishment of cryptographic keys. Lattice-based public-key cryptography would be resistant to quantum computing threats. Utility computing means allowing users to access technology-based services without much technical knowledge. On-demand computing deals with providing network access for self-services. Virtual computing uses virtual machine with software that allows a single host to run one or more guest operating systems. Utility computing, on demand computing, and virtual computing are part of cloud computing.

Answer 183

C. Prior to issuance of digital certificates, organizations should require a “subscriber agreement” in place that the subscriber manually signs. This agreement describes his obligations to protect the private signature key, and to notify appropriate authorities if it is stolen, lost, compromised, unaccounted for, or destroyed. Often the provisions of a subscriber agreement can be placed into other documents such as an employment contract or security agreement.

Answer 184

C. Using the X.509 Version 3 standard helps application programs in accepting digital certificates from multiple vendor CAs, assuming that the certificates conform to consistent Certificate Profiles. Application programs either have to be PKI-enabled, PKI-aware, or use PKI vendor plug-ins prior to the use of X.509 Version 3 standard. Version 3 is more interoperable so that an application program can accept digital certificates from multiple vendor certification authorities. Version 3 standard for digital certificates provides specific bits that can be set in a certificate to ensure that the certificate is used only for specific services such as digital signature, authentication, and encryption.

Answer 185

A. At a minimum, organizations should consider establishing backup and recovery sites for their key PKI components (RA, CA, and Directories) that supply the services necessary for application programs to use certificates. A PKI is an infrastructure, like a highway. By itself, it does little. It is useful when application programs employ the certificates and services that it supports. The PKI is a combination of products, services, software, hardware, facilities, policies, procedures, agreements, and people that provide for and sustain secure interactions on open networks such as the Internet. The other three choices are the side effects of using a PKI, which also needs to be developed.

Answer 186

B. Public key cryptography verifies integrity by using public key signatures and secure hashes. A secure hash algorithm (SHA) is used to create a message digest (hash). The hash can change if the message is modified. The hash is then signed with a private key. The hash may be stored or transmitted with the data. When the integrity of the data is to be verified, the hash is recalculated, and the corresponding public key is used to verify the integrity of the message.

Answer 187

D. Data is electronically signed by applying the originator’s private key to the data. The resulting digital signature can be stored or transmitted with the data. Any party using the public key of the signer can verify the signature. If the signature is verified, then the verifier has confidence that the data was not modified after being signed and that the owner of the public key was the signer. A digital certificate binds the public key to the identity of the signer.

Answer 188

D. The data sanitization practices have serious implications for security and data recovery in the cloud computing environment and are most affected. Sanitization is the removal of sensitive data from a storage device such as (i) when a storage device is removed from service or moved elsewhere to be stored, (ii) when residual data remains upon termination of service, and (iii) when backup copies are made for recovery and restoration of service. Data sanitization matters can get complicated when data from one subscriber is physically commingled with the data of other subscribers. It is also possible to recover data from failed drives (for example, hard drives and flash drives) that are not disposed of properly by cloud providers. Procedures for protecting data at rest are not as well standardized in a cloud computing environment. Cryptography can be used to protect data in transit. Trust mechanisms such as requiring service contracts and performing risk assessments can protect data in use because this is an emerging area of cryptography.

Answer 189

D. The digital certificate contains information about the user’s identity (for example, name, organization, and e-mail), but this information may not necessarily be unique. A one-way (hash) function can be used to construct a fingerprint (message digest) unique to a given certificate using the user’s public key.

Answer 190

B. DSA, RSA, and ECDSA are included in the DSS that specifies a digital signature used in computing and verifying digital signatures. DES is a symmetric algorithm and is not included in the DSS. DES is a block cipher and uses a 56-bit key. DES has been replaced by advanced encryption standard (AES) where the latter is preferred as an encryption algorithm for new products. The AES is a symmetric key encryption algorithm to protect electronic data as it is fast and strong due to its Key-Block-Round combination. The strength of DES is no longer sufficient

Answer 191

A. Public-key cryptography has been recommended for distribution of secret keys and in support of digital signatures. Privatekey cryptography has been recommended for encryption of messages and can be used for message integrity check computations. Hybrid keys combine the best of both public and private keys. Primary keys are used in database design and are not relevant here.

Answer 192

B. Elliptic curve systems are public-key (asymmetric) cryptographic algorithms. DES is private-key (symmetric) cryptographic algorithms.

Answer 193

D. Data encryption standard (DES) provides encryption, access control, integrity, and key management standards. It cannot provide authentication services. The DES is a cryptographic algorithm designed for access to and protection of unclassified data. Because the original “single” DES is insecure, the Triple DES should be used instead.

Answer 194

A. The elliptic curve systems are used to create digital signatures with a hash algorithm such as SHA-1 (160-bit key). The SHA-1 is used to generate a condensed representation of a message called a message digest. SHA-1 is a technical revision of SHA. A secure hash algorithm (SHA) is used to generate a condensed message representation called a message digest. SHA is used by PGP or GNU PGP to generate digital signatures.

Answer 195

D. End-to-end encryption refers to communications encryption in which data is encrypted when being passed through a network (i.e., encryption at origin and decryption at destination) but routing information remains visible without intermediate decryption. End-to end encryption is safe as end-to-end security in that information is safeguarded from point of origin to point of destination.

Answer 196

A. A cyclic redundancy check (CRC) can be used to verify the integrity of data transmitted over a communications line. Passwords, PINs, and biometrics can be used to authenticate user identity. Digitized signatures do not provide data integrity because they are simply created by scanning a handwritten signature.

Answer 197

C. Symmetric key cryptography is a class of algorithms where parties share a secret key. These algorithms are primarily used to achieve confidentiality but may also be used for authentication, integrity, and limited nonrepudiation services.

Answer 198

C. As part of controls, all encrypted messages must contain some redundancy as part of the message but have no meaning to the message, such as cryptographic hash or a Hamming code, to do error detection or correction to make the attacker work harder. The redundancy should not be in the form of “n” zeros at the start or end of a message because they yield predictable results to the attacker. Hamming code is based on Hamming distance, which is the number of bit positions in which two codewords differ. The codeword contains both data and check bits. The goal is to keep the Hamming distance shorter. The cyclic redundancy code (CRC) is also known as the polynomial code, which is based on treating bit strings as representations of polynomials with coefficients of 0 and 1 only. Checksums based on CRC are not effective in detecting errors because it yields undetected errors due to the lack of random bits in the checksums. The CRC uses an algorithm for generating error detection bits in a data link protocol. The receiving station performs the same calculation as done by the transmitting station. If the results differ, then one or more bits are in error. CRC is not a cryptographically secure mechanism unlike a cryptographic hash or message authentication code (MAC). Hence, CRC is least effective in verifying against malicious tampering of data. The parity bit code is not as effective as the Hamming code because the former is used to detect single errors whereas the latter is used to detect both single and burst errors. Hence, the Hamming code is the most efficient way of detecting transmission errors.

Answer 199

B. Asymmetric key algorithms are used to achieve authentication,integrity, and nonrepudiation, and not to support confidentiality for handling large volumes of data efficiently. These algorithms are used to perform three operations such as digital signatures, key transport,and key agreement. Although the asymmetric key is not efficient tohandle large volumes of data, it can be used to encrypt short messages, thus providing for confidentiality for short messages. The asymmetrickey (public key) is an encryption system that uses a public-private keypair for encrypting/decrypting data and for generating/verifying digital signature.

Answer 200

A. The secure hash algorithm (SHA) and hash-based message authentication code (HMAC) provide the basis for data integrity in electronic communications. They do not provide confidentiality and are a weak tool for authentication or nonrepudiation.

Answer 201

D. Two basic data structures are used in PKIs. These are the public key certificates and the certificate revocation lists (CRLs). A third data structure, the attribute certificate, may be used as an addendum. The certificate authority (CA) issues a public key certificate for each identity confirming that the identity has the appropriate credentials. CAs must also issue and process CRLs, which are lists of certificates that have been revoked. The X.509 attribute certificate binds attributes to an attribute certificate holder. This definition is being profiled for use in Internet applications. Subject certificate is meaningless here.

Answer 202

A. The concept of public-key cryptography (asymmetric encryption algorithm) was introduced by Diffie-Hellman (DH) to solve the key management problem with symmetric algorithms. The other three choices are incorrect because they are examples of symmetric encryption algorithms.

Answer 203

C. Both message digests 4 and 5 (MD4 and MD5) are examples of hashing algorithms. They are effective when they work with SHA-1 algorithms. Cryptographic hash functions such as MD5 and SHA-1 execute much faster and use less system resources than typical encryption algorithms. The other three choices are not relevant here.

Answer 204

B. Hash functions produce a much smaller message digest than the original message. Encrypting them saves time and effort and improves performance.

Answer 205

C. When the elliptic curve digital signature algorithm (ECDSA) is used with a message identifier (MID), it provides the capability of detecting duplicate transactions. The MID operates on checking the sequence number of transactions.

Answer 206

B. The term “protocols” is too generic to be of any use. A replay attack refers to the recording and retransmission of message packets in the network. Nonces are random numbers that are unique and fresh each time of use. Kerberos and timestamps go hand-in-hand.

Answer 207

C. The highest level of testing occurs at the application or system level. This level is also called certification testing. Algorithm level and module level are incorrect because they provide low-level testing. Product level is incorrect because it is the next higher level above algorithm and module level testing.

Answer 208

C. Message digests are used in cryptography to verify digital signatures and to ensure data integrity. A unique user ID is determined by constructing the hash of the client’s certificate using a trusted algorithm. For the user ID to be unique, you must have reasonable certainty that another client’s certificate will not hash to the same value. This requirement is satisfied as long as the hash function is sufficiently collision-resistant.

Answer 209

C. A hash function is a many-to-one function that takes an arbitrary-length-input message and constructs a fixed-length output digest.

Answer 210

D. Secure Multipurpose Internet Mail Extensions (S/MIME) is an open standard where e-mail messages can be digitally signed. Validating the signature on the e-mail can help the recipient know with confidence who sent it and that it was not altered during transmission (i.e., nonrepudiation). Previous versions are implemented in the regular MIME. Both SSL and SHA are not relevant here.

Answer 211

C. Internet Protocol security (IPsec) is a protocol that operates within the Internet protocol (IP). The IP transmits and routes messages, breaks large messages into smaller sizes on one end, and reassembles them into the original message on the other end. IP accomplishes these tasks using the IP header, which is inserted at the beginning of each packet. Point-to-point tunneling protocol (PPTP) hides information in IP packets. Hypertext transfer protocol (HTTP) is a connection oriented protocol that uses transmission control protocol (TCP) to carry Web traffic between a computer’s Web browser and the Web server being accessed. Point-to-point protocol (PPP) is used in router to-router traffic and home user-to-ISP traffic.

Answer 212

B. Asymmetric keys (public keys) by definition are slow and suitable for encrypting and distributing keys and for providing authentication. On the other hand, symmetric (private keys) are faster and suitable for encrypting files and communication channels.

Answer 213

C. A cryptographic module’s critical security parameters (CSPs) contain keys, passwords, personal identification numbers (PINs), and other information. CSPs are vulnerable to attacks.

Answer 214

C. In the Advanced Encryption Standard (AES), there are five modes that can provide data confidentiality and one mode that can provide data authentication. The confidentiality modes are the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes. The authentication mode is the Cipher Block Chaining-Message Authentication Code (CBC-MAC) mode.

Answer 215

C. Hash-based message authentication code (HMAC) provides message integrity and is fast and therefore heavily used in IPsec operations because of little or no overhead. It requires limited system resources to operate. HMAC uses a key in combination with the hash function to produce a message digest. It can be used with a hash function in combination with a secret key. The other three choices are not relevant here.

Answer 216

B. Some cryptographic applications may require a hash function with a message digest length different than those allowed in standards. In such cases, a truncated message digest may be used, whereby a hash function with a larger message digest length is applied to the data to be hashed, and the resulting message digest is truncated by selecting an appropriate number of the leftmost bits. The least significant bit is the rightmost bit of a bit string. The leftmost bit is the most significant bit.

Answer 217

B. Secure hash algorithms (for example, SHA-224, 256,384, and 512) are used to hash a message. These algorithms enable the determination of a message’s integrity; meaning any change to the message results in a different message digest. SHA and SHA-1 should not be used because they are not secure. Message identity is a field (for example a sequence number) that may be used to identify a message.

Answer 218

D. The information on the digital certificate includes the owner name, public key, and start and end dates of its validity. The certificate should not contain any owner information that changes frequently (for example, the insurance company name).

Answer 219

C. A public key certificate is a credential that binds a key pair and the identity of the owner of the key (i.e., to a legal person). The necessary trust may come from several sources such as the role and independence of the certification authority, reputation, contract, management integrity, and other legal obligations.

Answer 220

A. The elliptic curve is well suited for low bandwidth systems and uses an asymmetric-key algorithm for encryption. The Rivest, Shamir, and Adelman (RSA) and elliptic curve algorithms are used for encryption, where the latter is a new one with shorter key lengths and is less computationally intensive. The Whitfield-Diffie algorithm is used for secure key exchange. The digital signature algorithm is used only for digital signatures. Both Whitfield and digital signatures do not compete with elliptic curve.

Answer 221

B. There are two modes of implementation of encryption in a network, namely link (online) and end-to-end. Link encryption encrypts all the data along a communications path (for example, a satellite link, telephone circuit, or T1 line) and encrypts both headers and trailer of the packet, which is the best thing to do. It provides good protection against external threats such as traffic analysis because all data flowing on links can be encrypted, including addresses and routing information. Although a major advantage of link encryption is that it is easy to incorporate into network protocols at the lower levels of the OSI model, a major disadvantage is that it encrypts and decrypts a message several times at each link or node in the clear text, thus leading to node compromise. Bulk encryption is simultaneous encryption of all channels of a multichannel telecommunications trunk. Transaction encryption is used in the payment card industry, perhaps using secure electronic transaction (SET) protocol for secure transactions over the Internet. In end-to-end encryption, a message is encrypted and decrypted only at endpoints, does not encrypt headers and trailers, and operates at the higher levels of the OSI model, thereby largely circumventing problems that compromise intermediate nodes. In this type of encryption, routing information remains visible and is a potential risk.

Answer 222

C. With three keys operating, the sequence is encrypt-encrypt encrypt, that is, one key is used for each mode of operation. Encrypt decrypt-encrypt is incorrect because it is an example of operating with two keys where the first key is used to encrypt, the second key is to decrypt, and the first key again to encrypt. The other two choices are not meaningful here.

Answer 223

C. Trusted third parties, who are independent of the certification and registration authorities and subscribers and who are employed by independent audit or consulting organizations are good candidates to conduct security evaluations (for example, reviews and audits) of the PKI systems and procedures. A written report is published after the security evaluation. A certification authority is a person or institution that is trusted and can vouch for the authenticity of a public key. The authority can be a principal or a government agency that is authorized to issue a certificate. A registration authority manages the certificate life cycle in terms of maintenance and revocation. Subscribers include both individuals and business organizations that use the certificate in their businesses.

Answer 224

C. Secure sockets layer (SSL) uses a combination of symmetric and asymmetric key cryptography to perform authentication and encryption services. It is a session-oriented protocol used to establish a secure connection between the client and the server for a particular session. SSL is not a point-to-point protocol.

Answer 225

A. The secure hash algorithm (SHA1) produces a 160-bit hash of the message contents. Message digest 5 (MD5) produces a 128-bit hash of the message contents. Many cryptographic applications generate and process both SHA1 and MD5. These are faster and take less space to store data. The algorithms mentioned in the other three choices do not have the ability to compress data. 3DES uses a 168-bit key

Answer 226

C. A disadvantage of asymmetric-key cryptography is that it is much slower than symmetric-key cryptography and is therefore impractical or efficient for use in encrypting large amounts of data. The other three choices are examples of advantages of using the asymmetric-key cryptography.

Answer 227

D. Digital certificates are used as a means of user and device authentication. Entities can prove their possession of the private key by digitally signing known data or by demonstrating knowledge of a secret exchanged using public-key cryptographic methods.

Answer 228

D. Both HMAC-SHA-1 and HMAC-MD5 algorithms are stronger than SHA-1 or MD5, either alone or together, because they use hash based message authentication codes (HMACs). Both the SHA-1 and MD5 algorithms are weaker by themselves.

Answer 229

A. Encryption provides the highest level of security to protect data access from unauthorized people. It is the process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). It is difficult to break the encryption algorithm and the keys used in that process. Callback or dial-back systems and magnetic cards with personal identification numbers provide medium protection, whereas user identification numbers and passwords provide minimum protection. Callback systems can be negated through the use of call forwarding features in a telephone system. Magnetic cards can be lost, stolen, or counterfeited. User IDs and passwords can be shared with others or guessed by others, a control weakness.

Answer 230

D. Encryption can protect anything from one message field to an entire message packet in the transmission over network lines. Because the message field is the lowest level element and an important element in terms of message content and value, security is effective and enhanced. Here, encryption is focused on where it matters the most. Note that the field-level encryption is stronger than file-, record-, and packet-level encryption although encryption can be applied at each of these levels.

Answer 231

D. Use of passwords and other identification codes is not powerful due to their sharing and guessable nature. Scrambling, encoding, and decoding are cryptographic methods used in data transmission. Encryption is used in scrambling, encoding (encrypting), and decoding (decrypting) of data. Encryption is the process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). Authorized users of encrypted computer data must have the key that was used to encrypt the data to decrypt it. The unique key chosen for use in a particular application makes the results of encrypting data using the algorithm unique. Using a different key causes different results. The cryptographic security of the data depends on the security provided for the keys used to encrypt and decrypt the data.

Answer 232

D. Personal computers (PCs) are in increasing use as computer terminal devices are connected to larger host systems and when two or more PCs are connected to networks. Information transmitted over unprotected telecommunications lines can be intercepted by someone masquerading as an authorized user, thereby actively receiving sensitive information. Encryption can be adapted as a means of remote user authorization. A user key, entered at the keyboard, authenticates the user. A second encryption key can be stored in encrypted form in the calling system firmware that authenticates the calling system as an approved communications endpoint. When dial-back is used with two-key encryption, data access can be restricted to authorized users (with the user key) with authorized systems (those whose modems have the correct second key), located at authorized locations (those with phone numbers listed in the answering system’s phone directory). Dial-back technique alone cannot guarantee protection against masquerading because hackers can use the dial-forward technique to reroute calls and spoof the connection. File encryption only may not be adequate because an intruder may have an opportunity to intercept the key while it is in transit. Managing the encryption key is critical.

Answer 233

A. Message authentication is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. Message authentication keys should receive greater protection. It is the message header not the footer that identifies the receiving party of the message. There will be some delay for the messages to be transmitted and received, especially to remote, foreign destinations. Undelivered message reports may be produced at specific time intervals, not immediately.

Answer 234

A. Here, the communication link from a user site to a CPU computer is encrypted to provide confidentiality. Line encryption protects data in a transfer. One-time password is incorrect because it ensures that a particular password is used only once, in connection with a specific transaction. It is similar to the one-time key used in the encryption process. The one-time password protects data in process. File encryption is incorrect because it protects only the file in storage, not the entire communication line where the data transfer is taking place. File encryption protects data in storage. The end-to-end encryption is incorrect because it is applied to messages on the communication line twice, once by hardware and once by software techniques.

Answer 235

B. An encryption security mechanism provides security services such as integrity, confidentiality, and authentication. The data and message integrity service helps to protect data and software on workstations, file servers, and other local-area network (LAN) components from unauthorized modification, which can be intentional or accidental. The use of cryptographic checksums and granular access control and privilege mechanisms can provide this service. The more granular the access control or privilege mechanism, the less likely an unauthorized or accidental modification can occur. The data and message integrity service also helps to ensure that a message is not altered, deleted, or added to in any manner during transmission. A message authentication code, which is a type of cryptographic checksum, can protect against both accidental and intentional but not against unauthorized data modification. The use of digital signatures can also be used to detect the modification of data or messages. It uses either public key or private key cryptography. A digital signature provides two distinct services: nonrepudiation and message integrity. The message authentication code can also be used to provide a digital signature capability. Nonrepudiation helps ensure that the parties or entities in a communication cannot deny having participated in all or part of the communication.

Answer 236

D. Each electronic-mail message is encrypted with its own unique key. The security program generates a random key and uses it to encrypt the message. It is true that the security of the cryptography can never be greater than the security of the people using it because it is the people who make the security a success, security of any electronic-mail program cannot be greater than the security of the machine where the encryption is performed because security is an extension of the machine, and (iii) security of an encryption algorithm is no more or less than the security of the key because it assumes that the algorithm used is a good one.

Answer 237

C. Encryption is a desirable option in mainframe but not in a local area network (LAN) environment due to performance problems. Although hardware-based encryption is faster, it degrades system performance as found in software-based encryption. In addition, keys used in the encryption require management’s attention in terms of key distribution and disposition. Therefore, encryption is not a desirable option for LANs. As the capacity of CPU processors increase, it could become a desirable option for LANs for mitigating insider risks.

Answer 238

D. Any encryption scheme can be made more secure through multiple encryptions with different keys. Similarly, a triple encryption is stronger than a double or single encryption. However, costs and overhead increase as the number of encryptions increase. Also, system performance degrades as the number of encryptions increase. For example, 2DES encryption with two keys is no more secure than a 1DES encryption due to the possibility of the meet-in-the middle attack. Therefore, 3DES (triple DES) should be considered.

Answer 239

D. Secure and reliable telecommunications networks must have effective ways for authenticating information and assuring the confidentiality of information. There is no single technology or technique that can produce the needed security and reliability of networks. A range of technologies, including cryptography, improved identification and authentication technologies, and firewalls will be required, along with trusted encryption keys and security Management infrastructures.

Answer 240

C. A cryptographic system should be monitored and periodically reviewed to ensure that it is satisfying its security objectives. All parameters associated with correct operation of the cryptographic system should be reviewed, and operation of the system itself should be periodically tested and the results evaluated. Certain information, such as secret keys or private keys in public key systems, should not be subject to review. However, nonsecret or nonprivate keys could be used in a simulated review procedure. Physical protection of a cryptographic module is required to prevent physical replacement or modification of the cryptographic system.

Answer 241

D. Denial-of-service (DoS) is any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes the unauthorized destruction, modification, or delay of service. By using a private key to generate digital signatures for authentication, it becomes computationally infeasible for an attacker to masquerade as another entity. Using random number challenges (tokens) and digital signatures eliminates the need for transmitting passwords for authentication, thus reducing the threat of their compromise. The use of random number challenges also prevents an intruder from copying an authentication token signed by another user and replaying it successfully at a later time. However, a new random number challenge should be generated for each authentication exchange.

Answer 242

B. An electronic signature is a cryptographic mechanism that performs a similar function to a handwritten signature. It is used to verify the origin and contents of a message. For example, a recipient of data (such as an e-mail message) can verify who signed the data and that the data was not modified after being signed. This also means that the originator (for example, sender of an e-mail message) cannot falsely deny having signed the data. Electronic signatures are difficult to forge; although, written signatures are easily forged. Electronic signatures can use either secret (private) key or public key cryptography; however, public key methods are generally easier to use. The other three choices are incorrect because they are true statements. In general, electronic signatures have received the same legal status as that of written signatures. Cryptography can provide a means of linking a document with a particular person, as is done with a written signature. Electronic signatures rely on the secrecy of the keys, the link or binding between the owner of the key, and the key itself. If a key is compromised due to social engineering by theft, coercion, or trickery, then the electronic originator of a message may not be the same as the owner of the key. Although the binding of cryptographic keys to actual people is a significant problem, it does not necessarily make electronic signatures less secure than written signatures. Trickery and coercion are problems for written signatures as well.

Answer 243

B. A digital signature provides two distinct services: nonrepudiation and message integrity. The digital signature standard (DSS) specifies a digital signature algorithm (DSA) that should be used when message and data integrity is required. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and the integrity of the data can be verified. The DSA provides the capability to generate and verify digital signatures. Signature verification makes use of a public key that corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. It is assumed that the public knows about public keys. Private keys are never shared. Anyone can verify the signature of a user by employing that user’s public key. Only the possessor of the user’s private key can perform signature generation. Because of this, nonrepudiation of a message is achieved. This means that the parties to an electronic communication could not dispute having participated in the communication, or it can prove to a third party that data was actually signed by the generator of the signature. The DSS can be implemented in hardware, software, and/or firmware and is subject to U.S. Commerce Department export controls. The DSS technique is intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and other applications that require data integrity assurance and origin authentication. A digital signature system requires a means for associating pairs of public and private keys with the corresponding users. A mutually trusted third party such as a certifying authority can bind a user’s identity and his public key. The certifying authority could issue a “certificate” by signing credentials containing a user’s identity and public key. Hence, a third-party certificate is needed.

Answer 244

C. Both pretty good privacy (PGP) and privacy enhanced mail (PEM) encrypt messages and sign messages based on public-key cryptography. However, they operate on different philosophies. PGP is based on a distributed network of individuals. PEM is based on the concept of a hierarchical organization. PGP is suited for individuals communicating on the Internet, whereas PEM might be more suited for application systems in all organizations. PGP is a product, not a standard. It does not interoperate with any other security product, either PEM or non-PEM. PGP is portable to a wide variety of hardware platforms.

Answer 245

B. A digital signature is a cryptographic checksum computed as a function of a message and a user’s private key. A user’s digital signature varies with the data and protects against modification. This does not prevent deletion or modification of the audit trail, but it provides an alert that the audit trail has been altered. Access to online audit logs should be strictly controlled Passwords are not strong access controls due to their weaknesses, such as sharing or writing them down. Logging before and after image records of modification is incorrect because it is a passive activity and does not protect against modification. Audit trail data can be used to review what occurred after an event, for periodic reviews, and for real time analysis.

Answer 246

C. Cryptography, a hidden writing, is an important tool for protecting information and is used in many aspects of computer security. It can help provide data confidentiality, data integrity, electronic signatures, and advanced user authentication. It has nothing to do with data availability, which is a property that a given resource will use during a given time period.

Answer 247

B. The Rivest, Shamir, and Adelman (RSA) scheme uses a public key encryption algorithm and is an asymmetric cipher system. The data encryption standard (DES) uses a secret key encryption algorithm and is a symmetric cipher system. RSA uses two keys (private and public), whereas DES uses one key (private).

Answer 248

A. Exploiting a weakness is called an attack. In a ciphertext-only attack, an attacker has some ciphertext encrypted with an algorithm. He does not know the plain text or the key, but he knows the algorithm. His goal is to find the corresponding plain text. This is the most common attack. A birthday attack is an attack against message digest 5 (MD5), a hash function. The attack is based on probabilities where it finds two messages that hash to the same value (collision) and then exploits it to attack. The attacker is looking for “birthday” pairs of two messages with the same hash values. This attack is not feasible given today’s computer technology. In a chosen plain text attack, the attacker knows the plain text and the corresponding ciphertext and algorithm but does not know the key. This type of attack is harder but still possible. The adaptive chosen plain text attack is a variation of the chosen plain text attack where the selection of the plain text is changed based on the previous attack results.

Answer 249

C. A message authentication code, a type of cryptographic checksum, can protect against both accidental and intentional, but unauthorized, data modification. Ordinary error detecting codes such as cyclic redundancy codes are not adequate because they cannot detect intentional modification. A message authentication code is initially calculated by applying a cryptographic algorithm and a secret value, called the key, to the data. The initial code is retained. The data is later verified by applying the cryptographic algorithm and the same secret key to the data to produce another, second code; this second code is then compared to the initial code. If the two codes are equal, then the data is considered authentic. Otherwise, an unauthorized modification is assumed. Any party trying to modify the data without knowing the key would not know how to calculate the appropriate code corresponding to the altered data.

Answer 250

B. One-time pad is unbreakable given infinite resources. Each random key in the one-time pad is used exactly once, for only one message, and for only a limited time period. The algorithm for a one time pad requires the generation of many sets of matching encryption keypads. Each pad consists of a number of random key characters, not generated by a cryptographic key generator. Each key character in the pad is used to encrypt one and only one plain text character; then the key character is never used again. The number of random keypads that need to be generated must be at least equal to the volume of plain text messages to be encrypted. Due to the number of random keypads to be generated, this approach is not practical for high-speed communication systems. This is the reason the one-time pad is absolutely unbreakable. Brute force attack is possible with the data encryption standard (DES) and international data encryption algorithm (IDEA). The key length in Rivest cipher 2 and 4 (RC2 and RC4) is variable, and details of their algorithms are unknown because they are new proprietary algorithms. IDEA is a new algorithm and works as a double-DES (2DES). DES is in the public domain so that anyone can use it. IDEA is patented and requires a license for commercial use. RC2 and RC4 are unpatented but are trade secrets.

Answer 251

A. A hash function can detect modification of a message, independent of any connection with signatures. That is, it can serve as a cryptographic checksum. It is a solution to the problem of signing long messages. A one-way hash function converts an arbitrary-length message into a fixed-length hash. Like an encryption algorithm, a one way hash function converts a plain text message into an unintelligent text. This is where the similarity stops. However, unlike an encryption algorithm, there is no way to go backward with a one-way hash function. It is impossible to reverse a one-way hash function to get the original input from the output value. An encryption algorithm does not destroy any information. A one-way hash function destroys information and does not have a key. No secrecy is involved in the one-way hash function; the security is in the lack of ability to reverse itself. This property makes it a useful way to identify a message.

Answer 252

B. A message integrity code uses a secret key to produce a fixed length hash code that is sent with the message. Integrity codes are used to protect the integrity of large interbank electronic funds transfers. A message authentication code is a hashed representation of a message and is computed by the message originator as a function of the message being transmitted and the secret key. If the message authentication code computed by the recipient matches the authentication code appended to the message, the recipient is assured that the message was not modified. Both integrity codes and authentication codes are cryptographic checksums, which are stronger than non-cryptographic checksums. Cryptography can effectively detect both intentional and unintentional modification; however, cryptography does not protect files from being modified. Both secret key and public key cryptography can be used to ensure integrity. When secret key cryptography is used, a message authentication code is calculated and appended to the data. To verify that the data has not been modified at a later time, any party with access to the correct secret key can recalculate the authentication code. The new authentication code is compared with the original authentication code. If they are identical, the verifier has confidence that an unauthorized party has not modified the data. Data checksums are digits or bits summed according to arbitrary rules and used to verify the integrity of data. A cyclic redundancy code (CRC) uses an algorithm for generating error detection bits in a data link protocol. The receiving station performs the same calculation as done by the transmitting station. If the results differ, then one or more bits are in error. Both data checksums and CRC are not based on cryptographic checksums. Instead, they are based on algorithms.

Answer 253

B. The significant difference between a secret key algorithm and a message digest algorithm is that a secret key algorithm is designed to be reversible and a message digest algorithm is designed to be impossible to reverse. It is true that the drive for a message digest algorithm started with public key cryptography. Rivest, Shamir, and Adelman (RSA) is used to perform digital signatures on messages. A cryptographically secure message digest function with high performance would make RSA much more useful. This is because a long message is compressed into a small size by first performing a message digest and then computing an RSA signature on the digest.

Answer 254

C. Both RSA and DSS provide digital signature, authentication, and data integrity capabilities. RSA provides encryption; DSS does not. The digital signature algorithm (DSA) is specified in the DSS. The DSS contains the DSA to create signatures as well as the secure hash algorithm (SHA) to provide data integrity. SHA is used in electronic mail and electronic funds transfer applications.

Answer 255

A. Meet-in-the-middle (MIM) attacks occur when one end is encrypted and the other end is decrypted, and the results are matched in the middle. MIM attacks are made on block ciphers. A block cipher algorithm is a (i) symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key and (ii) a family of functions and their inverse functions that is parameterized by a cryptographic key; the functions map bit strings of a fixed length to bit strings of the same length. This means, the length of the input block is the same as the length of the output block. The other three choices are incorrect because they do not use block ciphers. Codebook attacks are a type of attack where the intruder attempts to create a codebook of all possible transformations between plaintext and ciphertext under a single key. Man-in-the-middle (MitM) attacks are a type of attack that takes advantage of the store-and forward mechanism used by insecure networks, such as the Internet. MitM attacks are also called bucket brigade attacks.

Answer 256

B. Digital signatures use Rivest, Shamir, and Adelman (RSA), a public-key (two-key) cryptographic algorithm. RSA enhances authentication and confidentiality due to the use of a two-key system; one key is public and the other one is private. The use of RSA in digital signatures prevents repudiation by the sender as well as by the receiver. Nonrepudiation means the sender cannot say that he never sent the message, and the receiver cannot say that he never received the message. Nonrepudiation is possible due to the use of a two-key system where the private key of the sender and the receiver is kept secret while their public key is known only to each party. Both the sender and the receiver cannot deny having participated in the message transmission.

Answer 257

B. It has been tested and proven that the RSA algorithm has a slower signature generation capability and faster verification than the digital signature algorithm (DSA). On the other hand, the DSA has faster signature generation and slower verification than the RSA. RSA is much slower to compute than popular secret key algorithms like data encryption standard (DES) and international data encryption algorithm (IDEA). RSA algorithm uses a variable length public key a long key for enhanced security or a short key for efficiency. RSA encryption algorithm requires greater computing power (i.e., memory or disk storage space) necessary to generate keys. The keys for RSA algorithm are large numbers generated mathematically by combining prime numbers. The algorithm is powerful and has resisted all attempts to break it to date, except for 40-bit RSA.

Answer 258

D. Availability is the property of a given resource that is usable during a given time period; it is not provided by cryptography. Data communications channels are often insecure, subjecting messages transmitted over the channels to various passive and active attacks (threats). Cryptography is the solution to counteract such threats. Cryptography is the science of mapping readable text, called plain text, into an unreadable format, called ciphertext, and vice versa. The mapping process is a sequence of mathematical computations. The computations affect the appearance of the data, without changing its meaning. To protect a message, an originator transforms a plain text message into ciphertext. This process is called encryption or encipherment. The ciphertext is transmitted over the data communications channel. If the message is intercepted, the intruder has access to only the unintelligible ciphertext. Upon receipt, the message recipient transforms the ciphertext into its original plain text format. This process is called decryption or decipherment. The mathematical operations used to map between plain text and ciphertext are identified by cryptographic algorithms. Cryptographic algorithms require the text to be mapped and, at a minimum, require some value that controls the mapping process. This value is called a key. Given the same text and the same algorithm, different keys produce different mappings. Cryptographic algorithms need not be kept secret. The success of cryptography is attributed to the difficulty of inverting an algorithm. In other words, the number of mappings from which plaintext can be transformed into ciphertext is so great that it is impractical to find the correct mapping without the key. For example, the Data Encryption Standard (DES) uses a 56-bit key. A user with the correct key can easily decrypt a message, whereas a user without the key needs to attempt random keys from a set of more than 72 quadrillion possible values. Authentication is incorrect because it is one of the services provided by cryptography. Authentication allows the recipient of a message to validate its origin. It prevents an imposter from masquerading as the sender of the message. Confidentiality is incorrect because it is one of the services provided by cryptography. Confidentiality prevents disclosure of the message to unauthorized users. Integrity is incorrect because it is one of the services provided by cryptography. Integrity assures the recipient that the message was not modified en route. Note that the integrity service allows the recipient to detect message modification but not prevent it.

Answer 259

D. Sandbox is not related to S-box, P-box, and product ciphers. Sandbox is a system that allows an untrusted application to run in a highly controlled environment where the application’s permissions are restricted to an essential set of computer permissions. In particular, an application in a sandbox (for example, JavaApplet) is usually restricted from accessing the file system or the network. The other three choices are related to each other. S-box is a nonlinear substitution table box used in several byte substitution transformations and in the key expansion routine to perform a one-for-one substitution of a byte value. This substitution, which is implemented with simple electrical circuits, is done so fast in that it does not require any computation, just signal propagation. P-box is a permutation box used to effect a transposition on an 8-bit input in a product cipher. This transposition, which is implemented with simple electrical circuits, is done so fast in that it does not require any computation, just signal propagation. Product ciphers are a whole series of combination of S-boxes and Pboxes cascaded. In each iteration or round, first there is an S-box followed by a P-box. In addition, there is one P-box at the beginning and one P-box at the end of each round. Common product ciphers operate on k-bit inputs to product k-bit outputs.

Answer 260

A. Cryptography is the process of scrambling information in such a manner that it becomes unintelligible and can be unscrambled only by the intended recipient(s). In cryptographic terms, this process involves the encryption of plain text data to produce ciphertext, and the subsequent decryption of ciphertext to recover the original plain text. Encryption and decryption are therefore inverse processes. Cryptographic processing depends on the use of keys, which are of primary importance in the security of a cryptographic system. Cryptographic keys are conceptually similar to the keys used with padlocks, in the sense that data can be locked, or encrypted, through the use of a key with a cryptographic algorithm. Symmetric key algorithms decrypt data with the same key used for encryption. Asymmetric key algorithms use a pair of keys, consisting of a public key component and a private key component, both having a specific mathematical relationship. Symmetric and asymmetric key algorithms are commonly referred to as secret key and public key algorithms, respectively. Cryptography plays a major role in information security and is a critical component of authentication technology.

Answer 261

C. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. RSA is an example of asymmetric cryptography. DES, 3DES, and AES are examples of symmetric cryptography.

Answer 262

C. Encryption is used to provide data confidentiality. The data to be protected is called plain-text. Encryption transforms the plain-text data into ciphertext data. Cipher-text can be transformed back into plain-text using decryption. The approved algorithms for encryption and decryption include the advanced encryption standard (AES) and the triple data encryption algorithms (TDEA). Each of these algorithms operates on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms. RAS is remote access server, which is not a block cipher, and DES is data encryption standard, which is a block cipher. Message authentication code (MAC) is incorrect because it is not a block cipher because it provides an assurance of authenticity and integrity. HMAC is a MAC that uses a cryptographic hash function in combination with a secret key. Both MAC and HMAC are based on hash functions, which are used by (i) keyed hash message authentication coded algorithms, (ii) digital signature algorithms, (iii) key derivation functions for key agreement, and (iv) random number generators. Typically, MACs are used to detect data modifications that occur between the initial generation of the MAC and the verification of the received MAC. They do not detect errors that occur before the MAC is originally generated.

Answer 263

A. There are four architectures used to link certificate authorities (CAs), including hierarchical, mesh, bridge, and complex. In a hierarchical PKI model, authorities are arranged hierarchically under a “root CA” that issues certificates to subordinate CAs. A CA delegates when it certifies a subordinate CA. Trust delegation starts at a root CA that is trusted by every node in the infrastructure. Therefore, cross certification is not allowed in the hierarchical PKI model. Mesh (network) PKI model is incorrect because trust is established between any two CAs in peer relationships (cross-certification), thus allowing the possibility of multiple trust paths between any two CAs. Independent CAs cross-certify each other resulting in a general mesh of trust relationships between peer CAs. The bridge PKI model was designed to connect enterprise PKIs regardless of the architecture; enterprises can link their own PKIs to those of their business partners. The complex PKI model is a combination of hierarchical PKI model and mesh PKI model because they are not mutually exclusive.

Answer 264

C. When a system is shut down or transitioned to a new system, one of the primary responsibilities is ensuring that cryptographic keys are properly destroyed or archived. Long-term symmetric keys may need to be archived to ensure that they are available in the future to decrypt data. Signing keys used by traditional and non-traditional CAs may also need to be maintained for signature verification. An individual’s signing keys should not be archived due to constant changes and employee turnover.

Answer 265

C. A level of “trust” is required for an organization to complete the digital certificate transaction reliably. This includes determining the level of identity proofing required for a subscriber to get a certificate, the strength of the key lengths and algorithms employed, and how the corresponding private key is protected. The Certificate Authority (CA) operates under a Certificate Policy (CP) and Certification Practices Statement (CPS) that collectively describe the CA’s responsibilities and duties to its customers and trading partners. Organizations can operate their own certification authority duties or outsource that function.

Answer 266

A. A birthday attack is against message digest 5 (MD5), a hash algorithm. The attack is based on probabilities where it finds two messages that hash to the same value and then exploits it to attack. MD5 is a message authentication method based on producing a 128-bit hash code (signature fingerprint) from a message. The other three choices are not subjected to birthday attacks. SSL is secure sockets layer, SLIP is serial line interface protocol, and SET is secure electronic transaction.

Answer 267

B. One of the fundamental principles for protecting keys is the practice of split knowledge and dual control. These are used to protect the centrally stored secret keys and root private keys and secure the distribution of user tokens. Zeroization is a method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of data. Zero-knowledge proof is where one party proving something to another without revealing any additional information. Total knowledge, single control, triple control, and formal proof are not relevant here.

Answer 268

B. Use of electronic processes provides benefits such as time savings, enhanced services, cost-savings, and improved data quality and integrity. Public key technology can create a trusted environment that promotes the use and growth of all electronic processes, not just digital signatures.

Answer 269

C. This is the definition of an intermediate CA in that he has a superior CA and a subordinate CA. In a hierarchical PKI, the root CA’s public key serves as the most trusted datum (i.e., the beginning of trusted paths) for a security domain. The superior CA has certified the certificate signature key of another CA and who constrains the activities of that CA. Another CA certifies the subordinate CA’s certificate signature key.

Answer 270

B. Digital signatures provide authentication, nonrepudiation, and integrity services. Availability is a system requirement intended to ensure that systems work promptly and that service is not denied to authorized users.

Answer 271

A. Public-key cryptographic systems are known as two-key or asymmetric systems. Private-key cryptographic systems are known as one-key or symmetric systems.

Answer 272

A. In symmetric key algorithms, parties share a single, secret key. Establishing that shared key is called key management, and it is a difficult problem. In asymmetric key algorithms, there are two keys (public and private) for each party. The public and private keys are generated at the same time, and data encrypted with one key can be decrypted with the other key. Hybrid key algorithms combine the best features of public and private key systems. Hash key algorithms is meaningless here.

Answer 273

C. Session encryption is used to encrypt data between application and end users. This provides strong authentication. File encryption protects data in storage. Bulk encryption is simultaneous encryption of all channels of a multichannel telecommunications trunk. Stream encryption encrypts and decrypts arbitrarily sized messages not a strong authentication.

Answer 274

A. Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. ECDSA is an example of asymmetric cryptography. HMAC,MD5, and SHA-1 are examples of symmetric cryptography.

Answer 275

C. The entity deregistration function removes the authorization of an entity to participate in a security domain. Deregistration is intended to prevent other entities from relying on or using the deregistered entity’s keying material. At the end of a key’s crypto-period, a new key needs to be available to replace the old key if operations are to be continued. This can be accomplished by rekeying, key update, or key derivation.

Answer 276

A. Asymmetric authentication is susceptible to attacks because of the way the authentication is performed. The client authenticates the gateway and then uses that channel to authenticate the client. It is a weak form of authentication. The other three choices provide strong forms of authentication because they are a function of either transport layer security (TLS) or Internet Protocol security (IPsec).

Answer 277

A. Zero-knowledge proof requires that one party proves something to another without revealing any additional information. This proof has applications in public-key encryption process. Zeroization process is a method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of data. Degaussing operation is a process whereby the magnetic media is erased, that is, returned to its original state. Data remanence operation is the residual physical representation of data that has been in some way erased.

Answer 278

A. Key management provides the foundation for the secure generation, storage, distribution, and translation of cryptographic keys. Key layering is a meaningless term here.

Answer 279

B. This is an application of split knowledge procedure. An original cryptographic key is split into “n” multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of “k” components is required to construct the original key, then knowledge of any k–1 key components provides no information about the original key. However, it may provide information about the length of the original key. Here, “k” is less than or equal to “n.”

Answer 280

A. When private (secret) key cryptography is used, a data (message) authentication code is generated. Typically, a code is stored or transmitted with data. When data integrity is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, the integrity (i.e.,authenticity) of the data is verified. Message identifier is a field that may be used to identify a message, usually a sequence number. Message header and trailer contain information about the message. The other three choices do not have the code generation and verification capabilities.

Answer 281

D. All certification paths begin with a trust anchor, include zero or more intermediate certificates, and end with the certificate that contains the user’s public key. This can be an iterative process, and finding the appropriate intermediate certificates is one of PKI’s challenges in path discovery, especially when there is more than one intermediary involved. A certificate authority (CA) generally issues a self-signed certificate called a root certificate or trust anchor; this is used by applications and protocols to validate the certificates issued by a CA. Note that CAs issue cross certificates that bind another issuer’s name to that issuer’s public key.

Answer 282

C. Public-key cryptographic systems have low bandwidth and hence are not suitable for bulk encryption, where the latter requires a lot of bandwidth. The other three choices are applicable for specific needs.

Answer 283

D. Public-key cryptography is particularly useful when the parties wanting to communicate cannot rely upon each other or do not share a common key (for example, Rivest-Shamir-Adelman [RSA] and digital signature standard [DSS]). Mandatory access control (MAC) and discretionary access control (DAC) are examples of access control mechanisms. Data encryption standard, DES, (56-bit key), three key triple data encryption standard, 3DES, (168-bit key), and international data encryption algorithm, IDEA, (128-bit key) are examples of private-key cryptographic systems. IDEA is another block cipher, similar to DES, and is a replacement for or an improvement over DES. IDEA is used in pretty good privacy (PGP) for data encryption.

Answer 284

B. Side channel attacks result from the physical implementation of a cryptosystem through the leakage of information by monitoring sound from computations to reveal cryptographic key-related information. Side-channel attacks are based on stealing valuable information whereas the other three choices deal with deceiving people. Social engineering attacks focus on coercing people to divulge passwords and other valuable information. Phishing attack involves tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing is a digital form of social engineering that uses authentic-looking but bogus e-mails to request information from users or direct them to a fake website that requests valuable personal information. Shoulder surfing attack is similar to social engineering where the attacker uses direct observation techniques such as looking over someone’s shoulder to obtain passwords, PINs, and other valuable codes.

Answer 285

B. A cryptographic key may pass through several states between its generation and its destruction. Six key-states include pre-activation state, active state, deactivated state, destroyed state, compromised state, and destroyed compromised state. In general, keys are compromised when they are released to or determined by an unauthorized entity. If the integrity or secrecy of the key is suspect, the compromised key is revoked. A cryptographic key may enter the compromised state from all states except the destroyed state and destroyed compromised states. A compromised key is not used to apply cryptographic protection to information. Even though the key no longer exists in the destroyed state, certain key attributes such as key name, key type, and crypto-period may be retained, which is risky. The other three choices are not risky. In the pre-activation state, the key has been generated but is not yet authorized for use. In this state the key may be used only to perform proof-of-possession or key confirmation. In the active state, a key may be used to cryptographically protect information or to cryptographically process previously protected information (for example, decrypt ciphertext or verify a digital signature) or both. When a key is active, it may be designated to protect only, process only, or both protect and process. In the deactivated state, a key’s crypto-period has expired, but it is still needed to perform cryptographic processing until it is destroyed.

Answer 286

C. Using the X.509 Version 3 standard helps application programs in accepting digital certificates from multiple vendor CAs, assuming that the certificates conform to a consistent Certificate Profiles. Application programs either have to be PKI-enabled, PKI-aware, or use PKI vendor plug-ins prior to the use of X.509 Version 3 standard. Version 3 is more interoperable so that an application program can accept digital certificates from multiple vendor certification authorities. Version 3 standard for digital certificates provides specific bits that can be set in a certificate to ensure that the certificate is used only for specific services such as digital signature, authentication, and encryption.

Answer 287

D. The digital certificate contains information about the user’s identity (for example, name, organization, and e-mail), but this information may not necessarily be unique. A one-way (hash) function can be used to construct a fingerprint (message digest) unique to a given certificate using the user’s public key.

Answer 288

B. DSA, RSA, and ECDSA are included in the DSS that specifies a digital signature used in computing and verifying digital signatures. DES is a symmetric algorithm and is not relevant here. DES is a block cipher and uses a 56-bit key.

Answer 289

B. Digital signatures provide authentication, nonrepudiation, and integrity services. Availability is a system requirement intended to ensure that systems work promptly and that service is not denied to authorized users.

Answer 290

A. Public-key cryptography has been recommended for distribution of secret keys and in support of digital signatures. Private-key cryptography has been recommended for encryption of messages and can be used for message integrity check computations. Hybrid keys combine the best of both public and private keys. Primary keys are used in database design and are not relevant here.

Answer 291

D. The information on the digital certificate includes the owner name, the public key, and start and end dates of its validity. The certificate should not contain any owner information that changes frequently (for example, the insurance company name).

Answer 292

D. Digital certificates are used as a means of user authentication. Entities can prove their possession of the private key by digitally signing known data or by demonstrating knowledge of a secret exchanged using public-key cryptographic methods

Answer 293

Behind the firewall

Answer 294

75 bits - 90 is preferable

Answer 295

Optional-to-implement that provides a greater security

Answer 296

Mandatory-to-implement encryption algorithms that do not provide adequate security.

Answer 297

A.Symmetric

Answer 298

B. Asymmetric

Answer 299

C. Hashing

Answer 300

A. Symmetric

Answer 301

A. True This ensures that identical plaintexts encrypt to different ciphertexts

Answer 302

A. Restricting Bluetooth device discovery relies on the secrecy of the 48-bit Bluetooth MAC address. Incorrect answers and explanations: Answers B, C, and D are incorrect. While E0 is a symmetric cipher, it not used to restrict discover though it is used for data encryption. Public or private keys are also not used for Bluetooth discovery.

Answer 303

C. The OSI model layers from bottom to top are: Physical, Data Link, Network, Transport, Session, Presentation, and Application. Remember “Please Do Not Throw Sausage Pizza Away” as a useful mnemonic to remember this.

Answer 304

A. EAP-TLS is the most secure (and costly) form of EAP because it requires both server and client-side certificates. Incorrect answers and explanations: Answers B, C, and D are incorrect. EAP TTLS and PEAP are similar and don’t require client-side certificates. LEAP is a Cisco-proprietary protocol that does not require client-side certificates; it also has fundamental security weaknesses.

Answer 305

D. Application-layer firewalls are the most secure, as they have the ability to filter based on OSI Layers 3–7.Incorrect answers and explanations: Answers A, B, and C are incorrect. All are firewalls. A packet filter is the least secure of the four, due to the lack of state. A stateful firewall is more secure than a packet filter, but its decisions are limited to Layers 3 and 4. Circuit-level proxy firewalls operate at Layer 5 and cannot filter based on application-layer data.

Answer 306

D. Accessing an IPv6 network via an IPv4 network is called tunneling. Incorrect answers and explanations: Answers A, B, and C are incorrect. CIDR is classless Inter domain Routing, a way to create flexible subnets. NAT is network address translation, which translates one IP address for another. Translation is a distractor answer

Answer 307

A. The SYN flagged packet is first sent from the initiating host to the destination host; thus it is the first step or phase in the TCP three-way handshake sequence used to establish a TCP session. The destination host then responds with a SYN/ACK flagged packet; this is the second step or phase of the TCP three-way handshake sequence. The initiating host sends an ACK flagged packet, and the connection is then established (the final or third step or phase). The FIN flag is used to gracefully shut down an established session.

Answer 308

D. UDP is a simplex protocol at the Transport layer (layer 4 of the OSI model). Bits is associated with the Physical layer (layer 1). Logical addressing is associated with the Network layer (layer 3). Data reformatting is associated with the Presentation layer (layer 6). 3. A, B, D. The means by which IPv6 and IPv4 can coexist on the same network is to use one or more of three primary options: dual stack, tunneling, or NAT-PT. Dual stack is to have most systems operate both IPv4 and IPv6 and use the appropriate protocol for each conversation. Tunneling allows most systems to operate a single stack of either IPv4 or IPv6 and use an encapsulation tunnel to access systems of the other protocol. Network address translation-Protocol Translation (NAT-PT) (RFC-2766) can be used to convert between IPv4 and IPv6 network segments similar to how NAT converts between internal and external addresses. IPsec is a standard of IP security extensions used as an add-on for IPv4 and integrated into IPv6, but it does not enable the use of both IPv4 and IPv6 on the same system (although it doesn’t prevent it either). IP side loading is not a real concept.

Answer 309

A, B, D. The means by which IPv6 and IPv4 can coexist on the same network is to use one or more of three primary options: dual stack, tunneling, or NAT-PT. Dual stack is to have most systems operate both IPv4 and IPv6 and use the appropriate protocol for each conversation. Tunneling allows most systems to operate a single stack of either IPv4 or IPv6 and use an encapsulation tunnel to access systems of the other protocol. Network address Translation-Protocol Translation (NAT-PT) (RFC-2766) can be used to convert between IPv4 and IPv6 network segments similar to how NAT converts between internal and external addresses. IPsec is a standard of IP security extensions used as an add-on for IPv4 and integrated into IPv6, but it does not enable the use of both IPv4 and IPv6 on the same system (although it doesn’t prevent it either). IP sideloading is not a real concept.

Answer 310

A, B, E. TLS allows for use of TCP port 443; prevents tampering, spoofing, and eavesdropping; and can be used as a VPN solution. The other answers are incorrect. TLS supports both one-way and two-way authentication. TLS and SSL are not interoperable or backward compatible.

Answer 311

B. Encapsulation is both a benefit and a potentially harmful implication of multilayer protocols. Encapsulation allows for encryption, flexibility, and resiliency, while also enabling covert channels, filter bypass, and overstepping network segmentation boundaries. Throughput is the capability of moving data across or through a network; this is not an implication of multilayer protocols. Hash integrity checking is a common benefit of multilayer protocols because most layers include a hash function in their header or footer. Logical addressing is a benefit of multilayer protocols; this avoids the restriction of using only physical addressing.

Answer 312

C. In this scenario, the only viable option to provide performance, availability, and security for the VoIP service is to implement a new, separate network for the VoIP system that is independent of the existing data network. The current data network is already at capacity, so creating a new VLAN will not provide sufficient insurance that the VoIP service will be highly available. Replacing switches with routers is usually not a valid strategy for increasing network capacity, and 1,000 Mbps is the same as 1 Gbps. Flood guards are useful against DoS and some transmission errors (such as Ethernet floods or broadcast storms), but they do not add more capacity to a network or provide reliable uptime for a VoIP service.

Answer 313

B, C, E. Micro segmentation can be implemented using internal segmentation firewalls (ISFWs), transactions between zones are filtered, and it can be implemented with virtual systems and virtual networks. Affinity or preference is the assignment of the cores of a CPU to perform different tasks. Micro segmentation is not related to edge and fog computing management.

Answer 314

A. The device in this scenario would benefit from the use of Zigbee. Zigbee is an IoT equipment communications concept that is based on Bluetooth. Zigbee has low power consumption and a low throughput rate, and it requires close proximity of devices. Zigbee communications are encrypted using a 128-bit symmetric algorithm. Bluetooth is not a good option since it is usually plaintext. Bluetooth Low Energy (BLE) might be a viable option if custom encryption was added. Fiber Channel over Ethernet (FCoE) is not a wireless technology or an IoT technology—it is a high-speed fiber optic–based storage technology. 5G is the latest mobile service technology that is available for use on mobile phones, tablets, and other equipment. Though many IoT devices may support and use 5G, it is mostly used to provide direct access to the internet rather than as a link to a local short-distance device, such as a PC or IoT hub.

Answer 315

A, B, D. Cellular services, such as 4G and 5G, raise numerous security and operational concerns. Although cellular service is encrypted from device to tower, there is a risk of being fooled by a false or rogue tower. A rogue tower could offer only plaintext connections, but even if it supported encrypted transactions, the encryption only applies to the radio transmissions between the device and the tower. Once the communication is on the tower, it will be decrypted, allowing for eavesdropping and content manipulation. Even without a rogue tower, eavesdropping can occur across the cellular carrier’s interior network as well as across the internet, unless a VPN link is established between the remote mobile device and the network of the organization James works for. Being able to establish a connection can be unreliable depending on exactly where James’s travel takes him. 3G, 4G, and 5G coverage is not 100 percent available everywhere. 5G coverage is the most limited since it is the latest technology and still not universally deployed, and each 5G tower covers less area than a 4G tower. If James is able to establish a connection, 4G and 5G speeds should be sufficient for most remote technician activities, since 4G supports 100 Mbps for mobile devices and 5G supports up to 10 Gbps. If connectivity is established, there should be no issues with cloud interaction or duplex conversations.

Answer 316

B. A content distribution network (CDN), or content delivery network, is a collection of resource service hosts deployed in numerous data centers across the world in order to provide low latency, high performance, and high availability of the hosted content. VPNs are used to transport communications over an intermediary medium through the means of encapsulation (i.e., tunneling), authentication, and encryption. Software-defined networking (SDN) aims at separating the infrastructure layer from the control layer on networking hardware in order to reduce management complexity. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) (Counter-Mode/CBC-MAC Protocol) is the combination of two block cipher modes to enable streaming by a block algorithm.

Answer 317

D. The true statement is: ARP poisoning can use unsolicited or gratuitous replies—specifically, ARP replies for which the local device did not transmit an ARP broadcast request. Many systems accept all ARP replies regardless of who requested them. The other statements are false. The correct versions of those statements would be: (A) MAC flooding is used to overload the memory of a switch, specifically the CAM table stored in switch memory when bogus information will cause the switch to function only in flooding mode. (B) MAC spoofing is used to falsify the physical address of a system to impersonate that of another authorized device. ARP poisoning associates an IP address with the wrong MAC address. (C) MAC spoofing relies on plaintext Ethernet headers to initially gather valid MAC addresses of legitimate network devices. ICMP crosses routers because it is carried as the payload of an IP packet

Answer 318

D. The most likely cause of the inability to recover files from the SAN in this scenario is deduplication. Deduplication replaces multiple copies of a file with a pointer to one copy. If the one remaining file is damaged, then all of the linked copies are damaged or inaccessible as well. File encryption could be an issue, but the scenario mentions that groups of people work on projects and typically file encryption is employed by individuals, not by groups. Whole drive encryption would be more appropriate for group-accessed files as well as for a SAN in general. This issue is not related to what SAN technology is used, such as Fibre Channel. This problem might be solvable by restoring files from a backup, whether real-time or not, but the loss of files is not caused by performing backups.

Answer 319

D. In this scenario, the malware is performing a MAC flooding attack, which causes the switch to get stuck in flooding mode. This has taken advantage of the condition that the switch had weak configuration settings. The switch should have MAC limiting enabled in order to prevent MAC flooding attacks from being successful. Although Jim was initially fooled by a social engineering email, the question asked about the malware’s activity. A MAC flooding attack is limited by network segmentation to the local switch, but the malware took advantage of weak or poor configuration on the switch and was still successful. MAC flooding is blocked by routers from crossing between switched network segments. The malware did not use ARP queries in its attack. ARP queries can be abused in an ARP poisoning attack, but that was not described in this scenario.

Answer 320

B. A switch is an intelligent hub. It is considered to be intelligent because it knows the addresses of the systems connected on each outbound port. Repeaters are used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. A bridge is used to connect two networks together—even networks of different topologies, cabling types, and speeds—in order to connect network segments that use the same protocol. Routers are used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. Routers manage traffic based on logical IP addressing.

Answer 321

B. A screened subnet is a type of security zone that can be positioned so that it operates as a buffer network between the secured private network and the internet and can host publicly accessible services. A honeypot is a false network used to trap intruders; it isn’t used to host public services. An extranet is for limited outside partner access, not public. An intranet is the private secured network.

Answer 322

B. A Faraday cage is an enclosure that blocks or absorbs electromagnetic fields or signals. Faraday cage containers, computer cases, rack-mount systems, rooms, or even building materials are used to create a blockage against the transmission of data, information, metadata, or other emanations from computers and other electronics. Devices inside a Faraday cage can use EM fields for communications, such as wireless or Bluetooth, but devices outside of the cage will not be able to eavesdrop on the signals of the systems within the cage. Air gaps do not contain or restrict wireless communications—in fact, for an air gap to be effective, wireless cannot even be available. Biometric authentication has nothing to do with controlling radio signals. Screen filters reduce shoulder surfing but do not address radio signals

Answer 323

B, E, F. Network access control (NAC) involves controlling access to an environment through strict adherence to and implementation of security policy. The goals of NAC are to detect/block rogue devices, prevent or reduce zero-day attacks, confirm compliance with updates and security settings, enforce security policy throughout the network, and use identities to perform access control. NAC does not address social engineering, mapping IP addresses, or distributing IP addresses—those are handled by training, NAT, and DHCP, respectively.

Answer 324

A. Endpoint detection and response (EDR) is a security mechanism that is an evolution of traditional antimalware products. EDR seeks to detect, record, evaluate, and respond to suspicious activities and events, which may be caused by problematic software or by valid and invalid users. It is a natural extension of continuous monitoring, focusing on both the endpoint device itself and network communications reaching the local interface. Some EDR solutions employ an on-device analysis engine whereas others report events back to a central analysis server or to a cloud solution. The goal of EDR is to detect abuses that are potentially more advanced than what can be detected by traditional antivirus or HIDSs, while optimizing the response time of incident response, discarding false positives, implementing blocking for advanced threats, and protecting against multiple threats occurring simultaneously and via various threat vectors. A next-generation firewall (NGFW) is a unified threat management (UTM) device that is based on a traditional firewall with numerous other integrated network and security services and is thus not the security solution needed in this scenario. A web application firewall (WAF) is an appliance, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and is not the security solution needed in this scenario. Cross-site request forgery (XSRF) is an attack against web-based services, not a malware defense.

Answer 325

A. An application-level firewall is able to make access control decisions based on the content of communications as well as the parameters of the associated protocol and software. Stateful inspection firewalls make access control decisions based on the content and context of communications, but are not typically limited to a single application-layer protocol. Circuit-level firewalls are able to make permit and deny decisions in regard to circuit establishment either based on simple rules for IP and port, using captive portals, requiring port authentication via 802.1X, or more complex elements such as context- or attribute-based access control. Static packet-filtering firewalls filter traffic by examining data from a message header. Usually, the rules are concerned with source and destination IP address (layer 3) and port numbers (layer 4).

Answer 326

A, C, D. Most appliance (i.e., hardware) firewalls offer extensive logging, auditing, and monitoring capabilities as well as alarms/alerts and even basic IDS functions. It is also true that firewalls are unable to prevent internal attacks that do not cross the firewall. Firewalls are unable to block new phishing scams. Firewalls could block a phishing scam’s URL if it was already on a block list, but a new scam likely uses a new URL that is not yet known to be malicious.

Answer 327

D. LLC and MAC; IEEE 802.2 and 802.3

Answer 328

A. Open mail relay servers

Answer 329

C. Three-tiered model

Answer 330

C. It is commonly used to send contact information.

Answer 331

A. DNS spoofing

Answer 332

A. Limiting IP sessions going through media gateways

Answer 333

B. Non persistent XSS vulnerability

Answer 334

C. CAs are specific nodes that are responsible for routing to nodes outside of their region.

Answer 335

B. Softphones are more secure than IP phones.

Answer 336

C. To avoid providing attackers with valuable information that can be used to prepare an attack

Answer 337

A. SMTP lacks an adequate authentication mechanism.

Answer 338

D. Security

Answer 339

D. Security

Answer 340

B. They must be within the satellite’s line of sight and footprint.

Answer 341

C. IM use can be stopped by simply blocking specific ports on the network firewalls.

Answer 342

A. IEEE 802.1AR

Answer 343

D. Infrastructure as a Service, Platform as Software, Software as a Service

Answer 344

A. Bridge-mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a host system.

Answer 345

2.Answer: B. ISO Explanation: The OSI model was developed by the International Organization for Standardization (ISO). The IEEE, IANA, and IETF are also involved in networking standards, but the OSI model is attributed explicitly to ISO.

Answer 346

Answer: A. Hub Explanation: A hub operates at the OSI model’s Physical Layer (Layer 1), simply forwarding incoming signals to all other ports without any filtering or decision-making process. In contrast, a switch, wireless access point (WAP), and bridge all have functionalities at the Data Link Layer (Layer 2). A switch uses MAC addresses to determine the destination port for each incoming frame, a WAP allows Wi-Fi devices to connect to a wired network and can use MAC addresses for some decision making processes, and a bridge is used to divide a network into segments, filtering traffic between them using MAC addresses. Therefore, the correct answer is A. Hub, as it is the only device not operating at the Data Link Layer.

Answer 347

Answer: D. UDP Explanation: The User Datagram Protocol (UDP) operates at the Transport Layer and is known for its best-effort, connectionless delivery. Unlike TCP, it does not provide error checking or guaranteed delivery, making it faster but less reliable. ARP and IGMP do not operate at this layer.

Answer 348

Answer: A. Packet Explanation: At Layer 3 of the OSI model, information is processed into units known as packets. This layer is responsible for logical addressing, routing, and path determination. The terms frame and segment refer to Layer 2 and 4 units, respectively, while “data stream” doesn’t specifically refer to a Layer 3 structure.

Answer 349

Answer: D. Physical, Data Link, Network, Transport, Session, Presentation, Application Explanation: When processing inbound data from the network, the OSI model layers are traversed from the Physical Layer (Layer 1) to the Application Layer (Layer 7). Option D correctly lists the layers in this order.

Answer 350

Answer: D. Fiber optic Explanation: Fiber-optic cables use light signals to transmit data, making them less susceptible to electromagnetic interference (emanation detection). Therefore, fiber-optic cables provide the best protection against this type of detection compared to other listed media types.

Answer 351

Answer: B. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Explanation: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is based on contention among the media access control methods listed. In this method, devices listen to the network and transmit when they believe the channel is free. If a collision is detected, they stop and wait for a random time before trying again. This contrasts with other methods, such as the token-passing bus and token-passing ring, where devices must wait for a token to transmit data, ensuring orderly access, and polling, where a master device controls access without contention.

Answer 352

Answer: C. Egress filter Explanation: An egress filter controls traffic flow as it leaves a network, blocking traffic that should not be exiting the network, such as packets with a public source IP address from a private network.

Answer 353

Answer: A. A system that has been hardened against attack Explanation: A bastion host is best described as a system hardened against attack (option A). It is a special-purpose computer on a network specifically designed and configured to withstand attacks, serving as a critical part of a network’s security system. While other options may describe various network functions, such as a default deny rule (option B), FQDN-to-IP-address resolution (option C, typically a DNS server) or replacing private IP typically a DNS server), or replacing private IP addresses with public ones as the packet exits the private network (option D, describing Network Address Translation), they do not define the primary function of a bastion host.

Answer 354

Answer: A. Multiprotocol Label Switching (MPLS) Explanation: Multiprotocol Label Switching (MPLS) is a protocol that uses labels to route packets quickly through a network. These labels are inserted before the Layer 2 header, allowing routers to forward the packets based on the labels without looking at the packet’s actual content.

Answer 355

Answer: B. Extensible Authentication Protocol (EAP) Explanation: Extensible Authentication Protocol (EAP) is a framework frequently used in network security and authentication. It supports multiple authentication methods, including token cards, smart cards, and public key authentication. It can also be extended to support new authentication mechanisms as they are developed, making it a fitting choice for the question.

Answer 356

Answer: D. 802.11n Explanation: The IEEE 802.11n specification is designed to support multiple-input and multipleoutput (MIMO) technology, which uses several transmitters and receivers to send and receive more data simultaneously. This technology increases the performance and range of wireless connections.

Answer 357

Answer: B. DDoS attack Explanation: A distributed denial-of-service (DDoS) attack involves an “army” of compromised computers, often called zombies or bots, which an attacker controls. These computers flood a target system with traffic, rendering it inaccessible. Other options listed do not typically involve using multiple compromised computers in the same way as a DDoS attack.

Answer 358

Answer: B. Layer 2 – Data Link Layer Explanation: Ethernet (IEEE 802.3) operates at the OSI model’s Data Link Layer (Layer 2). It is responsible for the framing, addressing, and error detection of data packets.

Answer 359

Answer: D. Perimeter surveillance and intelligence gathering Explanation: Among the options provided, the BEST proactive network defense strategy would be D. Perimeter surveillance and intelligence gathering. While redundant firewalls (option A) increase resilience, business continuity planning (option B) is more reactive, and disallowing P2P traffic (option C) is a specific measure not applicable to all organizations, perimeter surveillance and intelligence gathering (option D) represents a comprehensive and proactive approach. By monitoring the perimeter and gathering intelligence on potential threats, an organization can identify and mitigate risks before they materialize, making this strategy the most holistic and effective choice for proactive defense.

Answer 360

Answer: D. A man-in-the-middle attack Explanation: A man-in-the-middle (MITM) attack primarily targets the communication between two parties rather than the network itself. The attacker intercepts, alters, or relays messages between two parties without them knowing that they are being manipulated.

Answer 361

Answer: C. Traffic filtering Explanation: Among the options provided, the MOST effective countermeasure against a distributed denial-of-service (DDoS) attack is C. Traffic filtering. While keeping a fully qualified domain name’s (FQDN’s) secret (option A) may obscure targets and having a redundant network layout (option B) can increase resilience, neither approach directly addresses the nature of DDoS attacks. On the other hand, traffic filtering (option C) involves analyzing incoming traffic and filtering out malicious or unwanted requests. Via identifying and blocking the traffic associated with a DDoS attack, this method can prevent the attack from reaching its target, thereby maintaining the availability of the service, making it the most effective choice for mitigating such attacks.

Answer 362

Answer: A. On the network perimeter, to alert the network administrator of all suspicious traffic Explanation: Placing NIDS on the network perimeter allows for early detection of suspicious activity and attacks, providing a critical line of defense.

Answer 363

Answer: A. File server, IP phone, security camera Explanation: A converged IP network integrates various services such as voice, video, and data. Devices like IP phones, security cameras, and file servers are common in these environments.

Answer 364

Answer: B. Fiber optics are more difficult to wiretap. Explanation: Fiber-optic cables transmit data using light signals, making them more difficult to intercept or wiretap than copper cables that use electrical signals.

Answer 365

Answer: A. A boundary router, a firewall, a proxy server Explanation: A robust network perimeter defense typically includes boundary routers (to route data), firewalls (to filter traffic), and proxy servers (to act as intermediaries between internal and external networks).

Answer 366

Answer: A. Lack of physical access control Explanation: Wireless LANs are susceptible to risks from the lack of physical access control. Since the signals are transmitted through the air, unauthorized individuals can access the network without physical access to a network jack or cable.

Answer 367

Answer: D. An SSID does not provide protection Explanation: An SSID (Service Set Identifier) is simply a network name and does not provide any inherent security protection. While hiding or obscuring an SSID might make it slightly more difficult for casual users to find the network, it does not deter determined attackers. Tools that can discover hidden SSIDs are readily available, so relying on an SSID for security is not an effective strategy. Therefore, the correct answer is that an SSID does not provide protection, and other security measures, such as robust encryption and authentication methods, should be implemented to secure a WLAN.

Answer 368

Answer: A. It provides mechanisms for authentication and encryption. Explanation: IPSec (Internet Protocol Security) is a suite of protocols that secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a data stream. The other options are not accurate descriptions of IPSec’s primary function.

Answer 369

Answer: A. Lack of authentication of servers and thereby authenticity of records Explanation: The principal weakness of DNS lies in its lack of authentication, which can allow malicious actors to perform attacks like DNS spoofing. This can lead to false DNS responses, redirecting users to fraudulent websites.

Answer 370

Answer: B. Aggregates logs from security devices and application servers looking for suspicious activity Explanation: Security event management (SEM) focuses on real-time monitoring, correlating events, notifications, and console views. It aggregates log data generated throughout the organization’s technology infrastructure, looking for signs of malicious or otherwise suspicious activity.

Answer 371

Answer: C. Using a deny list of open email relays provides a secure way for an email administrator to identify open mail relays and filter spam Explanation: Relying solely on a denylist of open email relays is not a secure way to filter spam. Open relays constantly change, and denylists may become outdated quickly, leading to false positives or negatives.

Answer 372

Answer: C. A group of dispersed, compromised machines controlled remotely for illicit reasons Explanation: A botnet is a network of compromised computers, known as “bots” or “zombies,” controlled remotely by an attacker. These machines can be commanded to perform malicious activities such as DDoS attacks, spam distribution, or other illicit actions.

Answer 373

Answer: A. Cost Explanation: Mesh networks provide high redundancy and resilience by creating multiple connections between devices, but the complexity and the need for more cabling or connections make them more expensive to implement and maintain.

Answer 374

Answer: D. WPA2 Explanation: WPA2 (Wi-Fi Protected Access 2) provides stronger data protection by using the Advanced Encryption Standard (AES) protocol. It is considered more secure than the other options listed.

Answer 375

Answer: D. Fiber Explanation: Fiber-optic cables use light to transmit data, making them immune to electromagnetic interference (EMI) and power fluctuations. They are the most suitable option in environments where such interference is prevalent.

Answer 376

Answer: C. Are often insecure by their very nature as they were not designed to natively operate over today’s IP networks Explanation: Modbus and similar multilayer protocols used in industrial control systems were designed for closed, trusted environments. As they were not created with modern security challenges in mind, they often lack the necessary security features to protect against current threats, particularly when adapted to operate over the public Internet.

Answer 377

Answer: B. SSHv2 Explanation: SSHv2 (Secure Shell version 2) is a network protocol providing secure remote server access. Unlike TELNET, FTP, and TFTP, which send information, including passwords, in clear text, SSHv2 encrypts the session, making it a far more secure option for remote administration.

Answer 378

Answer: C. EAP-TLS Explanation: EAP-TLS (Extensible Authentication Protocol–Transport Layer Security) provides strong security by using client and server authentication certificates. It’s considered highly secure but costly and complex to implement due to the need for a public key infrastructure (PKI) to manage the certificates.

Answer 379

Answer: D. Cell phone hacking Explanation: Stealing electronic serial numbers (ESNs) is associated with cell phone hacking. ESNs are unique identifiers for mobile devices, and unauthorized access can be used for fraudulent activities.

Answer 380

Answer: B. IPSec Tunnel mode Explanation: IPSec Tunnel mode is suitable for encrypting traffic between different networks, and it supports both IPv4 and IPv6. It best fits this scenario, providing the required encryption and authentication for link-to-link communications.

Answer 381

Answer: D. NAT Explanation: NAT (Network Address Translation) is the process of translating private IP addresses into public IP addresses for communication over the Internet. This enables multiple devices within a local network to share a single public IP address.

Answer 382

Answer: D. 6to4 Explanation: 6to4 is a transition mechanism for migrating from IPv4 to IPv6, allowing IPv6 packets to be transmitted over an IPv4 network. It’s suitable for a scenario with no native connection to an IPv6 network.

Answer 383

Answer: D. Poison reverse Explanation: Poison reverse is the term for a situation where a path is no longer available and shows an infinite hop count. Among the given options, loopback refers to a special IP address used for testing, split horizon is a method to prevent routing loops by restricting route advertisement, and Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses. In contrast, poison reverse is used in distance-vector routing protocols to prevent routing loops. When a router learns that a route is no longer available, it advertises the route with an infinite metric, effectively “poisoning” the route and informing other routers that it is no longer reachable, making it the correct answer for the described situation.

Answer 384

Answer: A. WPA2 Explanation: WPA2 (Wi-Fi Protected Access 2) enhances WEP (Wired Equivalent Privacy) and WPA, which provides more robust security. It has become the standard for securing wireless networks.

Answer 385

Answer: A. Stateless firewall Explanation: A stateless firewall filters packets based solely on predefined rules concerning the source and destination IP addresses, ports, and protocols without keeping track of the state of active connections. It is the simplest type of firewall and closely resembles a packet filtering device.

Answer 386

Answer: C. X.25 Explanation: X.25 is a protocol suite widely used in the 1980s for packet-switched network services over public data networks (including over POTS lines). It’s considered a forerunner to newer protocols like Frame Relay.

Answer 387

Answer: D. Authentication, authorization, and accountability Explanation: RADIUS (Remote Authentication Dial-In User Service) is a protocol that provides centralized authentication, authorization, and accounting (often called AAA) for network users. It is commonly used in ISP and corporate environments to manage access to network resources.

Answer 388

Answer: D. ATM Explanation: ATM (Asynchronous Transfer Mode) is a cell-switched technology that uses small, fixed size cells to transmit data. It can be used in various applications, including WAN connections, making it suitable for the given scenario.

Answer 389

Answer: D. Stateful firewall Explanation: Third-generation firewalls are referred to as stateful firewalls. They monitor the state of active connections and make decisions based on the context of the traffic, such as TCP handshake completion and more.

Answer 390

Answer: D. PPP, ZIP, SPX, UDP, and TFTP Explanation: The question requires identifying protocols corresponding to OSI Layers 2, 6, 3, 4, and 7. The correct match for these layers would be protocols responsible for node-to-node communication (Layer 2), data translation including encryption and formatting (Layer 6), routing and forwarding (Layer 3), ensuring reliable data transfer (Layer 4), and interfacing with applications and enduser services (Layer 7). Analyzing the given options, the correct answer is D. PPP, ZIP, SPX, UDP, and TFTP, as these protocols correspond respectively to the functions of the specified OSI layers Other the functions of the specified OSI layers. Other options include protocols that do not typically align with the required OSI layers for this question.

Answer 391

Answer: A. 802.11a Explanation: The 802.11a standard operates in the 5 GHz bands, specifically in the 5.15–5.35 GHz and 5.725–5.825 GHz ranges, and typically has a shorter range, around 60 feet, depending on the environment and obstacles.

Answer 392

Answer: A. Defines procedures for managing Security Associations, utilizes IKE, etc Explanation: ISAKMP is a protocol that defines procedures and packet formats for the establishment, negotiation, modification, and deletion of Security Associations. It typically uses IKE (Internet Key Exchange) for key exchange but can implement other methods, making option A the correct description.

Answer 393

Answer: A. A seven-layer architecture for open systems interconnection Explanation: The OSI (open systems interconnection) model is a structured, layered architecture comprising seven layers. It allows open systems to interconnect and communicate with each other using protocols.

Answer 394

Answer: D. Data fragmentation Explanation: Data fragmentation is not a method to handle collisions. The methods mentioned in the content for handling collisions are token-based collision avoidance, polling, and Carrier Sense Multiple Access (CSMA).

Answer 395

Answer: A. Mapping IP addresses to MAC addresses Explanation: ARP (Address Resolution Protocol) Explanation: ARP (Address Resolution Protocol) allows IP addresses to be mapped to physical MAC addresses. It facilitates communication between devices on a network.

Answer 396

Answer: C. Encryption Explanation: OSPF (Open Shortest Path First) is a routing protocol routers use to manage and direct network traffic. It includes security features such as encryption, making it a more secure routing protocol.

Answer 397

Answer: B. To create virtual tunnels through physical networks to connect devices Explanation: VLAN (Virtual Local Area Network) can be created using devices, technologies, and software. It reduces the need for physical rewiring by creating virtual tunnels through physical networks to connect devices, thereby enhancing network management and security.

Answer 398

Answer: C. Fiber optic Explanation: Fiber-optic cable utilizes light pulses to represent 0s and 1s. It offers great advantages in speed and security compared to other types of cables like twisted pair and coaxial.

Answer 399

Answer: B. Providing feedback about problems in the network communication environment Explanation: ICMP (Internet Control Message Protocol) is used for messaging and specifically provides feedback about problems in the network communication environment. Commands like Ping and traceroute utilize ICMP.

Answer 400

Answer: D. WPA3 Explanation: WPA3 (Wi-Fi Protected Access 3) is a security solution for the 802.11 wireless protocol family released in 2018 It includes access control family, released in 2018. It includes access control, authentication, encryption, and integrity protection.

Answer 401

Answer: B. DoS involves a single machine, while DDoS involves multiple machines. Explanation: A denial-of-service (DoS) attack involves a single machine attempting to impede or deny functionality, while a distributed denial-of service (DDoS) attack involves multiple devices acting in unison to achieve the same goal.

Answer 402

Answer: D. Fragmentation Explanation: The OSI model consists of seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical. Fragmentation is not one of the layers in the OSI model.

Answer 403

Answer: A. HTTPS Explanation: HTTPS (Hypertext Transfer Protocol Secure) securely transmits data over the Internet. It encrypts the client and server data, ensuring confidentiality and integrity.

Answer 404

Answer: C. Providing error detection and correction at the physical level Explanation: The Data Link Layer in the OSI model provides error detection and correction at the physical level. It ensures that data frames are transmitted without errors.

Answer 405

Answer: B. MAC address filtering Explanation: MAC address filtering is a security measure that controls access to a wireless network. Allowing or denying specific MAC addresses prevents unauthorized devices from connecting to the network.

Answer 406

Answer: B. Man-in-the-middle attack Explanation: A man-in-the-middle (MITM) attack involves an attacker intercepting and possibly altering communications between two parties without their knowledge. It can lead to eavesdropping or data manipulation.

Answer 407

Answer: D. Increases data transmission speed Explanation: A Virtual Private Network (VPN) encrypts data transmission, creates a virtual tunnel through the public Internet, and allows remote access to a private network. It does not inherently increase data transmission speed.

Answer 408

Answer: B. Managing network devices Explanation: SNMP (Simple Network Management Protocol) manages network devices. It allows administrators to monitor, configure, and control network devices such as routers and switches.

Answer 409

Answer: B. It monitors the state of active connections. Explanation: A stateful firewall monitors the state of active connections and makes decisions based on the context of the traffic, such as TCP handshake completion. It provides more advanced filtering compared to stateless firewalls.

Answer 410

Answer: C. RC4 Explanation: WEP (Wired Equivalent Privacy) uses the RC4 encryption algorithm. It was an early security protocol for wireless networks but has been largely replaced due to its vulnerabilities.

Answer 411

Answer: B. It acts as an intermediary between a client and the server. Explanation: A proxy server is an intermediary between a client and a server. It can provide content filtering, privacy enhancement, and caching functions.

Answer 412

Answer: B. It ensures reliable data transmission between devices. Explanation: The Transport Layer in the OSI model is responsible for ensuring reliable data transmission between devices. It manages error recovery and data flow control and ensures that data packets are delivered in the correct sequence.

Answer 413

Answer: C. SFTP Explanation: SFTP (Secure File Transfer Protocol) provides secure file transfer capabilities by encrypting the data during transmission. It ensures the confidentiality and integrity of the files being transferred.

Answer 414

Answer: C. It routes data between different networks. Explanation: The Network Layer in the OSI model is responsible for routing data between different networks. It determines the best path for data to travel from the source to the destination.

Answer 415

Answer: C. Two-factor authentication Explanation: Two-factor authentication (2FA) is a common method used to authenticate users on a network. It requires two separate forms of identification, enhancing security by adding a layer of authentication.

Answer 416

Answer: C. Denial-of-service attack Explanation: A denial-of-service (DoS) attack involves overwhelming a system with traffic to make it unavailable to users. It can be executed by sending excessive requests to a target, consuming its resources.

Answer 417

Answer: C. Stateless Explanation: TCP (Transmission Control Protocol) is connection oriented and ensures reliable data transmission by providing error checking and acknowledgment of received packets. It is not stateless; rather, it maintains the state of the connection throughout the communication process.

Answer 418

Answer: A. It translates, encrypts, and compresses data. Explanation: The Presentation Layer in the OSI model is responsible for translating, encrypting, and compressing data. It ensures that the data is in a format that both the sending and receiving devices can understand.

Answer 419

Answer: C. SSL/TLS Explanation: SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a protocol designed to communicate securely over an insecure network. It encrypts the client and server data, ensuring confidentiality and integrity.

Answer 420

Answer: C. Ring Explanation: In a Ring topology, devices are connected in a closed loop. Each device is connected to exactly two other devices, forming a circular structure.

Answer 421

Answer: B. It acts as a buffer zone between the internal network and untrusted external networks. Explanation: A demilitarized zone (DMZ) acts as a buffer zone between internal and untrusted external networks, such as the Internet. It adds a layer of security by isolating public-facing servers from the internal network.

Answer 422

Answer: A. To manage public and private keys for data encryption Explanation: Public key infrastructure (PKI) manages public and private keys for data encryption. It ensures secure communication by providing key management, certificate issuance, and authentication.

Answer 423

Answer: C. It monitors network traffic for suspicious activities. Explanation: A network intrusion detection system (NIDS) monitors network traffic for suspicious activities and potential breaches. It can alert administrators to possible intrusions, allowing for a timely response.

Answer 424

Answer: B. It provides a secure connection over the public Internet. Explanation: A Virtual Private Network (VPN) provides a secure connection over the public Internet by encrypting the data transmission. It allows remote access to a private network while maintaining confidentiality and integrity.

Answer 425

Answer: B. Encrypting data stored on a local network Explanation: A firewall’s primary functions include filtering incoming and outgoing traffic, blocking unauthorized access, and monitoring connections. It does not typically encrypt data stored on a local network.

Answer 426

Answer: B. Mesh Explanation: In a Mesh topology, each device is connected to every other device. This provides multiple paths for data transmission and enhances redundancy and reliability.

Answer 427

Answer: D. SMTPS Explanation: SMTPS (Secure Mail Transfer Protocol Secure) is used to send email securely. It encrypts the connection between the mail client and server, ensuring the email content is confidential.

Answer 428

Answer: A. It acts as a decoy to attract attackers. Explanation: A honeypot in network security acts as a decoy to attract attackers. It is designed to be vulnerable to lure potential attackers, allowing security professionals to study their behaviors and techniques.

Answer 429

Answer: B. To encrypt email content Explanation: S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol to encrypt email content. It ensures the confidentiality and integrity of email messages by encrypting the data.

Answer 430

Answer: B. It filters traffic based solely on source and destination addresses. Explanation: A stateless firewall filters traffic based solely on source and destination addresses without keeping track of the state of active connections. It provides basic filtering compared to stateful firewalls.

Answer 431

Answer: A. Star Explanation: All devices are connected to a central hub or switch in a Star topology. This central connection point allows for easy addition and removal of devices but can create a single point of failure.

Answer 432

Answer: B. It translates data into a user-friendly format. Explanation: The Physical Layer in the OSI model manages the physical connection between devices, defines the electrical and physical specifications, and transmits raw bitstream over the physical medium. It does not translate data into a user friendly format.

Answer 433

Answer: B. It provides real-time analysis of security alerts. Explanation: A security information and event management (SIEM) system provides real-time analysis of security alerts generated by various hardware and software entities in an organization. It helps in early detection and response to security incidents.

Answer 434

Answer: B. To encrypt web communication Explanation: S-HTTP (Secure Hypertext Transfer Protocol) encrypts web communication. It ensures the confidentiality and integrity of data transmitted between the web browser and server.

Answer 435

Answer: B. It encrypts data transmission. Explanation: A Virtual LAN (VLAN) creates virtual tunnels through physical networks, allows devices to be grouped logically, and enhances network management and security. It does not inherently encrypt data transmission.

Answer 436

Answer: D. Bus Explanation: All devices are connected to a central cable in a bus topology. This central cable is a backbone for the network, and data is transmitted along this single pathway.

Answer 437

Answer: B. Data encryption Explanation: Data encryption is commonly used to secure data at rest. Encrypting the data stored on a device or within a network prevents unauthorized access and potential breaches.

Answer 438

Answer: B. It provides real-time monitoring and analysis of security events. Explanation: A security operations center (SOC) monitors and analyses security events within an organization. It coordinates security measures and responds to security incidents to protect against threats.

Answer 439

Answer: B. To transfer files over a network Explanation: FTP (File Transfer Protocol) transfers files over a network. It allows users to upload and download files from servers, facilitating file sharing and management.

Answer 440

Answer: C. It increases data transmission speed. Explanation: Secure Shell (SSH) provides secure remote access, encrypts data transmission, and uses public key cryptography to authenticate users. It does not inherently increase data transmission speed.

Answer 441

Answer: B. Mesh Explanation: In a Mesh topology, devices are connected to multiple other devices, providing redundancy. This ensures that data can still be transmitted through alternative paths if one connection fails.

Answer 442

Answer: C. Security token Explanation: Authenticating users based on something they have often involved using a security token. This can be a physical device or a digital token that generates a code, providing an additional layer of authentication.

Answer 443

Answer: C. It controls access to a network based on policies. Explanation: A network access control (NAC) system controls access to a network based on policies. It evaluates the security posture of devices attempting to connect and enforces compliance with security policies.

Answer 444

Answer: B. To provide a directory service for managing user information Explanation: LDAP (Lightweight Directory Access Protocol) provides a directory service for collecting user information. It allows organizations to store and retrieve user credentials, profiles, and other information in a structured manner.

Answer 445

Answer: C. It manages physical connections between devices. Explanation: Internet Protocol Security (IPSec) provides secure communication over IP networks, encrypts data at the Transport Layer, and uses authentication headers for integrity. It does not manage physical connections between devices

Answer 446

A. An on-premises identity management system will provide the organization with the most control and is the best choice. A cloud-based solution is controlled by a third party. Either an on-premises or a cloud-based solution is needed. There’s no need to have both in a hybrid solution. Identity management solutions provide single sign-on (SSO), but SSO is a benefit of identity management, not a type of identity management.

Answer 447

A. A primary goal when controlling access to assets is to protect against losses, including any loss of confidentiality, loss of availability, or loss of integrity. Subjects authenticate on a system, but objects do not authenticate. Subjects access objects, but objects do not access subjects. Identification and authentication are important as the first step in access control, but much more is needed to protect assets.

Answer 448

C. The subject is active and is always the entity that receives information about, or data from, the object. A subject can be a user, a program, a process, a file, a computer, a database, and so on. The object is always the entity that provides or hosts information or data. The roles of subject and object can switch while two entities communicate to accomplish a task.

Answer 449

D. NIST SP 800-63B recommends users only be required to change their password if their current password is compromised. They do not recommend that users be required to change their password regularly at any interval.

Answer 450

B. Password history can prevent users from rotating between two passwords. It remembers previously used passwords. Password complexity and password length help ensure that users create strong passwords. Password age ensures that users change their password regularly.

Answer 451

B. A passphrase is a long string of characters that is easy to remember, such as IP@$$edTheCISSPEx@m. It is not short and typically includes at least three sets of character types. It is strong and complex, making it difficult to crack.

Answer 452

A. A synchronous token generates and displays onetime passwords that are synchronized with an authentication server. An asynchronous token uses a challenge-response process to generate the onetime password. Smartcards do not generate onetime passwords, and common access cards are a version of a smartcard that includes a picture of the user.

Answer 453

C. The point at which the biometric false rejection rate and the false acceptance rate are equal is the crossover error rate (CER). It does not indicate that sensitivity is too high or too low. A lower CER indicates a higher-quality biometric device, and a higher CER indicates a less accurate device.

Answer 454

A. A false rejection, sometimes called a false negative authentication or a Type I error, occurs when an authentication doesn’t recognize a valid subject (Sally in this example). A false acceptance, sometimes called a false positive authentication or a Type II error, occurs when an authentication system incorrectly recognizes an invalid subject. Crossover errors and equal errors aren’t valid terms related to biometrics. However, the crossover error rate (also called equal error rate) compares the false rejection rate to the false acceptance rate and provides an accuracy measurement for a biometric system.

Answer 455

C. An authenticator app on a smartphone or tablet device is the best solution. SMS has vulnerabilities, and NIST has deprecated its use for two-factor authentication. Biometric authentication methods, such as fingerprint scans, provide strong authentication. However, purchasing biometric readers for each employee’s home would be expensive. A PIN is in the something you know factor of authentication, so it doesn’t provide two-factor authentication when used with a password.

Answer 456

B. Physical biometric methods such as fingerprints and iris scans provide authentication for subjects. An account ID provides identification. A token is something you have, and it creates onetime passwords, but it is not related to physical characteristics. A personal identification number (PIN) is something you know.

Answer 457

B, C, D. Ridges, bifurcations, and whorls are fingerprint minutiae. Ridges are the lines in a fingerprint. Some ridges abruptly end, and some ridges bifurcate or fork into branch ridges. Whorls are a series of circles. Palm scans measure vein patterns in a palm.

Answer 458

A. Fingerprints can be counterfeited or duplicated. It is not possible to change fingerprints. Users will always have a finger available (except for major medical events), so they will always have a fingerprint available. It usually takes less than a minute for registration of a fingerprint.

Answer 459

A, D. Accurate identification and authentication are required to support accountability. Logs record events, including who took an action, but without accurate identification and authentication, the logs can’t be relied on. Authorization grants access to resources after proper authentication. Auditing occurs after logs are created, but identification and authentication must occur first.

Answer 460

A, D. Accurate identification and authentication are required to support accountability. Logs record events, including who took an action, but without accurate identification and authentication, the logs can’t be relied on. Authorization grants access to resources after proper authentication. Auditing occurs after logs are created, but identification and authentication must occur first.

Answer 461

C. Authentication is necessary to ensure a network supports accountability. Note that authentication indicates that a user claimed an identity such as with a username and proved the identity such as with a password. In other words, valid authentication includes identification. However, dentification doesn't include authentication. If users could just claim an identity without proving it's their identity, the system doesn't support accountability. Audit trails (not available as a possible answer) help provide accountability as long as users have authenticated. Integrity provides assurances that unauthorized entities have not modified data or system settings. Confidentiality ensures that unauthorized entities can’t access sensitive data and is unrelated to this question.

Answer 462

C. The most likely reason (of the provided options) is to prevent sabotage. If the user’s account remains enabled, the user may log on later and cause damage. Disabling the account doesn’t remove the account or remove assigned privileges. Disabling an account doesn’t encrypt any data, but it does retain encryption keys that supervisors can use to decrypt any data encrypted by the user.

Answer 463

C. The most likely reason to delete the account (of the provided options) is if an employee left the organization and will start a new job tomorrow. It would not be appropriate to delete the account for any other answer options. If an administrator used their account to run services, deleting their account would prevent the services from running. It would be appropriate to disable the account of a disgruntled employee. If this employee encrypted data with their account, deleting the account would prevent access to the encrypted data. It would be appropriate to change the password of a shared account used by temporary employees

Answer 464

D. It’s appropriate to disable an account when an employee takes a leave of absence of 30 days or more. The account should not be deleted because the employee will return after the leave of absence. If the password is reset, someone could still log on. If nothing is done to the account, someone else may access it and impersonate the employee.

Answer 465

C. Account access reviews can detect security issues for service accounts such as the sa (short for system administrator) account in Microsoft SQL Server systems. Reviews can ensure that service account passwords are strong and changed often. The other options suggest removing, disabling, or deleting the sa account, but doing so is likely to affect the database server’s performance. Account deprovisioning ensures accounts are removed when they are no longer needed. Disabling an account ensures it isn’t used, and account revocation deletes the account.

Answer 466

D. A periodic account access review can discover when users have more privileges than they need and could have been used to discover that this employee had permissions from several positions. Strong authentication methods (including multifactor authentication methods) would not have prevented the problems in this scenario. Logging records what happened, but it doesn’t prevent events

Answer 467

B. The implicit deny principle ensures that access to an object is denied unless access has been expressly allowed (or explicitly granted) to a subject. It does not allow all actions that are not denied, and it doesn’t require all actions to be denied.

Answer 468

B. An access control matrix includes multiple objects and subjects. It identifies access granted to subjects (such as users) to objects (such as files). A single list of subjects for any specific object within an access control matrix is an access control list. A federation refers to a group of companies that share a federated identity management (FIM) system for single sign-on (SSO). Creeping privileges refers to excessive privileges a subject gathers over time.

Answer 469

B. A discretionary access control model allows the owner (or data custodian) of a resource to grant permissions at the owner’s discretion. The other answers (MAC, RBAC, and rule-based access control) are nondiscretionary models.

Answer 470

A. The DAC model allows the owner of data to modify permissions on the data. In the DAC model, objects have owners, and the owners can grant or deny access to objects that they own. The MAC model uses labels to assign access based on a user’s need to know and organization policies. A rule-based access control model uses rules to grant or block access. A risk-based access control model examines the environment, the situation, and policies coded in software to determine access.

Answer 471

D. A role-based access control (RBAC) model can group users into roles based on the organization’s hierarchy, and it is a nondiscretionary access control model. A nondiscretionary access control model uses a central authority to determine which objects subjects can access. In contrast, a Discretionary Access Control (DAC) model allows users to grant or reject access to any objects they own. An ACL is an example of a rule-based access control model that uses rules, not roles.

Answer 472

A. The role-based access control (RBAC) model is based on role or group membership, and users can be members of multiple groups. Users are not limited to only a single role. RBAC models are based on the hierarchy of an organization, so they are hierarchy based. The mandatory access control (MAC) model uses assigned labels to identify access.

Answer 473

A. The role-based access control (RBAC) model is based on role or group membership, and users can be members of multiple groups. Users are not limited to only a single role. RBAC models are based on the hierarchy of an organization, so they are hierarchy based. The mandatory access control (MAC) model uses assigned labels to identify access.

Answer 474

D. A rule-based access control model uses global rules applied to all users and other subjects equally. It does not apply rules locally or to individual users.

Answer 475

B. The ABAC model is commonly used in SDNs. None of the other answers are normally used in SDNs. The MAC model uses labels to define access, and the RBAC model uses groups. In the DAC model, the owner grants access to others.

Answer 476

B. In a hierarchical environment, the various classification labels are assigned in an ordered structure from low security to high security. The mandatory access control (MAC) model supports three environments: hierarchical, compartmentalized, and hybrid. A compartmentalized environment ignores the levels, and instead only allows access for individual compartments on any level. A hybrid environment is a combination of a hierarchical and compartmentalized environment. A MAC model doesn’t use a centralized environment.

Answer 477

B. The MAC model uses labels to identify the upper and lower bounds of classification levels, and these define the level of access for subjects. MAC is a nondiscretionary access control model that uses labels. However, not all nondiscretionary access control models use labels. DAC and ABAC models do not use labels.

Answer 478

C. Mandatory access control (MAC) models rely on the use of labels for subjects and objects. They look similar to a lattice when drawn, so the MAC model is often referred to as a lattice-based model. None of the other answers use labels. Discretionary Access Control (DAC) models allow an owner of an object to control access to the object. Nondiscretionary access controls have centralized management, such as a rule-based access control model deployed on a firewall. Role-based access control (RBAC) models define a subject’s access based on job-related roles.

Answer 479

A. A risk-based access control model can require users to authenticate with multifactor authentication. None of the other access control models listed can evaluate how a user has logged on. A MAC model uses labels to grant access. An RBAC model grants access based on job roles or groups. In a DAC model, the owner grants access to resources.

Answer 480

A. A risk-based access control model evaluates the environment and the situation and then makes access decisions based on coded policies. A MAC model grants access using labels. An RBAC model uses a well-defined collection of named job roles for access control. Administrators grant each job role with the privileges they need to perform their jobs. An ABAC model uses attributes to grant access and is often used in software-defined networks (SDNs).

Answer 481

A. OpenID Connect (OIDC) uses a JavaScript Object Notation (JSON) Web Token (JWT) that provides both authentication and profile information for internet-based single sign-on (SSO). None of the other answers use tokens. OIDC is built on the OAuth 2.0 framework. OpenID provides authentication but doesn’t include profile information.

Answer 482

D. Configuring a central computer to synchronize its time with an external NTP server and all other systems to synchronize their time with the NTP will likely solve the problem and is the best choice of the available options. Kerberos requires computer times to be within 5 minutes of each other and the scenario, along with the available answers, suggested the user’s computer is not synchronized with the Kerberos server. Kerberos uses AES. However, because a user successfully logs on to one computer, it indicates Kerberos is working, and AES is installed. NAC checks a system’s health after the user authenticates. NAC doesn’t prevent a user from logging on. Some federated systems use SAML, but Kerberos doesn’t require SAML.

Answer 483

C. The primary purpose of Kerberos is authentication, since it allows users to prove their identity. It also provides a measure of confidentiality and integrity using symmetric key encryption, but these are not the primary purpose. Kerberos does not include logging capabilities, so it does not provide accountability.

Answer 484

B. The network access server is the client within a RADIUS architecture. The RADIUS server is the authentication server, and it provides authentication, authorization, and accounting (AAA) services. The network access server might have a host firewall enabled, but that isn’t the primary function.

Answer 485

B. The best choice is to give the administrator the root password. The administrator would enter it manually when running commands that need elevated privileges by running the su command. If the user is granted sudo access, it would allow the user to run commands requiring root-level privileges, under the context of the user account. If an attacker compromised the user account, the attacker could run the elevated commands with sudo. Linux systems don’t have an administrator group or a LocalSystem account.

Answer 486

D. NTLM is known to be susceptible to pass-the-hash attacks, and this scenario describes a pass-the-hash attack. Kerberos attacks attempt to manipulate tickets, such as in pass-the ticket and golden ticket attacks, but these are not NTLM attacks. A rainbow table attack uses a rainbow table in an offline brute-force attack.

Answer 487

C. Attackers can create golden tickets after successfully exploiting Kerberos and obtaining the Kerberos service account (KRBTGT). Golden tickets are not associated with Remote Authentication Dial-in User Service (RADIUS), Security Assertion Markup Language (SAML), or OpenID Connect (OIDC)

Answer 488

B. Context-dependent access control adds additional factors beyond username and password, such as the time of attempted access.Incorrect Answers and Explanations: Answers A, C, and D are incorrect. Content-dependent access control uses the content, such as file contents, as an additional factor. Role-based control is based on the subject's role, while task based access control is based on the tasks the subject needs to perform.

Answer 489

B. Identity as a service, also called cloud identity, allows organizations to leverage cloud service for identity management. Incorrect answers and explanations: Answers A, C, and D are incorrect. IaaS (infrastructure as a service) provides an entire virtualized operating system, which the customer configures from the OS on up. PaaS (platform as a service) provides a preconfigured operating system, and the customer configures the applications. SaaS (software as a service) is completely configured, from the operating system to applications, and the customer simply uses the application.

Answer 490

C. SAML is an XML-based framework for exchanging security information, including authentication data.Incorrect answers and explanations: Answers A, B, and D are incorrect. Kerberos is a third-party authentication service that may be used to support single sign-on. OpenID is a framework for exchanging authentication data, but it is not XML-based. SESAME stands for secure European system for applications in a multivendor environment, a single sign-on system that supports heterogeneous environments.

Answer 491

B. Lightweight directory access protocol is an open protocol for interfacing and querying directory service information from network operating systems using port 389 TCP or UDP. Incorrect answers and explanations: Answers A, C, and D are incorrect. CHAP, PAP, and RADIUS do not provide directory service information provided by network operating systems using port 389 TCP or UDP.

Answer 492

Correct answer and explanation: A. Decreasing the amount of minutiae will make the accuracy of the system lower, which lower false rejects but raises false accepts. Incorrect answers and explanations: Answers B, C, and D are incorrect. Increasing the amount of minutiae will make the system more accurate, increasing the FRR and lowering the FAR. Enrollment and throughput time are not directly connected to FAR and FRR

Answer 493

B. The act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources Explanation: Privilege escalation in the context of access control systems refers to the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources. This is a common technique used in cyberattacks to gain unauthorized access to systems.

Answer 494

B. To allow the owners of information to control who can access their information Explanation: Discretionary access control is a type of access control that allows the owners of information to control who can access their information. It is commonly used in environments where information sharing is encouraged, but control is still required.

Answer 495

B. It can lead to “privilege creep” if access rights are not regularly reviewed and updated. Explanation: The main disadvantage of using discretionary access control systems is that it can lead to “privilege creep” if access rights are not regularly reviewed and updated. Privilege creep occurs when users accumulate more privileges than they need to perform their job functions, which can increase the risk of unauthorized access and data breaches.

Answer 496

B. To provide a standard for authorizing third-party applications to access user data without sharing passwords Explanation: OAuth (Open Authorization) is a standard for authorizing third-party applications to access user data without sharing passwords. It is commonly used in scenarios where you want to give an application access to your data without giving it your password.

Answer 497

B. The process of removing an existing user account and its associated access rights Explanation: Deprovisioning in the context of IAM refers to the process of removing an existing user account and its associated access rights. This is typically done when an employee leaves an organization or changes roles.

Answer 498

B. A flexible access control method where access rights are granted to users through the use of policies which combine attributes together Explanation: Attribute-based access control (ABAC) in the context of access control systems refers to a flexible access control method where access rights are granted to users through the use of policies which combine attributes together. These attributes can be associated with the user, the object to be accessed, or the environment.

Answer 499

B. To enforce access control policies based on the classification of information and the security clearance of users Explanation: Mandatory access control is a type of access control that enforces access control policies based on the classification of information and the security clearance of users. It is commonly used in government and military environments where information must be classified and access must be strictly controlled.

Answer 500

It can be difficult to manage if roles are not clearly defined or if users have multiple roles. Explanation: The main disadvantage of using rolebased access control systems is that it can be difficult to manage if roles are not clearly defined or if users have multiple roles. This can lead to users having more access rights than they need, which can increase the risk of unauthorized access and data breaches.

Answer 501

B. To provide a standard for exchanging authentication and authorization data between parties Explanation: SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between parties. It is commonly used in Single Sign-On (SSO) and Federated Identity Management (FIM) systems.

Answer 502

B. The process of setting up a new user account with appropriate access rights Explanation: Provisioning in the context of IAM refers to the process of setting up a new user account with appropriate access rights. This includes activities such as creating the user’s account, assigning roles, and granting access to resources.

Answer 503

B. The use of a single set of credentials to access multiple applications or services Explanation: Single Sign-On (SSO) in the context of authentication systems refers to the use of a single set of credentials to access multiple applications or services. This simplifies the user experience and reduces the risk of password-related security issues.

Answer 504

B. To ensure that users only have the minimum levels of access necessary to perform their job functions Explanation: The “principle of least privilege” in access control is designed to ensure that users only have the minimum levels of access necessary to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 505

B. Passwords can be easily forgotten, shared, or stolen Explanation: The main disadvantage of using password-based authentication systems is that passwords can be easily forgotten, shared, or stolen. This can lead to unauthorized access and other security issues.

Answer 506

B. To provide a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service Explanation: TACACS+ (Terminal Access Controller Access Control System Plus) is a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 507

B. The stages a digital identity goes through from creation to deletion Explanation: The identity life cycle in the context of IAM refers to the stages a digital identity goes through from creation to deletion. This includes processes such as provisioning, managing, and deprovisioning identities.

Answer 508

B. The use of two or more independent credentials for verifying a user’s Identity Explanation: Multifactor authentication (MFA) in the context of authentication systems refers to the use of two or more independent credentials for verifying a user’s Identity. This typically involves a combination of something the user knows (like a password), something the user has (like a smart card), and something the user is (like a biometric trait).

Answer 509

D. To ensure that actions can be definitively traced back to the individual who performed them, and they cannot deny performing them Explanation: The “non-repudiation” principle in access control is designed to ensure that actions can be definitively traced back to the individual who performed them, and they cannot deny performing them. This is typically important in legal contexts where proof of action is required.

Answer 510

B. If the biometric data is compromised, it cannot be changed like a password. Explanation: The main disadvantage of using biometric authentication systems is that if the biometric data is compromised, it cannot be changed like a password. This can lead to serious security issues.

Answer 511

B. To provide a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service Explanation: RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 512

C. The process of allowing different organizations to share and manage identity information Explanation: Identity Federation in the context of IAM refers to the process of allowing different organizations to share and manage identity information. This allows users to use the same credentials to access services across multiple organizations. Answer: B To provide a networking protocol that

Answer 513

C. The process of verifying a user’s claimed Identity by comparing it against one or more reliable sources Explanation: Identity proofing in the context of IAM refers to the process of verifying a user’s claimed Identity by comparing it against one or more reliable sources. This is typically done as part of the onboarding process when a new account is created.

Answer 514

B. The use of physical or behavioral characteristics to verify a user’s Identity Explanation: Biometrics in the context of authentication systems refers to the use of physical or behavioral characteristics to verify a user’s Identity. This can include fingerprints, facial recognition, voice recognition, and other unique characteristics.

Answer 515

D. To ensure that actions can be traced back to the individual who performed them Explanation: The “accountability” principle in access control is designed to ensure that actions can be traced back to the individual who performed them. This is typically done through the use of audit logs and other tracking mechanisms.

Answer 516

B. If the FIM system is compromised, all services that use it are potentially at risk. Explanation: The main disadvantage of using a Federated Identity Management (FIM) system is that if the FIM system is compromised, all services that use it are potentially at risk. This is because the attacker would have access to all the systems the user can access through the FIM system user can access through the FIM system.

Answer 517

D. To provide a secure method for transmitting information and authenticating both the user and the server Explanation: Kerberos is a network authentication protocol that provides a secure method for transmitting information and authenticating both the user and the server. It uses secret-key cryptography to prevent eavesdropping and replay attacks.

Answer 518

D. A cloud-based service that provides Identity and Access Management functions to an organization’s systems that reside on-premises and/or in the cloud Explanation: Identity as a Service (IDaaS) refers to a cloud-based service that provides Identity and Access Management functions to an organization’s systems that reside on-premises and/or in the cloud. It is typically used by organizations that want to outsource their identity services to a third-party provider.

Answer 519

A. The process of a user claiming or professing an identity Explanation: Identification in the context of Access Control Services refers to the process of a user claiming or professing an identity. This is typically the first step in the authentication process.

Answer 520

B. To ensure that users only have the minimum levels of access necessary to perform their job functions Explanation: The “least privilege” principle in access control is designed to ensure that users only have the minimum levels of access necessary to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 521

B. It allows users to use the same credentials to access services across multiple organizations. Explanation: The main advantage of using a Federated Identity Management (FIM) system is that it allows users to use the same credentials to access services across multiple organizations. This not only improves user convenience but also reduces the risk of password-related security issues.

Answer 522

B. The process of determining what actions a user is allowed to perform Explanation: Authorization in the context of Access Control Services refers to the process of determining what actions a user is allowed to perform. This is typically based on the user’s role, responsibilities, and the principle of least privilege.

Answer 523

D. The ability to link actions to a specific user and hold them responsible for their actions Explanation: Accountability in the context of Access Control Services refers to the ability to link actions to a specific user and hold them responsible for their actions. This is typically done through the use of audit logs and other tracking mechanisms.

Answer 524

A. The process of confirming or establishing that somebody is who they claim to be Explanation: Authentication in the context of Access Control Services refers to the process of confirming or establishing that somebody is who they claim to be. This is typically done through the use of passwords, biometrics, or other forms of identification.

Answer 525

C. To prevent any single individual from being able to complete a significant process or transaction on their own Explanation: The “separation of duties” principle in access control is designed to prevent any single individual from being able to complete a significant process or transaction on their own. This reduces the risk of fraud and error.

Answer 526

B. If the SSO system is compromised, all services that use it are potentially at risk. Explanation: The main disadvantage of using a Single Sign-On (SSO) system is that if the SSO system is compromised, all services that use it are potentially at risk. This is because the attacker would have access to all the systems the user can access through the SSO system.

Answer 527

D. To provide a simple identity layer on top of the OAuth 2.0 protocol Explanation: OpenID Connect is a protocol used in Federated Identity Management (FIM) that provides a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the Identity of the end user based on the authentication performed by an authorization server.

Answer 528

C. The process of allowing different organizations to share and manage identity information Explanation: Federation in the context of Federated Identity Management (FIM) refers to the process of allowing different organizations to share and manage identity information. This allows users to use the same credentials to access services across multiple organizations.

Answer 529

B. To ensure that users only have access to the information they need to perform their job functions Explanation: The “need-to-know” principle in access control is designed to ensure that users only have access to the information they need to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 530

A. It reduces the number of passwords a user has to remember. Explanation: The main advantage of using a Single Sign-On (SSO) system is that it reduces the number of passwords a user has to remember. This not only improves user convenience but also reduces the risk of password-related security issues.

Answer 531

C. To allow third-party services to access user data without needing to know the user’s credentials Explanation: OAuth is a protocol used in Federated Identity Management (FIM) that allows third-party services to access user data without needing to know the user’s credentials.

Answer 532

C. The process of terminating access when an employee leaves the organization Explanation: Deprovisioning in the identity life cycle refers to the process of terminating access when an employee leaves the organization. This includes activities such as revoking access rights, returning equipment, and archiving user data.

Answer 533

B. The elevation of user privileges for a short period to complete necessary but infrequent tasks Explanation: Just-in-Time Access refers to the elevation of user privileges to an authorized user for a short period, so a user may complete necessary but infrequent tasks. It mitigates the need for longterm elevation of privileges, which minimizes potential security risks.

Answer 534

A. To prevent automated account creation, spam, and brute-force password decryption attacks Explanation: CAPTCHA is a security measure that works by asking a user to complete a simple test to prove they’re human and not a robot or automated program. It is used to prevent automated account creation, spam, and brute-force password decryption attacks.

Answer 535

D. All of the above Explanation: All the options listed are potential risks relating to IDaaS. These include the availability of the service, protection of critical identity data, and entrusting a third party with sensitive or proprietary data.

Answer 536

B. To provide authentication and authorization Explanation: SAML is a key protocol used in Federated Identity Management (FIM) solutions, providing both authentication and authorization.

Answer 537

B. The process of granting access to systems and data to a new employee or when an employee changes roles Explanation: Provisioning in the identity life cycle refers to the process of granting access to systems and data to a new employee or when an employee changes roles. This includes activities such as background checks, confirming skills, and Identity proofing.

Answer 538

D. Encryption Explanation: Access Control Services consist of identification, authentication, authorization, and accountability. Encryption, while a crucial aspect of security, is not a component of Access Control Services as defined in this context.

Answer 539

C. Frequent reauthentication Explanation: The primary and best way to prevent session hijacking is through frequent reauthentication. This means that a user is continually reauthenticated by the system in a manner that is transparent to the user, making it much more difficult for an attacker to compromise a user’s active session.

Answer 540

A. Security Assertion Markup Language Explanation: SAML stands for Security Assertion Markup Language. It is a key protocol used in Federated Identity Management (FIM) solutions, providing both authentication and authorization.

Answer 541

D. Maximum privilege Explanation: The fundamental principles of access control are “need to know,” “least privilege,” and “separation of duties.” The principle of “maximum privilege” does not exist in access control; it contradicts the principle of “least privilege,” which states that a user should have the minimum levels of access necessary to perform their job functions.

Answer 542

B. To control the way assets are accessed Explanation: IAM is primarily concerned with controlling how assets are accessed within an organization. It involves managing digital identities and implementing the necessary technology to improve user experience, cost control, and risk mitigation.

Answer 543

D. Though multiple systems can access the media simultaneously, the result will be a collision, which should be immediately detected. Explanation: CSMA/CD is a network protocol for carrier transmission in Ethernet networks. It allows multiple hosts to access the media simultaneously, but if a collision occurs (two devices transmit at the same time), it is detected and the transmissions are stopped to avoid corrupting data.

Answer 544

A. DAC is determined by the owner of the asset, while MAC is determined by the system based on labels. Explanation: Discretionary access control (DAC) means an asset owner determines who can access the asset; access is given at the discretion of the owner. Mandatory access control (MAC) determines access based upon the clearance level of the subject and classification, or sensitivity, of the object.

Answer 545

B. To rank the strength of authentication processes and systems Explanation: Authenticator Assurance Levels (AAL) refer to the strength of authentication processes and systems. AAL levels rank from AAL1 (least robust) to AAL3 (most robust).

Answer 546

D. To support both symmetric and asymmetric cryptography Explanation: The Secure European System for Applications in a Multivendor Environment, better known as SESAME, is an improved version of Kerberos. One of the big advantages of SESAME over Kerberos is that it supports both symmetric and asymmetric cryptography.

Answer 547

D. Though multiple systems can access the media simultaneously, the result will be a collision, which should be immediately detected. Explanation: CSMA/CD is a network protocol for carrier transmission in Ethernet networks. It allows multiple hosts to access the media simultaneously, but if a collision occurs (two devices transmit at the same time), it is detected and the transmissions are stopped to avoid corrupting data.

Answer 548

A. Cable Explanation: Layer 1 of the OSI model, the Physical Layer, deals with the physical characteristics of the network, such as the network cable. Therefore, if there’s a Layer 1 issue, it’s most likely related to the physical connection, such as the cable.

Answer 549

C. An attack that attempts to find collisions in separate messages Explanation: A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. The attack depends on finding collisions, which are two inputs producing the same hash output.

Answer 550

C. One-way math Explanation: Hashing algorithms use one-way functions, meaning the output (the hash) cannot be reversed to reveal the original input. This provides the secrecy in a hashing algorithm.

Answer 551

C. Hash the document and then encrypt the hash with the sender’s private key Explanation: Non-repudiation is achieved by creating a hash of the message and then encrypting that hash with the sender’s private key. This creates a digital signature that can be verified by anyone with the sender’s public key, proving that the message came from the sender and has not been altered.

Answer 552

D. Non-repudiation Explanation: Non-repudiation provides proof of the origin or delivery of data to protect against denial by the parties involved. In the context of email, it would provide evidence that the email was indeed sent by the claimed sender.

Answer 553

B. DES/3DES Explanation: The relationship between DES and 3DES mirrors the concept of adding complexity to encryption. 3DES, which applies the DES algorithm three times to each data block, was developed to provide a simple method of increasing the key size of DES to protect against brute-force attacks.

Answer 554

D. Session keys Explanation: The Vernam Cipher is a symmetric key cipher using a one-time pad. Modern session keys, which are used for a single session and then discarded, are based on this concept of using a key only once.

Answer 555

C. Trust describes product function; assurance describes process reliability. Explanation: Trust refers to the functionality and security features of a product, while assurance relates to the confidence in the development process, ensuring that the product functions as intended.

Answer 556

A. High Explanation: The overall categorization of a system is typically determined by the highest level of potential impact among the evaluated criteria. In this case, the high potential impact of unauthorized disclosure would define the overall categorization.

Answer 557

B. There is always a trade-off for security, so an organization has to weigh the cost vs. benefits. Explanation: Aligning security controls with business objectives ensures that security measures are balanced with the organization’s goals, resources, and risk tolerance. It helps in making informed decisions about where to invest in security.

Answer 558

A. Access control list, reference monitor Explanation: During access authorization, the conceptual ruleset defining the access rights and permissions for users and objects within a system is commonly called the access control list (ACL). The enforcement mechanism that ensures that these access controls are properly implemented and adhered to is known as the reference monitor. Therefore, the correct answer to fill in the blanks is A. Access control list, reference monitor. The other options do not accurately represent the standard terminology used in access control and authorization within information security. The security kernel is a core component of a computer’s operating system that deals with security-related functions, and the term “security enforcer” is not a standard term used in this context.

Answer 559

B. Trusted computing base Explanation: The trusted computing base (TCB) includes all the components of a system that are critical to its security, including hardware, firmware, and software. Trust in the TCB is essential for overall system security.

Answer 560

D. Segregation of duties Explanation: Segregation of duties (SoD) ensures that no single individual has control over all aspects of any critical transaction. By dividing tasks and privileges, SoD reduces the risk of a single point of failure, which can be exploited through social engineering.

Answer 561

A. Project initiation Explanation: The commitment from senior management is essential at the project initiation phase of BCP. This ensures that the project has the necessary support and resources to proceed.

Answer 562

C. Dual control Explanation: Dual control requires two or more Explanation: Dual control requires two or more individuals to perform a task, ensuring that no single person has complete control over critical functions. This can mitigate the risk associated with a single individual having access to users’ private keys.

Answer 563

A. Peer review Explanation: Open design allows for transparency and collaboration, enabling peer review of the code. This collective examination can identify and fix vulnerabilities, making the system more secure.

Answer 564

C. Trusted recovery Explanation: Trusted recovery refers to the ability of a system to respond to failures or security breaches in a manner that prevents further compromises. It ensures that the system can recover to a secure state, even after a failure or attack.

Answer 565

B. Least privilege Explanation: The principle of least privilege dictates that individuals should have only the permissions necessary to perform their job functions. This minimizes the potential damage from accidental mishaps or intentional malicious activities by limiting access rights to the bare minimum required to complete the task.

Answer 566

D. Organization’s published security policy for data classification Explanation: In a MAC system, data classifications are determined by the organization’s formal security policy. This policy defines the rules for classifying, handling, and protecting information, ensuring that data is accessed only by authorized individuals.

Answer 567

C. All access permissions should be reviewed. Explanation: When an employee transfers within an organization it’s essential to review all access an organization, it s essential to review all access permissions to ensure that they align with the new role. This helps prevent privilege creep and ensures that the employee has the appropriate access for their new position.

Answer 568

B. Identity, authentication, authorization, and auditing Explanation: The IAAA model describes the four key components of access control. Identity: Establishing who the user is Authentication: Verifying the user’s Identity Authorization: Determining what the user is allowed to do Auditing: Monitoring and recording user activities

Answer 569

B. The procedure for confirming a user’s Identity Explanation: Authentication is the process of verifying the Identity of a user, system, or device. It ensures that the entity requesting access is who or what it claims to be.

Answer 570

B. Access card and PIN Explanation: Multifactor authentication (MFA) requires the utilization of at least two distinct factors from different categories of authentication, such as something you know (knowledge), something you have (possession), and something you are (inherence). Analyzing the given options, the combination of an access card (something you have) and a PIN (something you know) represents two different categories of authentication factors. Therefore, option B, which combines an access card and a PIN, exemplifies multifactor authentication. The other options do not meet the criteria for MFA as they either combine two factors from the same category of something you have (option A), something you are (option C), or something you know (option D).

Answer 571

C. Public key Explanation: In PKI, the public key is used to encrypt messages, and only the corresponding private key can decrypt them. By sharing the public key, a user enables others to send them encrypted messages that only they can read.

Answer 572

A. Crossover error rate Explanation: The crossover error rate (CER) is a measure of the point where the false acceptance rate equals the false rejection rate. It’s a fundamental characteristic of the system and is not something that can be easily adjusted by an administrator, unlike the other rates that might be influenced by system configuration.

Answer 573

C. Privilege creep Explanation: Privilege creep occurs when individuals retain access rights after moving to a new position that does not require those rights. In an organization where reassignments are common, this can lead to employees accumulating unnecessary and potentially risky privileges.

Answer 574

C. Two-person control Explanation: Two-person control requires two individuals to approve an action before it can be carried out. In this scenario, both Bouke and his supervisor must confirm the request, ensuring a higher level of scrutiny and reducing the risk of unauthorized or accidental deletions.

Answer 575

D. DAC (discretionary access control) Explanation: Windows NTFS uses discretionary access control (DAC) by default. DAC allows the owner of the resource to determine who can access it and what permissions they have.

Answer 576

B. Authentication Server Explanation: In Kerberos, the Authentication Server is responsible for authenticating the client and issuing a Ticket Granting Ticket (TGT), which is later used to obtain service tickets from the Ticket Granting Server.

Answer 577

D. Salting Explanation: Salting involves adding random data (a “salt”) to a password before hashing it. This ensures that even if two users have the same password, their hashes will be different due to the unique salts. Salting effectively defends against rainbow table attacks, which exploit precomputed tables to reverse cryptographic hash functions.

Answer 578

C. False negative Explanation: A false negative occurs when a legitimate user is incorrectly denied access. In this scenario, Aly is a valid user, but the system incorrectly rejects his authentication attempt.

Answer 579

A. Something you know Explanation: A password is something that a user knows and can recall. It’s a knowledge-based form of authentication, as opposed to something physical (something you have), a location (somewhere you are), or a biometric characteristic (something you are).

Answer 580

A. Two-factor authentication (2FA) Explanation: Two-factor authentication (2FA) requires two separate forms of identification for access. In this case, Bouke is implementing a system that requires something the user knows (a password) and something the user has (a smartphone authenticator using TOTP). This combination of two factors enhances security by requiring both something known and something possessed, making unauthorized access more difficult. Option D, MFA, is a broader term that includes 2FA but is not as specific to this scenario.

Answer 581

C. Iris scan Explanation: Iris scans are considered one of the strongest forms of biometric authentication. They capture the unique patterns in the colored part of the eye, which are highly distinctive and stable over time. Retinal scans are also strong but are more intrusive, while fingerprint scans can be more easily spoofed. Passwords are generally considered the weakest option among these, as they can be guessed, hacked, or stolen.

Answer 582

A. Physical, D. Administrative Explanation: Access controls can be broadly categorized into three types. Technical controls: These include firewalls, encryption, and other technology-based solutions to control access to systems and data. Physical controls: These are measures like locks, gates, and turnstiles that control physical access to facilities. Administrative controls: These include policies, procedures, and guidelines that define how access is granted, reviewed, and revoked.

Answer 583

C. Reach out to the college’s verification department. Explanation: The most reliable way to verify the authenticity of a diploma is to contact the institution that supposedly issued it. In this case, reaching out to the college verification department would provide an official confirmation or denial of the diploma’s authenticity Other options are either irrelevant authenticity. Other options are either irrelevant (such as running a credit check) or less reliable (such as inspecting the paper type or contacting references).

Answer 584

A. Discretionary access control (DAC) Explanation: Discretionary access control (DAC) is an access control model where the owner of an object has complete control over who is allowed to access it. In DAC, access is typically controlled based on the Identity of the user or a group the user belongs to, so unique user identities are an essential part of this model.

Answer 585

B. Kerberos Explanation: Kerberos is a network authentication protocol that uses symmetric encryption and a ticketing system to authenticate users in a network. It relies on a trusted third party, known as the Key Distribution Center (KDC), to facilitate secure communication between entities.

Answer 586

D. Job rotation Explanation: Job rotation is the practice of periodically moving employees between different roles or responsibilities. It is used to prevent fraud or collusion by ensuring that no single individual has control over all aspects of any critical transaction. By rotating roles, it makes it more difficult for employees to engage in fraudulent activities, especially when they have worked together for an extended period.

Answer 587

C. Security through obscurity Explanation: Security through obscurity refers to a principle in security engineering where the details of a security mechanism, vulnerabilities, or the asset itself are kept secret and hidden. The belief is that if the attacker does not know the details, they will be less likely to find vulnerabilities or successfully attack the asset.

Answer 588

D. A span port Explanation: A span port, or Switched Port Analyzer port, is a designated port on a network switch used to monitor and analyze network traffic. It can be connected to an intrusion prevention system (IPS) sensor to provide the sensor with access to network data, allowing it to detect and prevent malicious activities.

Answer 589

D. The zero-knowledge proof Explanation: A zero-knowledge proof is a method by which one party can prove to another party that they know a value (such as a password) without conveying any information about that value. In the context of authentication, it enables a party to prove they know the password without revealing it.

Answer 590

B. Identification Explanation: Authentication is the process of verifying the Identity of a user, device, or other entities in a computer system, often using usernames and passwords. The identification step is crucial in this process, where the user claims an identity, typically using a username. Therefore, “identification” is the correct answer.

Answer 591

B. The process of elevating user privileges for a short period to complete necessary but infrequent tasks Explanation: Just-in-Time Access refers to the elevation of user privileges to an authorized user for a short period, so a user may complete necessary but infrequent tasks. It mitigates the need for long- but eque t tas s. t t gates t e eed o o g term elevation of privileges, which minimizes potential security risks

Answer 592

B. The implementation or integration of identity services in a cloud-based environment Explanation: Identity as a Service (IDaaS) refers to the implementation or integration of identity services in a cloud-based environment. It has a variety of capabilities, including provisioning, administration, Single Sign-On (SSO), multifactor authentication (MFA), and directory services. 101. Answer: B. The process of elevating user privileges for a short period to complete necessary but infrequent tasks Explanation: Just-in-Time Access refers to the elevation of user privileges to an authorized user for a short period, so a user may complete necessary but infrequent tasks. It mitigates the need for long- term elevation of privileges, which minimizes potential security risks

Answer 593

Answer: B. Identification Explanation: Authentication is the process of verifying the Identity of a user, device, or other entities in a computer system, often using usernames and passwords. The identification step is crucial in this process, where the user claims an identity, typically using a username. Therefore, “identification” is the correct answer.

Answer 594

Answer: A. Physical deterrent Explanation: A physical deterrent is a type of control used to discourage an attacker from proceeding with an attack. In this case, the presence of guard dogs serves as a visible obstacle, deterring the attacker from attempting to breach the premises.

Answer 595

Answer: B. Identification Explanation: Authentication is the process of verifying the Identity of a user, device, or other entities in a computer system, often using usernames and passwords. The identification step is crucial in this process, where the user claims an identity, typically using a username. Therefore, “identification” is the correct answer.

Answer 596

3. Answer: D. The zero-knowledge proof Explanation: A zero-knowledge proof is a method by which one party can prove to another party that they know a value (such as a password) without conveying any information about that value. In the context of authentication, it enables a party to prove they know the password without revealing it.

Answer 597

4. Answer: D. A span port Explanation: A span port, or Switched Port Analyzer port, is a designated port on a network switch used to monitor and analyze network traffic. It can be connected to an intrusion prevention system (IPS) sensor to provide the sensor with access to network data, allowing it to detect and prevent malicious activities.

Answer 598

5. Answer: C. Security through obscurity Explanation: Security through obscurity refers to a principle in security engineering where the details of a security mechanism, vulnerabilities, or the asset itself are kept secret and hidden. The belief is that if the attacker does not know the details, they will be less likely to find vulnerabilities or successfully attack the asset. attac t e asset.

Answer 599

6. Answer: D. Job rotation Explanation: Job rotation is the practice of periodically moving employees between different roles or responsibilities. It is used to prevent fraud or collusion by ensuring that no single individual has control over all aspects of any critical transaction. By rotating roles, it makes it more difficult for employees to engage in fraudulent activities, especially when they have worked together for an extended period.

Answer 600

7. Answer: B. Kerberos Explanation: Kerberos is a network authentication protocol that uses symmetric encryption and a ticketing system to authenticate users in a network. It relies on a trusted third party, known as the Key Distribution Center (KDC), to facilitate secure communication between entities.

Answer 601

8. Answer: A. Discretionary access control (DAC) Explanation: Discretionary access control (DAC) is an access control model where the owner of an object has complete control over who is allowed to access it. In DAC, access is typically controlled based on the Identity of the user or a group the user belongs to, so unique user identities are an essential part of this model.

Answer 602

9. Answer: C. Reach out to the college’s verification department. Explanation: The most reliable way to verify the authenticity of a diploma is to contact the institution that supposedly issued it. In this case, reaching out to the college verification department would provide an official confirmation or denial of the diploma’s authenticity Other options are either irrelevant authenticity. Other options are either irrelevant (such as running a credit check) or less reliable (such as inspecting the paper type or contacting references).

Answer 603

10.Answer: A. Physical, D. Administrative Explanation: Access controls can be broadly categorized into three types. Technical controls: These include firewalls, encryption, and other technology-based solutions to control access to systems and data. Physical controls: These are measures like locks, gates, and turnstiles that control physical access to facilities. Administrative controls: These include policies, procedures, and guidelines that define how access is granted, reviewed, and revoked.

Answer 604

11.Answer: C. Iris scan Explanation: Iris scans are considered one of the strongest forms of biometric authentication. They capture the unique patterns in the colored part of the eye, which are highly distinctive and stable over time. Retinal scans are also strong but are more intrusive, while fingerprint scans can be more easily spoofed. Passwords are generally considered the weakest option among these, as they can be guessed, hacked, or stolen.

Answer 605

12. Answer: A. Two-factor authentication (2FA) Explanation: Two-factor authentication (2FA) requires two separate forms of identification for access. In this case, Bouke is implementing a system that requires something the user knows (a password) and something the user has (a smartphone authenticator using TOTP). This combination of two factors enhances security by requiring both something known and something possessed, making unauthorized access more difficult. Option D, MFA, is a broader term that includes 2FA but is not as specific to this scenario.

Answer 606

13.Answer: A. Something you know Explanation: A password is something that a user knows and can recall. It’s a knowledge-based form of authentication, as opposed to something physical (something you have), a location (somewhere you are), or a biometric characteristic (something you are).

Answer 607

14. Answer: C. False negative Explanation: A false negative occurs when a legitimate user is incorrectly denied access. In this scenario, Aly is a valid user, but the system incorrectly rejects his authentication attempt.

Answer 608

15. Answer: D. Salting Explanation: Salting involves adding random data (a “salt”) to a password before hashing it. This ensures that even if two users have the same password, their hashes will be different due to the unique salts. Salting effectively defends against rainbow table attacks, which exploit precomputed tables to reverse cryptographic hash functions.

Answer 609

16. Answer: B. Authentication Server Explanation: In Kerberos, the Authentication Server is responsible for authenticating the client and issuing a Ticket Granting Ticket (TGT), which is later used to obtain service tickets from the Ticket Granting Server.

Answer 610

17. Answer: D. DAC (discretionary access control) Explanation: Windows NTFS uses discretionary access control (DAC) by default. DAC allows the owner of the resource to determine who can access it and what permissions they have.

Answer 611

18. Answer: C. Two-person control Explanation: Two-person control requires two individuals to approve an action before it can be carried out. In this scenario, both Bouke and his supervisor must confirm the request, ensuring a higher level of scrutiny and reducing the risk of unauthorized or accidental deletions.

Answer 612

19. Answer: C. Privilege creep Explanation: Privilege creep occurs when individuals retain access rights after moving to a new position that does not require those rights. In an organization where reassignments are common, this can lead to employees accumulating unnecessary and potentially risky privileges.

Answer 613

20. Answer: A. Crossover error rate Explanation: The crossover error rate (CER) is a measure of the point where the false acceptance rate equals the false rejection rate. It’s a fundamental characteristic of the system and is not something that can be easily adjusted by an administrator, unlike the other rates that might be influenced by system configuration.

Answer 614

21. Answer: C. Public key Explanation: In PKI, the public key is used to encrypt messages, and only the corresponding private key can decrypt them. By sharing the public key, a user enables others to send them encrypted messages that only they can read.

Answer 615

22. Answer: B. Access card and PIN Explanation: Multifactor authentication (MFA) requires the utilization of at least two distinct factors from different categories of authentication, such as something you know (knowledge), something you have (possession), and something you are (inherence). Analyzing the given options, the combination of an access card (something you have) and a PIN (something you know) represents two different categories of authentication factors. Therefore, option B, which combines an access card and a PIN, exemplifies multifactor authentication. The other options do not meet the criteria for MFA as they either combine two factors from the same category of something you have (option A), something you are (option C), or something you know (option D).

Answer 616

23. Answer: B. The procedure for confirming a user’s Identity Explanation: Authentication is the process of verifying the Identity of a user, system, or device. It ensures that the entity requesting access is who or what it claims to be.

Answer 617

24. Answer: B. Identity, authentication, authorization, and auditing Explanation: The IAAA model describes the four key components of access control. Identity: Establishing who the user is Authentication: Verifying the user’s Identity Authorization: Determining what the user is allowed to do Auditing: Monitoring and recording user activities

Answer 618

25. Answer: C. All access permissions should be reviewed. Explanation: When an employee transfers within an organization it’s essential to review all access an organization, it s essential to review all access permissions to ensure that they align with the new role. This helps prevent privilege creep and ensures that the employee has the appropriate access for their new position.

Answer 619

26. Answer: D. Organization’s published security policy for data classification Explanation: In a MAC system, data classifications are determined by the organization’s formal security policy. This policy defines the rules for classifying, handling, and protecting information, ensuring that data is accessed only by authorized individuals.

Answer 620

27. Answer: B. Least privilege Explanation: The principle of least privilege dictates that individuals should have only the permissions necessary to perform their job functions. This minimizes the potential damage from accidental mishaps or intentional malicious activities by limiting access rights to the bare minimum required to complete the task.

Answer 621

28. Answer: C. Trusted recovery Explanation: Trusted recovery refers to the ability of a system to respond to failures or security breaches in a manner that prevents further compromises. It ensures that the system can recover to a secure state, even after a failure or attack.

Answer 622

29. Answer: A. Peer review Explanation: Open design allows for transparency and collaboration, enabling peer review of the code. This collective examination can identify and fix vulnerabilities, making the system more secure.

Answer 623

30. Answer: C. Dual control Explanation: Dual control requires two or more Explanation: Dual control requires two or more individuals to perform a task, ensuring that no single person has complete control over critical functions. This can mitigate the risk associated with a single individual having access to users’ private keys.

Answer 624

31. Answer: A. Project initiation Explanation: The commitment from senior management is essential at the project initiation phase of BCP. This ensures that the project has the necessary support and resources to proceed.

Answer 625

32. Answer: D. Segregation of duties Explanation: Segregation of duties (SoD) ensures that no single individual has control over all aspects of any critical transaction. By dividing tasks and privileges, SoD reduces the risk of a single point of failure, which can be exploited through social engineering.

Answer 626

33. Answer: B. Trusted computing base Explanation: The trusted computing base (TCB) includes all the components of a system that are critical to its security, including hardware, firmware, and software. Trust in the TCB is essential for overall system security.

Answer 627

34. Answer: A. Access control list, reference monitor Explanation: During access authorization, the conceptual ruleset defining the access rights and permissions for users and objects within a system is commonly called the access control list (ACL). The enforcement mechanism that ensures that these access controls are properly implemented and adhered to is known as the reference monitor. Therefore, the correct answer to fill in the blanks is A. Access control list, reference monitor. The other options do not accurately represent the standard terminology used in access control and authorization within information security. The security kernel is a core component of a computer’s operating system that deals with security-related functions, and the term “security enforcer” is not a standard term used in this context.

Answer 628

35. Answer: B. There is always a trade-off for security, so an organization has to weigh the cost vs. benefits. Explanation: Aligning security controls with business objectives ensures that security measures are balanced with the organization’s goals, resources, and risk tolerance. It helps in making informed decisions about where to invest in security.

Answer 629

36. Answer: A. High Explanation: The overall categorization of a system is typically determined by the highest level of potential impact among the evaluated criteria. In this case, the high potential impact of unauthorized disclosure would define the overall categorization.

Answer 630

37. Answer: C. Trust describes product function; assurance describes process reliability. Explanation: Trust refers to the functionality and security features of a product, while assurance relates to the confidence in the development process, ensuring that the product functions as intended.

Answer 631

38. Answer: D. Session keys Explanation: The Vernam Cipher is a symmetric key cipher using a one-time pad. Modern session keys, which are used for a single session and then discarded, are based on this concept of using a key only once.

Answer 632

39. Answer: B. DES/3DES Explanation: The relationship between DES and 3DES mirrors the concept of adding complexity to encryption. 3DES, which applies the DES algorithm three times to each data block, was developed to provide a simple method of increasing the key size of DES to protect against brute-force attacks.

Answer 633

40.Answer: D. Non-repudiation Explanation: Non-repudiation provides proof of the origin or delivery of data to protect against denial by the parties involved. In the context of email, it would provide evidence that the email was indeed sent by the claimed sender.

Answer 634

41. Answer: C. Hash the document and then encrypt the hash with the sender’s private key Explanation: Non-repudiation is achieved by creating a hash of the message and then encrypting that hash with the sender’s private key. This creates a digital signature that can be verified by anyone with the sender’s public key, proving that the message came from the sender and has not been altered.

Answer 635

42.Answer: C. One-way math Explanation: Hashing algorithms use one-way functions, meaning the output (the hash) cannot be reversed to reveal the original input. This provides the secrecy in a hashing algorithm.

Answer 636

43. Answer: C. An attack that attempts to find collisions in separate messages Explanation: A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. The attack depends on finding collisions, which are two inputs producing the same hash output.

Answer 637

44. Answer: A. Cable Explanation: Layer 1 of the OSI model, the Physical Layer, deals with the physical characteristics of the network, such as the network cable. Therefore, if there’s a Layer 1 issue, it’s most likely related to the physical connection, such as the cable.

Answer 638

45. Answer: D. Though multiple systems can access the media simultaneously, the result will be a collision, which should be immediately detected. Explanation: CSMA/CD is a network protocol for carrier transmission in Ethernet networks. It allows multiple hosts to access the media simultaneously, but if a collision occurs (two devices transmit at the same time), it is detected and the transmissions are stopped to avoid corrupting data.

Answer 639

46. Answer: B. Elasticity Explanation: Elasticity in cloud computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak loads. It allows resources to be provisioned and deprovisioned automatically as the demand changes.

Answer 640

47. Answer: B. To control the way assets are accessed Explanation: IAM is primarily concerned with controlling how assets are accessed within an organization. It involves managing digital identities and implementing the necessary technology to improve user experience, cost control, and risk mitigation.

Answer 641

48. Answer: D. Maximum privilege Explanation: The fundamental principles of access control are “need to know,” “least privilege,” and “separation of duties.” The principle of “maximum privilege” does not exist in access control; it contradicts the principle of “least privilege,” which states that a user should have the minimum levels of access necessary to perform their job functions.

Answer 642

49. Answer: A. Security Assertion Markup Language Explanation: SAML stands for Security Assertion Markup Language. It is a key protocol used in Federated Identity Management (FIM) solutions, providing both authentication and authorization.

Answer 643

50. Answer: C. Frequent reauthentication Explanation: The primary and best way to prevent session hijacking is through frequent reauthentication. This means that a user is continually reauthenticated by the system in a manner that is transparent to the user, making it much more difficult for an attacker to compromise a user’s active session.

Answer 644

51.Answer: D. Encryption Explanation: Access Control Services consist of identification, authentication, authorization, and accountability. Encryption, while a crucial aspect of security, is not a component of Access Control Services as defined in this context.

Answer 645

52. Answer: B. The process of granting access to systems and data to a new employee or when an employee changes roles Explanation: Provisioning in the identity life cycle refers to the process of granting access to systems and data to a new employee or when an employee changes roles. This includes activities such as background checks, confirming skills, and Identity proofing.

Answer 646

53.Answer: B. To provide authentication and authorization Explanation: SAML is a key protocol used in Federated Identity Management (FIM) solutions, providing both authentication and authorization.

Answer 647

54. Answer: D. All of the above Explanation: All the options listed are potential risks relating to IDaaS. These include the availability of the service, protection of critical identity data, and entrusting a third party with sensitive or proprietary data.

Answer 648

55. Answer: A. To prevent automated account creation, spam, and brute-force password decryption attacks Explanation: CAPTCHA is a security measure that works by asking a user to complete a simple test to prove they’re human and not a robot or automated program. It is used to prevent automated account creation, spam, and brute-force password decryption attacks.

Answer 649

56. Answer: B. The elevation of user privileges for a short period to complete necessary but infrequent tasks Explanation: Just-in-Time Access refers to the elevation of user privileges to an authorized user for a short period, so a user may complete necessary but infrequent tasks. It mitigates the need for long term elevation of privileges, which minimizes potential security risks.

Answer 650

57. Answer: C. The process of terminating access when an employee leaves the organization Explanation: Deprovisioning in the identity life cycle refers to the process of terminating access when an employee leaves the organization. This includes activities such as revoking access rights, returning equipment, and archiving user data.

Answer 651

58.Answer: C. To allow third-party services to access user data without needing to know the user’s credentials Explanation: OAuth is a protocol used in Federated Identity Management (FIM) that allows third-party services to access user data without needing to know the user’s credentials.

Answer 652

59.Answer: A. It reduces the number of passwords a user has to remember. Explanation: The main advantage of using a Single Sign-On (SSO) system is that it reduces the number of passwords a user has to remember. This not only improves user convenience but also reduces the risk of password-related security issues.

Answer 653

60. Answer: B. To ensure that users only have access to the information they need to perform their job functions Explanation: The “need-to-know” principle in access control is designed to ensure that users only have access to the information they need to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 654

61. Answer: C. The process of allowing different organizations to share and manage identity information Explanation: Federation in the context of Federated Identity Management (FIM) refers to the process of allowing different organizations to share and manage identity information. This allows users to use the same credentials to access services across multiple organizations.

Answer 655

62. Answer: D. To provide a simple identity layer on top of the OAuth 2.0 protocol Explanation: OpenID Connect is a protocol used in Federated Identity Management (FIM) that provides a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the Identity of the end user based on the authentication performed by an authorization server.

Answer 656

63. Answer: B. If the SSO system is compromised, all services that use it are potentially at risk. Explanation: The main disadvantage of using a Single Sign-On (SSO) system is that if the SSO system is compromised, all services that use it are potentially at risk. This is because the attacker would have access to all the systems the user can access through the SSO system.

Answer 657

64. Answer: C. To prevent any single individual from being able to complete a significant process or transaction on their own Explanation: The “separation of duties” principle in access control is designed to prevent any single individual from being able to complete a significant process or transaction on their own. This reduces the risk of fraud and error.

Answer 658

65. Answer: A. The process of confirming or establishing that somebody is who they claim to be Explanation: Authentication in the context of Access Control Services refers to the process of confirming or establishing that somebody is who they claim to be. This is typically done through the use of passwords, biometrics, or other forms of identification.

Answer 659

66. Answer: D. The ability to link actions to a specific user and hold them responsible for their actions Explanation: Accountability in the context of Access Control Services refers to the ability to link actions to a specific user and hold them responsible for their actions. This is typically done through the use of audit logs and other tracking mechanisms.

Answer 660

67. Answer: B. The process of determining what actions a user is allowed to perform Explanation: Authorization in the context of Access Control Services refers to the process of determining what actions a user is allowed to perform. This is typically based on the user’s role, responsibilities, and the principle of least privilege.

Answer 661

68. Answer: B. It allows users to use the same credentials to access services across multiple organizations. Explanation: The main advantage of using a Federated Identity Management (FIM) system is that it allows users to use the same credentials to access services across multiple organizations. This not only improves user convenience but also reduces the risk of password-related security issues.

Answer 662

69. Answer: B. To ensure that users only have the minimum levels of access necessary to perform their job functions Explanation: The “least privilege” principle in access control is designed to ensure that users only have the minimum levels of access necessary to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 663

70. Answer: A. The process of a user claiming or professing an identity Explanation: Identification in the context of Access Control Services refers to the process of a user claiming or professing an identity. This is typically the first step in the authentication process.

Answer 664

71. Answer: D. A cloud-based service that provides Identity and Access Management functions to an organization’s systems that reside on-premises and/or in the cloud Explanation: Identity as a Service (IDaaS) refers to a cloud-based service that provides Identity and Access Management functions to an organization’s systems that reside on-premises and/or in the cloud. It is typically used by organizations that want to outsource their identity services to a third-party provider.

Answer 665

72. Answer: D. To provide a secure method for transmitting information and authenticating both the user and the server Explanation: Kerberos is a network authentication protocol that provides a secure method for transmitting information and authenticating both the user and the server. It uses secret-key cryptography to prevent eavesdropping and replay attacks.

Answer 666

73. Answer: B. If the FIM system is compromised, all services that use it are potentially at risk. Explanation: The main disadvantage of using a Federated Identity Management (FIM) system is that if the FIM system is compromised, all services that use it are potentially at risk. This is because the attacker would have access to all the systems the user can access through the FIM system user can access through the FIM system.

Answer 667

74. Answer: D. To ensure that actions can be traced back to the individual who performed them Explanation: The “accountability” principle in access control is designed to ensure that actions can be traced back to the individual who performed them. This is typically done through the use of audit logs and other tracking mechanisms.

Answer 668

75. Answer: B. The use of physical or behavioral characteristics to verify a user’s Identity Explanation: Biometrics in the context of authentication systems refers to the use of physical or behavioral characteristics to verify a user’s Identity. This can include fingerprints, facial recognition, voice recognition, and other unique characteristics.

Answer 669

76. Answer: C. The process of verifying a user’s claimed Identity by comparing it against one or more reliable sources Explanation: Identity proofing in the context of IAM refers to the process of verifying a user’s claimed Identity by comparing it against one or more reliable sources. This is typically done as part of the onboarding process when a new account is created.

Answer 670

77. Answer: C. The process of allowing different organizations to share and manage identity information Explanation: Identity Federation in the context of IAM refers to the process of allowing different organizations to share and manage identity information. This allows users to use the same credentials to access services across multiple organizations.

Answer 671

78. Answer: B. To provide a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service Explanation: RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 672

79. Answer: B. If the biometric data is compromised, it cannot be changed like a password. Explanation: The main disadvantage of using biometric authentication systems is that if the biometric data is compromised, it cannot be changed like a password. This can lead to serious security issues.

Answer 673

80. Answer: D. To ensure that actions can be definitively traced back to the individual who performed them, and they cannot deny performing them Explanation: The “non-repudiation” principle in access control is designed to ensure that actions can be definitively traced back to the individual who performed them, and they cannot deny performing them. This is typically important in legal contexts where proof of action is required.

Answer 674

81. Answer: B. The use of two or more independent credentials for verifying a user’s Identity Explanation: Multifactor authentication (MFA) in the context of authentication systems refers to the use of two or more independent credentials for verifying a user’s Identity. This typically involves a combination of something the user knows (like a password), something the user has (like a smart card), and something the user is (like a biometric trait).

Answer 675

82. Answer: B. The stages a digital identity goes through from creation to deletion Explanation: The identity life cycle in the context of IAM refers to the stages a digital identity goes through from creation to deletion. This includes processes such as provisioning, managing, and deprovisioning identities.

Answer 676

83. Answer: B. To provide a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service Explanation: TACACS+ (Terminal Access Controller Access Control System Plus) is a networking protocol that offers centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 677

84. Answer: B. Passwords can be easily forgotten, shared, or stolen Explanation: The main disadvantage of using password-based authentication systems is that passwords can be easily forgotten, shared, or stolen. This can lead to unauthorized access and other security issues.

Answer 678

85. Answer: B. To ensure that users only have the minimum levels of access necessary to perform their job functions Explanation: The “principle of least privilege” in access control is designed to ensure that users only have the minimum levels of access necessary to perform their job functions. This minimizes the risk of unauthorized access and data breaches.

Answer 679

87. Answer: B. The process of setting up a new user account with appropriate access rights Explanation: Provisioning in the context of IAM refers to the process of setting up a new user account with appropriate access rights. This includes activities such as creating the user’s account, assigning roles, and granting access to resources.

Answer 680

88. Answer: B. To provide a standard for exchanging authentication and authorization data between parties Explanation: SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between parties. It is commonly used in Single Sign-On (SSO) and Federated Identity Management (FIM) systems.

Answer 681

89. Answer: B. It can be difficult to manage if roles are not clearly defined or if users have multiple roles. Explanation: The main disadvantage of using role based access control systems is that it can be difficult to manage if roles are not clearly defined or if users have multiple roles. This can lead to users having more access rights than they need, which can increase the risk of unauthorized access and data breaches. Answer: B. To enforce access control policies based

Answer 682

91. Answer: B. A flexible access control method where access rights are granted to users through the use of policies which combine attributes together Explanation: Attribute-based access control (ABAC) in the context of access control systems refers to a flexible access control method where access rights are granted to users through the use of policies which combine attributes together. These attributes can be associated with the user, the object to be accessed, or the environment.

Answer 683

92. Answer: B. The process of removing an existing user account and its associated access rights Explanation: Deprovisioning in the context of IAM refers to the process of removing an existing user account and its associated access rights. This is typically done when an employee leaves an organization or changes roles.

Answer 684

93. Answer: B. To provide a standard for authorizing third-party applications to access user data without sharing passwords Explanation: OAuth (Open Authorization) is a standard for authorizing third-party applications to access user data without sharing passwords. It is commonly used in scenarios where you want to give an application access to your data without giving it your password.

Answer 685

94. Answer: B. It can lead to “privilege creep” if access rights are not regularly reviewed and updated. Explanation: The main disadvantage of using discretionary access control systems is that it can lead to “privilege creep” if access rights are not regularly reviewed and updated. Privilege creep occurs when users accumulate more privileges than they need to perform their job functions, which can increase the risk of unauthorized access and data breaches.

Answer 686

95. Answer: B. To allow the owners of information to control who can access their information Explanation: Discretionary access control is a type of access control that allows the owners of information to control who can access their information. It is commonly used in environments where information sharing is encouraged, but control is still required.

Answer 687

96. Answer: B. The act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources Explanation: Privilege escalation in the context of access control systems refers to the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources. This is a common technique used in cyberattacks to gain unauthorized access to systems.

Answer 688

97. Answer: D. To support both symmetric and asymmetric cryptography Explanation: The Secure European System for Applications in a Multivendor environment, better known as SESAME, is an improved version of Kerberos. One of the big advantages of SESAME over Kerberos is that it supports both symmetric and asymmetric cryptography.

Answer 689

98. Answer: B. To rank the strength of authentication processes and systems Explanation: Authenticator Assurance Levels (AAL) refer to the strength of authentication processes and systems. AAL levels rank from AAL1 (least robust) to AAL3 (most robust).

Answer 690

99. Answer: A. DAC is determined by the owner of the asset, while MAC is determined by the system based on labels. Explanation: Discretionary access control (DAC) means an asset owner determines who can access the asset; access is given at the discretion of the owner. Mandatory access control (MAC) determines access based upon the clearance level of the subject and classification, or sensitivity, of the object.

Answer 691

100. Answer: B. The implementation or integration of identity services in a cloud-based environment Explanation: Identity as a Service (IDaaS) refers to the implementation or integration of identity services in a cloud-based environment. It has a variety of capabilities, including provisioning, administration, Single Sign-On (SSO), multifactor authentication (MFA), and directory services.

Answer 692

101. Answer: B. The process of elevating user privileges for a short period to complete necessary but infrequent tasks Explanation: Just-in-Time Access refers to the elevation of user privileges to an authorized user for a short period, so a user may complete necessary but infrequent tasks. It mitigates the need for long-term elevation of privileges, which minimizes potential security risks

Answer 693

C. Acceptance testing is designed to ensure the software meets the customer's operational requirements. Incorrect answers and explanations: Answers A, B, and D are incorrect. Integration testing examines multiple software components as they are combined into a working system. Installation testing examines software as it is installed and first operated. Unit testing is a low-level test of software components, such as functions, procedures, or objects.

Answer 694

A. Combinatorial software testing is a black box testing method that seeks to identify and test all unique combinations of software inputs. Incorrect answers and explanations: Answers B, C, and D are incorrect. Dynamic testing examines code while executing it. Misuse case testing formally models how security would be impacted by an adversary abusing the application. Static testing examines the code passively; the code is not running. This form of testing includes walkthroughs, syntax checking, and code reviews.

Answer 695

D. A flag is a dummy file containing no regulated or sensitive data. It is placed in the same area of the system as the credit card data and protected with the same permissions. If the tester can read and/or write to that file, then they prove they could have done the same to the credit card data.Incorrect answers and explanations: Answers A, B, and C are incorrect. Answer A is a vulnerability assessment, not a penetration test. Answers B and C are dangerous and could involve unauthorized access of regulated data, such as health care records.

Answer 696

B. Fuzzing is a black-box testing method that does not require access to source code.Incorrect answers and explanations: Answers A, C, and D are incorrect. All are static methods that require access to source code.

Answer 697

C. Attackers will often act more maliciously if they believe they have been discovered, sometimes violating data and system integrity. The integrity of the system is at risk in this case, and the penetration tester should end the penetration test and immediately escalate the issue. Incorrect answers and explanations: Answers A, B, and D are incorrect. The client must be notified immediately, as incident handling is not the penetration tester's responsibility

Answer 698

Answer: C. To identify weaknesses in a system without exploiting them Explanation: A vulnerability assessment aims to identify vulnerabilities in a system, application, or network without actually exploiting them. This is different from a penetration test, which attempts to exploit the vulnerabilities.

Answer 699

Answer: B. Knowledge of the system’s architecture and design Explanation: In a white box test, the tester has knowledge of the system’s architecture and design, whereas in a black box test, the tester has no such knowledge and tests the system from an outsider’s perspective.

Answer 700

Answer: C. Reconnaissance Explanation: The reconnaissance phase of penetration testing involves collecting information about the target system, often without directly interacting with it. This phase helps the tester understand the system and identify potential vulnerabilities.

Answer 701

Answer: C. Report the vulnerability to the organization. Explanation: Even if the tester cannot exploit a vulnerability, it’s essential to report it to the organization. This allows the organization to take corrective measures and ensure that potential attackers cannot exploit the vulnerability in the future.

Answer 702

Answer: C. An identified vulnerability that does not actually exist Explanation: A false positive refers to a situation where a security testing tool or process identifies a vulnerability that, upon further investigation, does not actually exist. It’s an erroneous alert that can lead to wasted resources if not correctly identified.

Answer 703

Answer: C. Denial of service (DoS) Explanation: IP spoofing is a technique where an attacker sends IP packets from a false source address. This is often used in denial-of-service (DoS) attacks to mask the true origin of the attack and to amplify the attack by involving innocent third-party systems.

Answer 704

Answer: C. Session hijacking focuses on the TCP connection between the client and the server. If an attacker discerns the initial sequence, they can potentially take over the connection. Explanation: Session hijacking, also known as session takeover, involves an attacker taking over a user’s session. The primary target is the TCP connection. By predicting or intercepting the session token, an attacker can impersonate the victim and hijack their session.

Answer 705

Answer: B. Initiate an employee training and awareness campaign. Explanation: While all the options have their merits, the most effective way to combat email scams, such as phishing, is through user education. Training employees to recognize and avoid suspicious emails can significantly reduce the risk of successful attacks.

Answer 706

Answer: D. Conduct oneself with honor, honesty, justice, responsibility, and within the bounds of the law. Explanation: The ISC2 Code of Ethics emphasizes professional and ethical behavior. The mentioned statement aligns with the principles set forth by ISC2 for its members.

Answer 707

Answer: A. Internal employees Explanation: Insiders, or internal employees, often have access to sensitive information and systems. Their familiarity with the organization’s infrastructure and potential grievances can make them a significant threat.

Answer 708

Answer: B. Trace evidence always exists. Explanation: Locard’s exchange principle posits that every contact leaves a trace. This means that whenever two objects come into contact, there will always be an exchange of material.

Answer 709

Answer: D. The International Organization on Computer Evidence Explanation: The International Organization on Computer Evidence (IOCE) was established to provide international standards for digital evidence handling and processing.

Answer 710

Answer: D. Justified Explanation: Evidence must be relevant, properly preserved, and identifiable to be admissible in court. “Justified” is not a criterion for evidence admissibility.

Answer 711

Answer: B. Inadmissible in court Explanation: Hearsay evidence refers to statements made outside of court that are presented as evidence for the truth of the matter asserted in the statement. Generally, hearsay is not admissible in court unless it falls under specific exceptions.

Answer 712

Answer: B. Their primary objective is to avoid causing harm. Explanation: Ethical hackers, also known as “white hat” hackers, are professionals who test systems for vulnerabilities with the intent of identifying and fixing them, not exploiting them. They operate with permission and aim to improve security without causing harm.

Answer 713

Answer: C. Random Access Memory (RAM) content Explanation: The contents of RAM are volatile, meaning they are lost when the power is turned off. RAM can contain valuable information such as encryption keys, running processes, and other transient data. Therefore, it’s crucial to capture this information first before it’s lost.

Answer 714

Answer: D. A scanner for system vulnerabilities Explanation: SATAN (Security Administrator Tool for Analyzing Networks) is a tool designed to detect vulnerabilities in computer networks. It helps administrators identify potential security risks in their systems.

Answer 715

Answer: B. Generate a bit-by-bit copy. Explanation: In computer forensics, it’s essential to make a bit-level copy (or bit-by-bit copy) of the original evidence to ensure that all data, including deleted files and slack space, is captured. This ensures the integrity of the evidence and allows for a thorough investigation.

Answer 716

Answer: A. White box testing Explanation: White box testing, also known as clear box testing, is a method where the tester has complete knowledge of the system’s internals. In the context of penetration testing, it simulates what insiders with knowledge of the system can access and potentially exploit.

Answer 717

Answer: B. Phreakers Explanation: Phreakers are individuals who manipulate telecommunication systems, especially to make free calls. They have historically been associated with exploring and exploiting the vulnerabilities of PBX (Private Branch Exchange) systems and other telecommunication platforms.

Answer 718

Answer: A. Validation checks if the right product is being built, while verification checks if the product is being built correctly. Explanation: Validation is concerned with answering the question: Is the right product being built? Verification follow validation and is the process that confirms an application or product is being built correctly.

Answer 719

Answer: C. To throw randomness at an application to see how it responds and where it might “break” Explanation: Fuzz testing involves throwing randomness at an application to see how it responds and where it might “break.” It is a form of dynamic testing.

Answer 720

Answer: B. A vulnerability assessment only identifies potential vulnerabilities, while a penetration test identifies potential vulnerabilities and attempts to exploit them. Explanation: Both processes start the same way as they seek to identify potential vulnerabilities. However, with a vulnerability assessment, once vulnerabilities are noted, no further action is taken apart from producing a report of findings. A penetration test goes an essential step further: after identifying vulnerabilities, an attempt is made to exploit each vulnerability.

Answer 721

Answer: A. Credentialed/authenticated scans and uncredentialed/unauthenticated scans Explanation: There are two primary types of vulnerability scans: credentialed/authenticated scans and uncredentialed/unauthenticated scans.

Answer 722

Answer: A. To ensure that security requirements/controls are defined, tested, and operating effectively Explanation: Security assessment and testing ensure that security requirements/controls are defined, tested, and operating effectively. It applies to the development of new applications and systems as well as the ongoing operations, including end of life, related to assets.

Answer 723

Answer: A. SOC 1 reports focus on financial reporting risks, while SOC 2 reports focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy. Explanation: SOC 1 reports are quite basic and focus on financial reporting risks. SOC 2 reports are much more involved and focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy.

Answer 724

Answer: A. Positive testing checks if the system is working as expected and designed, negative testing checks the system’s response to normal errors, and misuse testing applies the perspective of someone trying to break or attack the system. Explanation: Positive testing focuses on the response of a system based on normal usage and expectations, checking if the system is working as expected and designed. Negative testing focuses on the response of a system when normal errors are introduced. Misuse testing applies the perspective of someone trying to break or attack the system.

Answer 725

Answer: A. To verify that previously tested and functional software still works after updates have been made Explanation: Regression testing is the process of verifying that previously tested and functional software still works after updates have been made. It should be performed after enhancements have been made or after patches to address vulnerabilities or problems have been issued.

Answer 726

Answer: C. The amount of code covered divided by the total amount of code in the application Explanation: Test coverage refers to the relationship between the amount of source code in a given application and the percentage of code that has given application and the percentage of code that has been covered by the completed tests. It is a simple mathematical formula: amount of code covered/total amount of code in application = test coverage percent.

Answer 727

Answer: A. STRIDE and PASTA Explanation: Two well-known and often-used threat modeling methodologies are STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-Service, Elevation of privilege) and PASTA (Process for Attack Simulation and Threat Analysis).

Answer 728

Answer: B. SAST tests the underlying source code of an application, while DAST tests an application while it’s running. Explanation: With Static Application Security Testing (SAST), an application is not running, and it’s the underlying source code that is being examined. With Dynamic Application Security Testing (DAST), an application is running, and the focus is on the application and system as the underlying code executes.

Answer 729

Answer: A. False positives and false negatives Explanation: With any type of monitoring system, two types of alerts often show up: false positives, where the system claims a vulnerability exists, but there is none, and false negatives, where the system says everything is fine, but a vulnerability exists.

Answer 730

Answer: C. To identify errors and anomalies that point to problems, modifications, or breaches Explanation: Log review and analysis is a best practice that should be used in every organization. Logs should include what is relevant, be proactively reviewed, and be especially scrutinized for errors and anomalies that point to problems, modifications, or breaches.

Answer 731

Answer: A. A Type 1 report focuses on the design of controls at a point in time, while a Type 2 report examines the design of a control and its operating effectiveness over a period of time. Explanation: A Type 1 report focuses on the design of controls at a point in time. A Type 2 report examines not only the design of a control but, more importantly, the operating effectiveness over a period of time, typically a year.

Answer 732

Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security audit is a systematic, measurable technical assessment of how the organization’s security policy is employed. It is used to ensure that security controls are operating effectively and as designed.

Answer 733

Answer: A. In a white box test, the tester has full knowledge of the system being tested, while in a black box test, the tester has no knowledge of the system. Explanation: In a white box test, the tester has full knowledge of the system being tested, including source code, architecture, and both the software and hardware involved. In a black box test, the tester has no knowledge of the system being tested.

Answer 734

Answer: A. To identify potential vulnerabilities in the code Explanation: A code review is a systematic examination of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills. In the context of security, it is used to identify potential vulnerabilities in the code.

Answer 735

Answer: A. A credentialed scan is performed with system-level access, while an uncredentialed scan is performed without system-level access. Explanation: A credentialed scan is performed with system-level access, and it can see everything that is happening on a given host. An uncredentialed scan is performed without system-level access, and it can only see what is visible on the network.

Answer 736

Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security control self-assessment is a process where an organization evaluates its own security controls to ensure they are operating effectively and as designed. It is a proactive measure to identify any potential issues before they become problems.

Answer 737

Answer: A. To focus testing efforts on areas of greatest risk Explanation: A risk-based approach to security testing allows an organization to focus its testing efforts on the areas of greatest risk. This approach ensures that resources are used effectively and that high-risk areas receive the attention they require.

Answer 738

Answer: B. To protect the system against potential threats Explanation: A security control is a safeguard or countermeasure designed to avoid, counteract, or minimize security risks. In the context of an organization’s security strategy, the purpose of a security control is to protect the system against potential threats.

Answer 739

Answer: A. A false positive is when the system claims a vulnerability exists, but there is none, while a false negative is when the system says everything is fine, but a vulnerability exists. Explanation: A false positive is when the system claims a vulnerability exists, but there is none. This can lead to wasted resources as teams investigate nonexistent issues. A false negative is when the system says everything is fine, but a vulnerability exists. This can lead to undetected breaches and significant damage.

Answer 740

Answer: B. To provide a starting point for the implementation of security controls Explanation: A security control baseline provides a set of basic controls that an organization can use as a starting point for their security strategy. It provides a foundation upon which additional, more specific controls can be built based on the organization’s unique risks and requirements.

Answer 741

Answer: B. To simulate potential attack scenarios and analyze threats Explanation: The Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology that aims to provide a dynamic threat identification, enumeration, and scoring process. It simulates potential attack scenarios and analyzes threats in a structured and methodical way.

Answer 742

Answer: A. A Type 1 report focuses on the design of controls at a point in time, while a Type 3 report examines the design of a control and its operating effectiveness over a period of time. Explanation: A Type 1 SOC report focuses on the design of controls at a point in time. A Type 3 SOC report, on the other hand, examines not only the design of a control but also its operating effectiveness over a period of time.

Answer 743

Answer: B. To categorize potential threats to the system Explanation: The STRIDE methodology is a threat modeling technique used to categorize potential threats to a system. It stands for Spoofing, Tampering, repudiation, Information disclosure, Denial-of-Service, and Elevation of privilege.

Answer 744

Answer: A. A Type 2 report examines the design of a control and its operating effectiveness over a period of time, while a Type 3 report focuses on the design of controls at a point in time. Explanation: A Type 2 SOC report examines not only the design of a control but also its operating effectiveness over a period of time. A Type 3 SOC report, on the other hand, focuses on the design of controls at a point in time.

Answer 745

Answer: A. RUM is a passive monitoring technique that monitors user interactions and activity with a website or application. Explanation: Real User Monitoring (RUM) is a passive monitoring technique that monitors user interactions and activity with a website or application. It provides insights in

Answer 746

Answer: B. Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Explanation: Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Test scripts for each type of functionality can be created and then run at any time.

Answer 747

Answer: A. CVE is a list of records for publicly known cybersecurity vulnerabilities. Explanation: CVE, also known as Common Vulnerabilities and Exposures dictionary, is “a list of records – each containing an identification number, a description, and at least one public reference – for publicly known cybersecurity vulnerabilities.”

Answer 748

Answer: A. SAST involves examining the underlying source code when an application is not running, while DAST involves focusing on the application and system as the underlying code executes when an application is running. Explanation: Static Application Security Testing (SAST) involves examining the underlying source code when an application is not running. This is a form of white box testing. Dynamic Application Security Testing (DAST), on the other hand, involves focusing on the application and system as the underlying code executes when an application is running. This is a form of black box testing.

Answer 749

Answer: A. Blind testing involves the assessor being given little to no information about the target being tested, while double-blind testing involves the assessor and the IT and Security Operations teams being given little to no information about the upcoming tests. Explanation: In blind testing, the assessor is given little to no information about the target being tested. In double-blind testing, not only is the assessor given little to no information about the target, but the IT and Security Operations teams are also not informed about the upcoming tests.

Answer 750

Answer: A. Circular overwrite limits the maximum size of a log file by overwriting entries, starting from the earliest, while clipping levels focus on when to log a given event based upon threshold settings. Explanation: Circular overwrite is a method of log file management that limits the maximum size of a log file by overwriting entries, starting from the earliest. Clipping levels, on the other hand, focus on when to log a given event based upon threshold settings, which can also help limit log file sizes.

Answer 751

Answer: B. Internal, external, and third party Explanation: The three types of audit strategies mentioned are internal, external, and third party. Each of these strategies has a different focus and is used in different contexts within an organization’s overall audit strategy.

Answer 752

Answer: A. Black box, white box, dynamic, static, manual, automated, structural, functional, negative Explanation: The types of coverage testing that you need to explain for the CISSP exam are black box, white box, dynamic, static, manual, automated, structural, functional, and negative.

Answer 753

Answer: A. Awareness refers to the “what” of an organization’s policy or procedure, training refers to the “how,” and education refers to the “why.” Explanation: Awareness refers to the “what” of an organization’s policy or procedure, aiming at knowledge retention. Training focuses on the “how,” knowledge retention. Training focuses on the how, enabling the ability to complete a task and apply problem-solving at the application level. Education focuses on the “why,” providing an understanding of the big picture and enabling design-level problem solving with architectural exercises.

Answer 754

Answer: A. Breach attack simulations are where you simulate real-world attacks across your whole environment, typically both automatic and always running. Explanation: Breach attack simulations simulate real-world attacks across the entire environment. They are typically automatic and always running, using tools that are constantly updated and provide remediation steps and documentation.

Answer 755

Answer: A. Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. These checks can be automated and may use either in-house or third-party tools. Failed compliance checks typically result in the organization investigating and remediating the issues found.

Answer 756

Answer: A. Internal audits are closely aligned to the organization, external audits ensure procedures/compliance are being followed with regular checks, and third-party audits provide a more in-depth, neutral audit. Explanation: Internal audits should be closely aligned to the organization. The external strategy needs to ensure procedures/compliance are being followed with regular checks and complement the internal strategy. The third-party strategy is an objective, neutral approach that reviews the overall strategy for auditing the organization’s environment, methods of testing, and can also ensure that both internal and external audits are following defined policies and procedures.

Answer 757

Answer: A. To simulate real-world attacks across the whole environment, typically both automatic and always running Explanation: Breach attack simulations are where you simulate real-world attacks. It is simulated across your whole environment and typically are both automatic and always running. Red and blue teams use tools that are constantly updated and provide remediation steps and documentation.

Answer 758

Answer: A. To assess whether the organization is currently following their controls Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. This may be automated and use either in-house or third party tools. Failed compliance checks normally end up in the organization investigating and remediating the issues it found

Answer 759

Answer: A. To handle test results and report any results of concern to management immediately so they can be aware of potential risks and alerts Explanation: Those that analyze the security of organization apps and services need to know how to handle test results. Any results of concern need to be reported to management immediately so they can be aware of potential risks and alerts. The detail in reporting to management may be on a “need-to-know” basis.

Answer 760

Answer: A. Formal assessments and informal assessments Explanation: The two primary categories of assessments are formal assessments and informal assessments. Formal assessments are evaluations against a compliance standard, which includes regulatory and other legal requirements.

Answer 761

Answer: A. Purpose, scope, results of the audit, audit events Explanation: The key elements of an audit report are the purpose, scope, results of the audit, and audit events. The purpose outlines the reason for the audit, the scope defines the boundaries of the audit, the results of the audit provide the findings, and the audit events detail the specific instances or activities audited.

Answer 762

Answer: A. SOC 1 Type 1, SOC 1 Type 2, SOC 2, SOC 3 Explanation: The four types of SOC reports are SOC 1 Type 1, SOC 1 Type 2, SOC 2, and SOC 3. Each type of report has a different focus and is used for different purposes within an organization’s overall audit strategy.

Answer 763

Answer: A. Preparations phase and Audit phase Explanation: There are two phases in preparing for the SOC audit: the Preparations phase and the Audit phase. The Preparations phase involves scheduling, defining the scope, inventorying controls, conducting a readiness review, and resolving discrepancies. The Audit phase involves creating a detailed project plan, gathering artifacts, providing physical access and workspace, conducting meetings, testing, off-site analysis, issue resolution, providing audit reports, and conducting a lessons learned review.

Answer 764

Answer: A. Preparations phase and Audit phase Explanation: There are two phases in preparing for the SOC audit: the Preparations phase and the Audit phase. The Preparations phase involves scheduling, defining the scope, inventorying controls, conducting a readiness review, and resolving discrepancies. The Audit phase involves creating a detailed project plan, gathering artifacts, providing physical access and workspace, conducting meetings, testing, off-site analysis, issue resolution, providing audit reports, and conducting a lessons learned review.

Answer 765

Answer: A. To present the data in a meaningful way for most people who need the data Explanation: Security controls, vulnerability scans, penetration tests, and audits – all these activities generate a significant amount of data. Perhaps a few gifted people can review the raw data and draw salient conclusions, but most people need the data presented to them in a meaningful way.

Answer 766

Answer: A. To evaluate the situation without any forewarning of the evaluation Explanation: “No-notice” assessments, which simply means that the situation being evaluated has no forewarning of the evaluation (e.g., spot check, desk audit). A no-notice assessment isn’t really a “type” of assessment, it’s basically a surprise audit or an informal assessment where notice isn’t given. It can likely fit into a subcategory or type of informal assessment.

Answer 767

nswer: A. To see if controls meet risk expectations or to see if there are ways to improve efficiency of operations Explanation: Internal assessments are done for the purpose of seeing if controls meet risk expectations or to see if there are ways to improve efficiency of operations and how well an organization is prepared for an external or formal audit. An internal assessment might follow a formal process, but is most likely considered informal by nature.

Answer 768

Answer: A. Nmap Explanation: Nmap (Network Mapper) is primarily used for network discovery and port scanning. It is a versatile tool that allows for the identification of active hosts and open ports within a network.

Answer 769

Answer: D. Port 1433 is open. Explanation: Port 1433 is commonly associated with Microsoft SQL Server. An open SQL Server port exposed to an external network is a significant security risk and should be addressed immediately.

Answer 770

AAnswer: C. The inclination to experiment with novel testing tools Explanation: The desire to experiment with new testing tools should not be a factor when planning a security testing schedule. The focus should be on the system’s security posture and potential risks.

Answer 771

Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the security posture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 772

Answer: B. 22 Explanation: Port 22 is the standard port used for SSH connections, commonly employed for secure server access.

Answer 773

Answer: D. Authenticated scan Explanation: An authenticated scan provides the most detailed information about the security state of a server. It allows for a deeper system inspection by using valid credentials to access it.

Answer 774

Answer: C. TCP SYN scan Explanation: A TCP SYN scan, also known as a “half-open” scan, utilizes only the first two steps of the TCP three-way handshake. It sends a SYN packet and waits for a SYN-ACK response but does not send the final ACK packet to complete the handshake.

Answer 775

Answer: D. Web vulnerability scanner Explanation: A web vulnerability scanner is specifically designed to identify vulnerabilities in web applications, including SQL injection flaws.

Answer 776

Answer: B. 80 Explanation: Port 80 is the standard port for unencrypted HTTP traffic. Servers running unencrypted HTTP services typically listen on this port.

Answer 777

Answer: B. Vulnerability scanner Explanation: A vulnerability scanner is specifically designed to automatically identify known vulnerabilities in systems and networks, making it the most effective choice for this scenario.

Answer 778

Answer: D. Vulnerability scan Explanation: A vulnerability scan is designed to identify known security risks in a system by probing for its configuration, software, and hardware weaknesses.

Answer 779

Answer: C. Ensuring that implemented changes do not compromise security Explanation: One of the primary goals of a change management program is to ensure that any changes made to systems or processes do not adversely affect the organization’s security posture.

Answer 780

Answer: A. Infrastructure as a Service (IaaS) Explanation: Infrastructure as a Service (IaaS) provides an organization with the most control over its cloud resources, including virtual machines, storage, and networking. However, this level of control comes with the responsibility of managing and maintaining the operating systems and applications.

Answer 781

Answer: C. Implementing vulnerability mitigation measures Explanation: A security assessment focuses on identifying vulnerabilities, assessing risks, and evaluating threats. The actual mitigation of vulnerabilities is usually a separate process that follows the assessment.

Answer 782

Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the security posture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 783

Answer: A. Response Explanation: In the (ISC) 2 framework for incident management, the first step is usually the “Response” phase, where the incident is initially addressed and contained.

Answer 784

Answer: B. Audit trails Explanation: The term “audit trails” best describes the body of data collected through event logging. Audit trails are records that provide documentary evidence of sequences of activities that have affected at any time a specific operation, procedure, or event.

Answer 785

Answer: B. An intrusion detection system (IDS) Explanation: A mirrored port is often used to connect an intrusion detection system (IDS) for monitoring network traffic.

Answer 786

Answer: B. A false negative Explanation: A false negative occurs when an intrusion detection system fails to detect an actual attack, allowing it to penetrate the network without raising an alarm.

Answer 787

Answer: B. Disrupting communication capabilities in preparation for a physical attack Explanation: Disrupting an organization’s ability to communicate and respond to a physical attack is most indicative of a terrorist attack, as it aims to cause widespread harm and panic.

Answer 788

Answer: D. Utilizing automated tools to scan for vulnerable ports on the organization’s systems Explanation: Grudge attacks are usually motivated by personal vendettas and aim to cause embarrassment or harm to the target. Scanning for vulnerable ports is more indicative of a broader cyberattack rather than a grudge attack.

Answer 789

Answer: C. Avoid altering the evidence during the collection process Explanation: The integrity of evidence is crucial in any investigation. Therefore, avoiding any modification to the evidence during its collection is paramount.

Answer 790

Answer: C. Documentary evidence Explanation: Documentary evidence refers to written documents that are used in court to prove a fact.

Answer 791

Answer: C. Criminal Explanation: Criminal investigations require the highest standard of evidence, often “beyond a reasonable doubt,” due to the severe consequences involved, such as imprisonment.

Answer 792

Answer: B. Act honorably, honestly, justly, responsibly, and legally Explanation: The (ISC) 2 Code of Ethics outlines that CISSPs are expected to act honorably, honestly, justly, responsibly, and legally.

Answer 793

Answer: B. Cloud based Explanation: A cloud-based identity platform typically offers high availability and redundancy, making it a suitable choice when availability is the organization’s biggest priority.

Answer 794

Answer: C. Federation Explanation: The Federation allows for sharing identity information across different organizations and systems, making it the most appropriate choice for sharing identity information with a business partner.

Answer 795

Answer: C. Due care Explanation: The principle of “due care” requires that an individual should act responsibly and take the necessary steps to complete their responsibilities accurately and in a timely manner.

Answer 796

Answer: A. Maximum tolerable downtime (MTD) Explanation: Maximum tolerable downtime (MTD) is the metric that indicates the longest period of time a business process can be inoperative before causing irreparable harm to the organization

Answer 797

Answer: C. To identify weaknesses in a system without exploiting them Explanation: A vulnerability assessment aims to identify vulnerabilities in a system, application, or network without actually exploiting them. This is different from a penetration test, which attempts to exploit the vulnerabilities.

Answer 798

Answer: B. Knowledge of the system’s architecture and design Explanation: In a white box test, the tester has knowledge of the system’s architecture and design, whereas in a black box test, the tester has no such knowledge and tests the system from an outsider’s perspective.

Answer 799

Answer: C. Reconnaissance Explanation: The reconnaissance phase of penetration testing involves collecting information about the target system, often without directly interacting with it. This phase helps the tester understand the system and identify potential vulnerabilities.

Answer 800

Answer: C. Report the vulnerability to the organization. Explanation: Even if the tester cannot exploit a vulnerability, it’s essential to report it to the organization. This allows the organization to take corrective measures and ensure that potential attackers cannot exploit the vulnerability in the future.

Answer 801

Answer: C. An identified vulnerability that does not actually exist Explanation: A false positive refers to a situation where a security testing tool or process identifies a vulnerability that, upon further investigation, does not actually exist. It’s an erroneous alert that can lead to wasted resources if not correctly identified.

Answer 802

Answer: C. Denial of service (DoS) Explanation: IP spoofing is a technique where an attacker sends IP packets from a false source address. This is often used in denial-of-service (DoS) attacks to mask the true origin of the attack and to amplify the attack by involving innocent third-party systems.

Answer 803

Answer: C. Session hijacking focuses on the TCP connection between the client and the server. If an attacker discerns the initial sequence, they can potentially take over the connection. Explanation: Session hijacking, also known as session takeover, involves an attacker taking over a user’s session. The primary target is the TCP connection. By predicting or intercepting the session token, an attacker can impersonate the victim and hijack their session.

Answer 804

Answer: B. Initiate an employee training and awareness campaign. Explanation: While all the options have their merits, the most effective way to combat email scams, such as phishing, is through user education. Training employees to recognize and avoid suspicious emails can significantly reduce the risk of successful attacks.

Answer 805

Answer: D. Conduct oneself with honor, honesty, justice, responsibility, and within the bounds of the law. Explanation: The ISC2 Code of Ethics emphasizes professional and ethical behavior. The mentioned statement aligns with the principles set forth by ISC2 for its members.

Answer 806

Answer: A. Internal employees Explanation: Insiders, or internal employees, often have access to sensitive information and systems. Their familiarity with the organization’s infrastructure and potential grievances can make them a significant threat.

Answer 807

Answer: B. Trace evidence always exists. Explanation: Locard’s exchange principle posits that every contact leaves a trace. This means that whenever two objects come into contact, there will always be an exchange of material.

Answer 808

Answer: D. The International Organization on Computer Evidence Explanation: The International Organization on Computer Evidence (IOCE) was established to provide international standards for digital evidence handling and processing.

Answer 809

Answer: D. Justified Explanation: Evidence must be relevant, properly preserved, and identifiable to be admissible in court. “Justified” is not a criterion for evidence admissibility.

Answer 810

Answer: B. Inadmissible in court Explanation: Hearsay evidence refers to statements made outside of court that are presented as evidence for the truth of the matter asserted in the statement. Generally, hearsay is not admissible in court unless it falls under specific exceptions.

Answer 811

Answer: B. Their primary objective is to avoid causing harm. Explanation: Ethical hackers, also known as “white hat” hackers, are professionals who test systems for vulnerabilities with the intent of identifying and fixing them, not exploiting them. They operate with permission and aim to improve security without causing harm.

Answer 812

Answer: C. Random Access Memory (RAM) content Explanation: The contents of RAM are volatile, meaning they are lost when the power is turned off. RAM can contain valuable information such as encryption keys, running processes, and other transient data. Therefore, it’s crucial to capture this information first before it’s lost.

Answer 813

Answer: D. A scanner for system vulnerabilities Explanation: SATAN (Security Administrator Tool for Analyzing Networks) is a tool designed to detect vulnerabilities in computer networks. It helps administrators identify potential security risks in their systems.

Answer 814

Answer: B. Generate a bit-by-bit copy. Explanation: In computer forensics, it’s essential to make a bit-level copy (or bit-by-bit copy) of the original evidence to ensure that all data, including deleted files and slack space, is captured. This ensures the integrity of the evidence and allows for a thorough investigation.

Answer 815

Answer: A. White box testing Explanation: White box testing, also known as clear box testing, is a method where the tester has complete knowledge of the system’s internals. In the context of penetration testing, it simulates what insiders with knowledge of the system can access and potentially exploit.

Answer 816

Answer: B. Phreakers Explanation: Phreakers are individuals who manipulate telecommunication systems, especially to make free calls. They have historically been associated with exploring and exploiting the vulnerabilities of PBX (Private Branch Exchange) systems and other telecommunication platforms.

Answer 817

Answer: A. Validation checks if the right product is being built, while verification checks if the product is being built correctly. Explanation: Validation is concerned with answering the question: Is the right product being built? Verification follows validation and is the process that confirms an application or product is being built correctly.

Answer 818

Answer: C. To throw randomness at an application to see how it responds and where it might “break” Explanation: Fuzz testing involves throwing randomness at an application to see how it responds and where it might “break.” It is a form of dynamic testing.

Answer 819

Answer: B. A vulnerability assessment only identifies potential vulnerabilities, while a penetration test identifies potential vulnerabilities and attempts to exploit them. Explanation: Both processes start the same way as they seek to identify potential vulnerabilities. However, with a vulnerability assessment, once vulnerabilities are noted, no further action is taken apart from producing a report of findings. A penetration test goes an essential step further: after identifying vulnerabilities, an attempt is made to exploit each vulnerability.

Answer 820

Answer: A. Credentialed/authenticated scans and uncredentialed/unauthenticated scans Explanation: There are two primary types of vulnerability scans: credentialed/authenticated scans and uncredentialed/unauthenticated scans.

Answer 821

Answer: A. To ensure that security requirements/controls are defined, tested, and operating effectively Explanation: Security assessment and testing ensure that security requirements/controls are defined, tested, and operating effectively. It applies to the development of new applications and systems as well as the ongoing operations, including end of life, related to assets.

Answer 822

Answer: A. SOC 1 reports focus on financial reporting risks, while SOC 2 reports focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy. Explanation: SOC 1 reports are quite basic and focus on financial reporting risks. SOC 2 reports are much more involved and focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy.

Answer 823

Answer: A. Positive testing checks if the system is working as expected and designed, negative testing checks the system’s response to normal errors, and misuse testing applies the perspective of someone trying to break or attack the system. Explanation: Positive testing focuses on the response of a system based on normal usage and expectations, checking if the system is working as expected and designed. Negative testing focuses on the response of a system when normal errors are introduced. Misuse testing applies the perspective of someone trying to break or attack the system.

Answer 824

Answer: A. To verify that previously tested and functional software still works after updates have been made Explanation: Regression testing is the process of verifying that previously tested and functional software still works after updates have been made. It should be performed after enhancements have been made or after patches to address vulnerabilities or problems have been issued.

Answer 825

Answer: C. The amount of code covered divided by the total amount of code in the application Explanation: Test coverage refers to the relationship between the amount of source code in a given application and the percentage of code that has given application and the percentage of code that has been covered by the completed tests. It is a simple mathematical formula: amount of code covered/total amount of code in application = test coverage percent.

Answer 826

Answer: A. STRIDE and PASTA Explanation: Two well-known and often-used threat modeling methodologies are STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-Service, Elevation of privilege) and PASTA (Process for Attack Simulation and Threat Analysis).

Answer 827

Answer: B. Knowledge of the system’s architecture and design Explanation: In a white box test, the tester has knowledge of the system’s architecture and design, whereas in a black box test, the tester has no such knowledge and tests the system from an outsider’s perspective.

Answer 828

Answer: C. Reconnaissance Explanation: The reconnaissance phase of penetration testing involves collecting information about the target system, often without directly interacting with it. This phase helps the tester understand the system and identify potential vulnerabilities.

Answer 829

Answer: C. Report the vulnerability to the organization. Explanation: Even if the tester cannot exploit a vulnerability, it’s essential to report it to the organization. This allows the organization to take corrective measures and ensure that potential attackers cannot exploit the vulnerability in the future.

Answer 830

Answer: C. An identified vulnerability that does not actually exist Explanation: A false positive refers to a situation where a security testing tool or process identifies a vulnerability that, upon further investigation, does not actually exist. It’s an erroneous alert that can lead to wasted resources if not correctly identified.

Answer 831

Answer: C. Denial of service (DoS) Explanation: IP spoofing is a technique where an attacker sends IP packets from a false source address. This is often used in denial-of-service (DoS) attacks to mask the true origin of the attack and to amplify the attack by involving innocent third-party systems.

Answer 832

Answer: C. Session hijacking focuses on the TCP connection between the client and the server. If an attacker discerns the initial sequence, they can potentially take over the connection. Explanation: Session hijacking, also known as session takeover, involves an attacker taking over a user’s session. The primary target is the TCP connection. By predicting or intercepting the session token, an attacker can impersonate the victim and hijack their session.

Answer 833

Answer: B. Initiate an employee training and awareness campaign. Explanation: While all the options have their merits, the most effective way to combat email scams, such as phishing, is through user education. Training employees to recognize and avoid suspicious emails can significantly reduce the risk of successful attacks.

Answer 834

Answer: D. Conduct oneself with honor, honesty, justice, responsibility, and within the bounds of the law. Explanation: The ISC2 Code of Ethics emphasizes professional and ethical behavior. The mentioned statement aligns with the principles set forth by ISC2 for its members.

Answer 835

Answer: A. Internal employees Explanation: Insiders, or internal employees, often have access to sensitive information and systems. Their familiarity with the organization’s infrastructure and potential grievances can make them a significant threat.

Answer 836

Answer: B. Trace evidence always exists. Explanation: Locard’s exchange principle posits that every contact leaves a trace. This means that whenever two objects come into contact, there will always be an exchange of material.

Answer 837

31. Answer: B. SAST tests the underlying source code of an application, while DAST tests an application while it’s running. Explanation: With Static Application Security Testing (SAST), an application is not running, and it’s the underlying source code that is being examined. With Dynamic Application Security Testing (DAST), an application is running, and the focus is on the application and system as the underlying code executes.

Answer 838

32.Answer: A. False positives and false negatives Explanation: With any type of monitoring system, two types of alerts often show up: false positives, where the system claims a vulnerability exists, but there is none, and false negatives, where the system says everything is fine, but a vulnerability exists.

Answer 839

33. Answer: C. To identify errors and anomalies that point to problems, modifications, or breaches Explanation: Log review and analysis is a best practice that should be used in every organization. Logs should include what is relevant, be proactively reviewed, and be especially scrutinized for errors and anomalies that point to problems, modifications, or breaches.

Answer 840

34. Answer: A. A Type 1 report focuses on the design of controls at a point in time, while a Type 2 report examines the design of a control and its operating effectiveness over a period of time. Explanation: A Type 1 report focuses on the design of controls at a point in time. A Type 2 report examines not only the design of a control but, more importantly, the operating effectiveness over a period of time, typically a year.

Answer 841

35. Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security audit is a systematic, measurable technical assessment of how the organization’s security policy is employed. It is used to ensure that security controls are operating effectively and as designed.

Answer 842

36. Answer: A. In a white box test, the tester has full knowledge of the system being tested, while in a black box test, the tester has no knowledge of the system. Explanation: In a white box test, the tester has full knowledge of the system being tested, including source code, architecture, and both the software and hardware involved. In a black box test, the tester has no knowledge of the system being tested.

Answer 843

37. Answer: A. To identify potential vulnerabilities in the code Explanation: A code review is a systematic examination of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills. In the context of security, it is used to identify potential vulnerabilities in the code.

Answer 844

38.Answer: A. A credentialed scan is performed with system-level access, while an uncredentialed scan is performed without system-level access. Explanation: A credentialed scan is performed with system-level access, and it can see everything that is happening on a given host. An uncredentialed scan is performed without system-level access, and it can only see what is visible on the network.

Answer 845

39. Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security control self-assessment is a process where an organization evaluates its own security controls to ensure they are operating effectively and as designed. It is a proactive measure to identify any potential issues before they become problems.

Answer 846

40. Answer: A. To focus testing efforts on areas of greatest risk Explanation: A risk-based approach to security testing allows an organization to focus its testing efforts on the areas of greatest risk. This approach ensures that resources are used effectively and that high-risk areas receive the attention they require.

Answer 847

41. Answer: B. To protect the system against potential threats Explanation: A security control is a safeguard or countermeasure designed to avoid, counteract, or minimize security risks. In the context of an organization’s security strategy, the purpose of a security control is to protect the system against potential threats.

Answer 848

42. Answer: A. A false positive is when the system claims a vulnerability exists, but there is none, while a false negative is when the system says everything is fine, but a vulnerability exists. Explanation: A false positive is when the system claims a vulnerability exists, but there is none. This can lead to wasted resources as teams investigate nonexistent issues. A false negative is when the system says everything is fine, but a vulnerability exists. This can lead to undetected breaches and significant damage.

Answer 849

43. Answer: B. To provide a starting point for the implementation of security controls Explanation: A security control baseline provides a set of basic controls that an organization can use as a starting point for their security strategy. It provides a foundation upon which additional, more specific controls can be built based on the organization’s unique risks and requirements.

Answer 850

44. Answer: B. To simulate potential attack scenarios and analyze threats Explanation: The Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology that aims to provide a dynamic threat identification, enumeration, and scoring process. It simulates potential attack scenarios and analyzes threats in a structured and methodical way.

Answer 851

45. Answer: A. A Type 1 report focuses on the design of controls at a point in time, while a Type 3 report examines the design of a control and its operating effectiveness over a period of time. Explanation: A Type 1 SOC report focuses on the design of controls at a point in time. A Type 3 SOC report, on the other hand, examines not only the design of a control but also its operating effectiveness over a period of time

Answer 852

46. Answer: B. To categorize potential threats to the system Explanation: The STRIDE methodology is a threat modeling technique used to categorize potential threats to a system. It stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-Service, and Elevation of privilege.

Answer 853

47. Answer: A. A Type 2 report examines the design of a control and its operating effectiveness over a period of time, while a Type 3 report focuses on the design of controls at a point in time. Explanation: A Type 2 SOC report examines not only the design of a control but also its operating effectiveness over a period of time. A Type 3 SOC report, on the other hand, focuses on the design of controls at a point in time.

Answer 854

48. Answer: A. RUM is a passive monitoring technique that monitors user interactions and activity with a website or application. Explanation: Real User Monitoring (RUM) is a passive monitoring technique that monitors user interactions and activity with a website or application. It provides insights into how users are interacting with the system in real time.

Answer 855

49. Answer: A. CVSS reflects a method to characterize a vulnerability through a scoring system considering various characteristics. Explanation: The Common Vulnerability Scoring System (CVSS) reflects a method to characterize a vulnerability through a scoring system considering various characteristics. It provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Answer 856

50. Answer: B. Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Explanation: Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Test scripts for each type of functionality can be created and then run at any time.

Answer 857

51. Answer: A. CVE is a list of records for publicly known cybersecurity vulnerabilities. Explanation: CVE, also known as Common Vulnerabilities and Exposures dictionary, is “a list of records – each containing an identification number, a description, and at least one public reference – for publicly known cybersecurity vulnerabilities.”

Answer 858

52. Answer: A. SAST involves examining the underlying source code when an application is not running, while DAST involves focusing on the application and system as the underlying code executes when an application is running. Explanation: Static Application Security Testing (SAST) involves examining the underlying source code when an application is not running. This is a form of white box testing. Dynamic Application Security Testing (DAST), on the other hand, involves focusing on the application and system as the underlying code executes when an application is running. This is a form of black box testing.

Answer 859

53. Answer: A. Blind testing involves the assessor being given little to no information about the target being tested, while double-blind testing involves the assessor and the IT and Security Operations teams being given little to no information about the upcoming tests. Explanation: In blind testing, the assessor is given little to no information about the target being tested. In double-blind testing, not only is the assessor given little to no information about the target, but the IT and Security Operations teams are also not informed about the upcoming tests.

Answer 860

54.Answer: A. Circular overwrite limits the maximum size of a log file by overwriting entries, starting from the earliest, while clipping levels focus on when to log a given event based upon threshold settings. Explanation: Circular overwrite is a method of log file management that limits the maximum size of a log file by overwriting entries, starting from the earliest. Clipping levels, on the other hand, focus on when to log a given event based upon threshold settings, which can also help limit log file sizes.

Answer 861

55.Answer: B. Internal, external, and third party Explanation: The three types of audit strategies mentioned are internal, external, and third party. Each of these strategies has a different focus and is used in different contexts within an organization’s overall audit strategy.

Answer 862

56.Answer: A. Black box, white box, dynamic, static, manual, automated, structural, functional, negative Explanation: The types of coverage testing that you need to explain for the CISSP exam are black box, white box, dynamic, static, manual, automated, structural, functional, and negative.

Answer 863

57. Answer: A. Awareness refers to the “what” of an organization’s policy or procedure, training refers to the “how,” and education refers to the “why.” Explanation: Awareness refers to the “what” of an organization’s policy or procedure, aiming at knowledge retention. Training focuses on the “how,” knowledge retention. Training focuses on the how, enabling the ability to complete a task and apply problem-solving at the application level. Education focuses on the “why,” providing an understanding of the big picture and enabling design-level problem solving with architectural exercises.

Answer 864

58. Answer: A. Breach attack simulations are where you simulate real-world attacks across your whole environment, typically both automatic and always running. Explanation: Breach attack simulations simulate real-world attacks across the entire environment. They are typically automatic and always running, using tools that are constantly updated and provide remediation steps and documentation.

Answer 865

59. Answer: A. Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. These checks can be automated and may use either in-house or third-party tools. Failed compliance checks typically result in the organization investigating and remediating the issues found.

Answer 866

60. Answer: A. Internal audits are closely aligned to the organization, external audits ensure procedures/compliance are being followed with regular checks, and third-party audits provide a more in-depth, neutral audit. Explanation: Internal audits should be closely aligned to the organization. The external strategy needs to ensure procedures/compliance are being followed with regular checks and complement the internal strategy. The third-party strategy is an objective, neutral approach that reviews the overall strategy for auditing the organization’s environment, methods of testing, and can also ensure that both internal and external audits are following defined policies and procedures.

Answer 867

61. Answer: A. To simulate real-world attacks across the whole environment, typically both automatic and always running Explanation: Breach attack simulations are where you simulate real-world attacks. It is simulated across your whole environment and typically are both automatic and always running. Red and blue teams use tools that are constantly updated and provide remediation steps and documentation.

Answer 868

62. Answer: A. To assess whether the organization is currently following their controls Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. This may be automated and use either in-house or third party tools. Failed compliance checks normally end up in the organization investigating and remediating the issues it found.

Answer 869

63. Answer: A. To handle test results and report any results of concern to management immediately so they can be aware of potential risks and alerts Explanation: Those that analyze the security of organization apps and services need to know how to handle test results. Any results of concern need to be reported to management immediately so they can be aware of potential risks and alerts. The detail in reporting to management may be on a “need-to-know” basis.

Answer 870

64. Answer: A. Formal assessments and informal assessments Explanation: The two primary categories of assessments are formal assessments and informal assessments. Formal assessments are evaluations against a compliance standard, which includes regulatory and other legal requirements.

Answer 871

65. Answer: A. Purpose, scope, results of the audit, audit events Explanation: The key elements of an audit report are the purpose, scope, results of the audit, and audit events. The purpose outlines the reason for the audit, the scope defines the boundaries of the audit, the results of the audit provide the findings, and the audit events detail the specific instances or activities audited.

Answer 872

66. Answer: A. SOC 1 Type 1, SOC 1 Type 2, SOC 2, SOC3 Explanation: The four types of SOC reports are SOC 1 Type 1, SOC 1 Type 2, SOC 2, and SOC 3. Each type of report has a different focus and is used for different purposes within an organization’s overall audit strategy.

Answer 873

67. Answer: A. Preparations phase and Audit phase Explanation: There are two phases in preparing for the SOC audit: the Preparations phase and the Audit phase. The Preparations phase involves scheduling, defining the scope, inventorying controls, conducting a readiness review, and resolving discrepancies. The Audit phase involves creating a detailed project plan, gathering artifacts, providing physical access and workspace, conducting meetings, testing, off-site analysis, issue resolution, providing audit reports, and conducting a lessons learned review.

Answer 874

68. Answer: A. To present the data in a meaningful way for most people who need the data Explanation: Security controls, vulnerability scans, penetration tests, and audits – all these activities generate a significant amount of data. Perhaps a few gifted people can review the raw data and draw salient conclusions, but most people need the data presented to them in a meaningful way.

Answer 875

69. Answer: A. To evaluate the situation without any forewarning of the evaluation Explanation: “No-notice” assessments, which simply means that the situation being evaluated has no forewarning of the evaluation (e.g., spot check, desk audit). A no-notice assessment isn’t really a “type” of assessment, it’s basically a surprise audit or an informal assessment where notice isn’t given. It can likely fit into a subcategory or type of informal assessment.

Answer 876

70. Answer: A. To see if controls meet risk expectations or to see if there are ways to improve efficiency of operations Explanation: Internal assessments are done for the purpose of seeing if controls meet risk expectations or to see if there are ways to improve efficiency of operations and how well an organization is prepared for an external or formal audit. An internal assessment might follow a formal process, but is most likely considered informal by nature.

Answer 877

71. Answer: A. Nmap Explanation: Nmap (Network Mapper) is primarily used for network discovery and port scanning. It is a versatile tool that allows for the identification of active hosts and open ports within a network.

Answer 878

72. Answer: D. Port 1433 is open. Explanation: Port 1433 is commonly associated with Microsoft SQL Server. An open SQL Server port exposed to an external network is a significant security risk and should be addressed immediately.

Answer 879

73.Answer: C. The inclination to experiment with novel testing tools Explanation: The desire to experiment with new testing tools should not be a factor when planning a security testing schedule. The focus should be on the system’s security posture and potential risks.

Answer 880

74.Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the securityposture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 881

75.Answer: B. 22 Explanation: Port 22 is the standard port used for SSH connections, commonly employed for secure server access.

Answer 882

76. Answer: D. Authenticated scan Explanation: An authenticated scan provides the most detailed information about the security state of a server. It allows for a deeper system inspection by using valid credentials to access it.

Answer 883

77.Answer: C. TCP SYN scan Explanation: A TCP SYN scan, also known as a “half-open” scan, utilizes only the first two steps of the TCP three-way handshake. It sends a SYN packet and waits for a SYN-ACK response but does not send the final ACK packet to complete the handshake.

Answer 884

78. Answer: D. Web vulnerability scanner Explanation: A web vulnerability scanner is specifically designed to identify vulnerabilities in web applications, including SQL injection flaws.

Answer 885

79.Answer: B. 80 Explanation: Port 80 is the standard port for unencrypted HTTP traffic. Servers running unencrypted HTTP services typically listen on this port.

Answer 886

80. Answer: B. Vulnerability scanner Explanation: A vulnerability scanner is specifically designed to automatically identify known vulnerabilities in systems and networks, making it the most effective choice for this scenario.

Answer 887

81. Answer: D. Vulnerability scan Explanation: A vulnerability scan is designed to identify known security risks in a system by probing for its configuration, software, and hardware weaknesses.

Answer 888

82. Answer: C. Ensuring that implemented changes do not compromise security Explanation: One of the primary goals of a change management program is to ensure that any changes made to systems or processes do not adversely affect the organization’s security posture.

Answer 889

83. Answer: A. Infrastructure as a Service (IaaS) Explanation: Infrastructure as a Service (IaaS) provides an organization with the most control over its cloud resources, including virtual machines, storage, and networking. However, this level of control comes with the responsibility of managing and maintaining the operating systems and applications.

Answer 890

84. Answer: C. Implementing vulnerability mitigation measures Explanation: A security assessment focuses on identifying vulnerabilities, assessing risks, and evaluating threats. The actual mitigation of vulnerabilities is usually a separate process that follows the assessment.

Answer 891

85. Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the security posture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 892

86. Answer: A. Response Explanation: In the (ISC) 2 framework for incident management, the first step is usually the “Response” phase, where the incident is initially addressed and contained.

Answer 893

87. Answer: B. Audit trails Explanation: The term “audit trails” best describes the body of data collected through event logging. Audit trails are records that provide documentary evidence of sequences of activities that have affected at any time a specific operation, procedure, or event.

Answer 894

88. Answer: B. An intrusion detection system (IDS) Explanation: A mirrored port is often used to connect an intrusion detection system (IDS) for monitoring network traffic.

Answer 895

89. Answer: B. A false negative Explanation: A false negative occurs when an intrusion detection system fails to detect an actual attack, allowing it to penetrate the network without raising an alarm.

Answer 896

90. Answer: B. Disrupting communication capabilities in preparation for a physical attack Explanation: Disrupting an organization’s ability to communicate and respond to a physical attack is most indicative of a terrorist attack, as it aims to cause widespread harm and panic.

Answer 897

91. Answer: D. Utilizing automated tools to scan for vulnerable ports on the organization’s systems Explanation: Grudge attacks are usually motivated by personal vendettas and aim to cause embarrassment or harm to the target. Scanning for vulnerable ports is more indicative of a broader cyberattack rather than a grudge attack.

Answer 898

92. Answer: C. Avoid altering the evidence during the collection process Explanation: The integrity of evidence is crucial in any investigation. Therefore, avoiding any modification to the evidence during its collection is paramount.

Answer 899

93. Answer: C. Documentary evidence Explanation: Documentary evidence refers to written documents that are used in court to prove a fact.

Answer 900

94. Answer: C. Criminal Explanation: Criminal investigations require the highest standard of evidence, often “beyond a reasonable doubt,” due to the severe consequences0 involved, such as imprisonment.

Answer 901

95. Answer: B. Act honorably, honestly, justly, responsibly, and legally Explanation: The (ISC) 2 Code of Ethics outlines that CISSPs are expected to act honorably, honestly, justly, responsibly, and legally.

Answer 902

96. Answer: B. Cloud based Explanation: A cloud-based identity platform typically offers high availability and redundancy, making it a suitable choice when availability is the organization’s biggest priority.

Answer 903

97. Answer: C. Federation Explanation: The Federation allows for sharing identity information across different organizations and systems, making it the most appropriate choice for sharing identity information with a business partner.

Answer 904

98. Answer: C. Due care Explanation: The principle of “due care” requires that an individual should act responsibly and take the necessary steps to complete their responsibilities accurately and in a timely manner.

Answer 905

99. Answer: A. Maximum tolerable downtime (MTD) Explanation: Maximum tolerable downtime (MTD) is the metric that indicates the longest period of time a business process can be inoperative before causing irreparable harm to the organization

Answer 906

d. Security-control monitoring and reporting the status of the information system to appropriate management authorities are essential activities of a comprehensive information security program. Information preservation is a part of the disposal phase, whereas security test and evaluation is a part of the implementation phase of a system development life cycle (SDLC). Security-control monitoring and security status reporting are a part of the operation and maintenance phase of an SDLC, which facilitate ongoing work.

Answer 907

b. The Reference Monitor concept is independent of any particular access control policy because it mediates all types of access to objects by subjects. Mandatory access control policy is a means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization of subjects to access information of such sensitivity. With role-based access control policy, access decisions are based on the roles (for example, teller, analyst, and manager) that individual users have as part of an organization. Discretionary access control policy is a means of restricting access to objects based on the identity of subjects.

Answer 908

a. Security certification is a comprehensive assessment of the management, operational, and technical controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcomes.

Answer 909

d. Security impact analyses are conducted in the continuous monitoring phase whenever there are changes to the information system. The other three choices are part of the security accreditation phase, which comes before the continuous monitoring phase

Answer 910

d. Conducting reaccreditation reviews periodically is a mechanical step (a byproduct of the goal) and a secondary goal. The primary goals of certification and accreditation of information systems are to (i) enable more consistent, comparable, and repeatable assessments of security controls in information systems, (ii) promote a better understanding of organization-related risks resulting from the operation of information systems, and (iii) create more complete, reliable, and trustworthy information for authorizing officials (management) to facilitate more informed security accreditation decisions.

Answer 911

a. Usually, encryption algorithms do not fail due to their extensive testing, and the encryption key is getting longer making it more difficult to break into. Many errors reoccur, including buffer overflows, race conditions, format string errors, failing to check input for validity, and computer programs being given excessive access privileges.

Answer 912

d. The configuration management (CM) process calls for continuous system monitoring to ensure that it is operating as intended and that implemented changes do not adversely impact either the performance or security posture of the system. Configuration verification tests, system audits, patch management, and risk management activities are performed to achieve the CM goal.

Answer 913

c. Evaluating configuration management metric information is the responsibility of the configuration control review board, whereas the other three choices are responsibilities of the configuration manager.

Answer 914

Answer: D. The International Organization on Computer Evidence Explanation: The International Organization on Computer Evidence (IOCE) was established to provide international standards for digital evidence handling and processing.

Answer 915

Answer: D. Justified Explanation: Evidence must be relevant, properly preserved, and identifiable to be admissible in court. “Justified” is not a criterion for evidence admissibility.

Answer 916

Answer: B. Inadmissible in court Explanation: Hearsay evidence refers to statements made outside of court that are presented as evidence for the truth of the matter asserted in the statement. Generally, hearsay is not admissible in court unless it falls under specific exceptions.

Answer 917

Answer: B. Their primary objective is to avoid causing harm. Explanation: Ethical hackers, also known as “white hat” hackers, are professionals who test systems for vulnerabilities with the intent of identifying and fixing them, not exploiting them. They operate with permission and aim to improve security without causing harm.

Answer 918

Answer: C. Random Access Memory (RAM) content Explanation: The contents of RAM are volatile, meaning they are lost when the power is turned off. RAM can contain valuable information such as encryption keys, running processes, and other transient data. Therefore, it’s crucial to capture this information first before it’s lost.

Answer 919

Answer: D. A scanner for system vulnerabilities Explanation: SATAN (Security Administrator Tool for Analyzing Networks) is a tool designed to detect vulnerabilities in computer networks. It helps administrators identify potential security risks in their systems.

Answer 920

Answer: B. Generate a bit-by-bit copy. Explanation: In computer forensics, it’s essential to make a bit-level copy (or bit-by-bit copy) of the original evidence to ensure that all data, including deleted files and slack space, is captured. This ensures the integrity of the evidence and allows for a thorough investigation.

Answer 921

Answer: A. White box testing Explanation: White box testing, also known as clear box testing, is a method where the tester has complete knowledge of the system’s internals. In the context of penetration testing, it simulates what insiders with knowledge of the system can access and potentially exploit.

Answer 922

Answer: B. Phreakers Explanation: Phreakers are individuals who manipulate telecommunication systems, especially to make free calls. They have historically been associated with exploring and exploiting the vulnerabilities of PBX (Private Branch Exchange) systems and other telecommunication platforms.

Answer 923

Answer: A. Validation checks if the right product is being built, while verification checks if the product is being built correctly. Explanation: Validation is concerned with answering the question: Is the right product being built? Verification follows validation and is the process that confirms an application or product is being built correctly.

Answer 924

Answer: C. To throw randomness at an application to see how it responds and where it might “break” Explanation: Fuzz testing involves throwing randomness at an application to see how it responds and where it might “break.” It is a form of dynamic testing.

Answer 925

Answer: B. A vulnerability assessment only identifies potential vulnerabilities, while a penetration test identifies potential vulnerabilities and attempts to exploit them. Explanation: Both processes start the same way as they seek to identify potential vulnerabilities. However, with a vulnerability assessment, once vulnerabilities are noted, no further action is taken apart from producing a report of findings. A penetration test goes an essential step further: after identifying vulnerabilities, an attempt is made to exploit each vulnerability.

Answer 926

Answer: A. Credentialed/authenticated scans and uncredentialed/unauthenticated scans Explanation: There are two primary types of vulnerability scans: credentialed/authenticated scans

Answer 927

Answer: A. To ensure that security requirements/controls are defined, tested, and operating effectively Explanation: Security assessment and testing ensure that security requirements/controls are defined, tested, and operating effectively. It applies to the development of new applications and systems as well as the ongoing operations, including end of life, related to assets. reporting

Answer 928

Answer: A. SOC 1 reports focus on financial risks, while SOC 2 reports focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy. Explanation: SOC 1 reports are quite basic and focus on financial reporting risks. SOC 2 reports are much more involved and focus on the controls related to the five trust principles: security, availability, confidentiality, processing integrity, and privacy.

Answer 929

Answer: A. Positive testing checks if the system is working as expected and designed, negative testing checks the system’s response to normal errors, and misuse testing applies the perspective of someone trying to break or attack the system. Explanation: Positive testing focuses on the response of a system based on normal usage and expectations, checking if the system is working as expected and designed. Negative testing focuses on the response of a system when normal errors are introduced. Misuse testing applies the perspective of someone trying to break or attack the system.

Answer 930

Answer: A. To verify that previously tested and functional software still works after updates have been made Explanation: Regression testing is the process of verifying that previously tested and functional software still works after updates have been made. It should be performed after enhancements have been made or after patches to address vulnerabilities or problems have been issued.

Answer 931

Answer: C. The amount of code covered divided by the total amount of code in the application Explanation: Test coverage refers to the relationship between the amount of source code in a given application and the percentage of code that has given application and the percentage of code that has been covered by the completed tests. It is a simple mathematical formula: amount of code covered/total amount of code in application = test coverage percent.

Answer 932

Answer: A. STRIDE and PASTA Explanation: Two well-known and often-used threat modeling methodologies are STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-Service, Elevation of privilege) and PASTA (Process for Attack Simulation and Threat Analysis).

Answer 933

Answer: B. SAST tests the underlying source code of an application, while DAST tests an application while it’s running. Explanation: With Static Application Security Testing (SAST), an application is not running, and it’s the underlying source code that is being examined. With Dynamic Application Security Testing (DAST), an application is running, and the focus is on the application and system as the underlying code executes.

Answer 934

Answer: A. False positives and false negatives Explanation: With any type of monitoring system, two types of alerts often show up: false positives, where the system claims a vulnerability exists, but there is none, and false negatives, where the system says everything is fine, but a vulnerability exists.

Answer 935

Answer: C. To identify errors and anomalies that point to problems, modifications, or breaches Explanation: Log review and analysis is a best practice that should be used in every organization. Logs should include what is relevant, be proactively reviewed, and be especially scrutinized for errors and anomalies that point to problems, modifications, or breaches.

Answer 936

Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security audit is a systematic, measurable technical assessment of how the organization’s security policy is employed. It is used to ensure that security controls are operating effectively and as designed.

Answer 937

Answer: A. In a white box test, the tester has full knowledge of the system being tested, while in a black box test, the tester has no knowledge of the system. Explanation: In a white box test, the tester has full knowledge of the system being tested, including source code, architecture, and both the software and hardware involved. In a black box test, the tester has no knowledge of the system being tested.

Answer 938

Answer: A. To identify potential vulnerabilities in the code Explanation: A code review is a systematic examination of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills. In the context of security, it is used to identify potential vulnerabilities in the code

Answer 939

Answer: A. A credentialed scan is performed with system-level access, while an uncredentialed scan is performed without system-level access. Explanation: A credentialed scan is performed with system-level access, and it can see everything that is happening on a given host. An uncredentialed scan is performed without system-level access, and it can only see what is visible on the network.

Answer 940

Answer: B. To ensure that security controls are operating effectively and as designed Explanation: A security control self-assessment is a process where an organization evaluates its own security controls to ensure they are operating effectively and as designed. It is a proactive measure to identify any potential issues before they become problems.

Answer 941

Answer: A. To focus testing efforts on areas of greatest risk Explanation: A risk-based approach to security testing allows an organization to focus its testing efforts on the areas of greatest risk. This approach ensures that resources are used effectively and that high-risk areas receive the attention they require.

Answer 942

Answer: B. To protect the system against potential threats Explanation: A security control is a safeguard or countermeasure designed to avoid, counteract, or minimize security risks. In the context of an organization’s security strategy, the purpose of a security control is to protect the system against potential threats.

Answer 943

Answer: A. A false positive is when the system claims a vulnerability exists, but there is none, while a false negative is when the system says everything is fine, but a vulnerability exists. Explanation: A false positive is when the system claims a vulnerability exists, but there is none. This can lead to wasted resources as teams investigate nonexistent issues. A false negative is when the system says everything is fine, but a vulnerability exists. This can lead to undetected breaches and significant damage.

Answer 944

Answer: B. To provide a starting point for the implementation of security controls Explanation: A security control baseline provides a set of basic controls that an organization can use as a starting point for their security strategy. It provides a foundation upon which additional, more specific controls can be built based on the organization’s unique risks and requirements.

Answer 945

Answer: B. To simulate potential attack scenarios and analyze threats Explanation: The Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology that aims to provide a dynamic threat identification, enumeration, and scoring process. It simulates potential attack scenarios and analyzes threats in a structured and methodical way.

Answer 946

Answer: A. A Type 1 report focuses on the design of controls at a point in time, while a Type 3 report examines the design of a control and its operating effectiveness over a period of time. Explanation: A Type 1 SOC report focuses on the design of controls at a point in time. A Type 3 SOC report, on the other hand, examines not only the design of a control but also its operating effectiveness over a period of time over a period of time.

Answer 947

Answer: B. To categorize potential threats to the system Explanation: The STRIDE methodology is a threat modeling technique used to categorize potential threats to a system. It stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-Service, and Elevation of privilege.

Answer 948

Answer: A. A Type 2 report examines the design of a control and its operating effectiveness over a period of time, while a Type 3 report focuses on the design of controls at a point in time. Explanation: A Type 2 SOC report examines not only the design of a control but also its operating effectiveness over a period of time. A Type 3 SOC report, on the other hand, focuses on the design of controls at a point in time.

Answer 949

Answer: A. RUM is a passive monitoring technique that monitors user interactions and activity with a website or application. Explanation: Real User Monitoring (RUM) is a passive monitoring technique that monitors user interactions and activity with a website or application. It provides insights into how users are interacting with the system in real time.

Answer 950

Answer: A. CVSS reflects a method to characterize a vulnerability through a scoring system considering various characteristics. Explanation: The Common Vulnerability Scoring System (CVSS) reflects a method to characterize a vulnerability through a scoring system considering various characteristics. It provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Answer 951

Answer: B. Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Explanation: Synthetic Performance Monitoring examines functionality as well as functionality and performance under load. Test scripts for each type of functionality can be created and then run at any time.

Answer 952

Answer: A. CVE is a list of records for publicly known cybersecurity vulnerabilities. Explanation: CVE, also known as Common Vulnerabilities and Exposures dictionary, is “a list of records – each containing an identification number, a description, and at least one public reference – for publicly known cybersecurity vulnerabilities.”

Answer 953

Answer: A. SAST involves examining the underlying source code when an application is not running, while DAST involves focusing on the application and system as the underlying code executes when an application is running. Explanation: Static Application Security Testing (SAST) involves examining the underlying source code when an application is not running. This is a form of white box testing. Dynamic Application Security Testing (DAST), on the other hand, involves focusing on the application and system as the underlying code executes when an application is running. This is a form of black box testing.

Answer 954

Answer: A. Circular overwrite limits the maximum size of a log file by overwriting entries, starting from the earliest, while clipping levels focus on when to log a given event based upon threshold settings. Explanation: Circular overwrite is a method of log file management that limits the maximum size of a log file by overwriting entries, starting from the earliest. Clipping levels, on the other hand, focus on when to log a given event based upon threshold settings, which can also help limit log file sizes.

Answer 955

Answer: B. Internal, external, and third party Explanation: The three types of audit strategies mentioned are internal, external, and third party. Each of these strategies has a different focus and is used in different contexts within an organization’s overall audit strategy.

Answer 956

Answer: A. Black box, white box, dynamic, static, manual, automated, structural, functional, negative Explanation: The types of coverage testing that you need to explain for the CISSP exam are black box, white box, dynamic, static, manual, automated, structural, functional, and negative.

Answer 957

Answer: A. Awareness refers to the “what” of an organization’s policy or procedure, training refers to the “how,” and education refers to the “why.” Explanation: Awareness refers to the “what” of an organization’s policy or procedure, aiming at knowledge retention. Training focuses on the “how,” knowledge retention. Training focuses on the how, enabling the ability to complete a task and apply problem-solving at the application level. Education focuses on the “why,” providing an understanding of the big picture and enabling design-level problem solving with architectural exercises.

Answer 958

Answer: A. Breach attack simulations are where you simulate real-world attacks across your whole environment, typically both automatic and always running. Explanation: Breach attack simulations simulate real-world attacks across the entire environment. They are typically automatic and always running, using tools that are constantly updated and provide remediation steps and documentation.

Answer 959

Answer: A. Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. These checks can be automated and may use either in-house or third-party tools. Failed compliance checks typically result in the organization investigating and remediating the issues found.

Answer 960

Answer: A. Internal audits are closely aligned to the organization, external audits ensure procedures/compliance are being followed with regular checks, and third-party audits provide a more in-depth, neutral audit. Explanation: Internal audits should be closely aligned to the organization. The external strategy needs to ensure procedures/compliance are being followed with regular checks and complement the internal strategy. The third-party strategy is an objective, neutral approach that reviews the overall strategy for auditing the organization’s environment, methods of testing, and can also ensure that both internal and external audits are following defined policies and procedures.

Answer 961

Answer: A. To simulate real-world attacks across the whole environment, typically both automatic and always running Explanation: Breach attack simulations are where you simulate real-world attacks. It is simulated across your whole environment and typically are both automatic and always running. Red and blue teams use tools that are constantly updated and provide remediation steps and documentation.

Answer 962

Answer: A. To assess whether the organization is currently following their controls Explanation: Security control compliance checks are regularly performed to assess whether the organization is currently following their controls. This may be automated and use either in-house or third party tools. Failed compliance checks normally end up in the organization investigating and remediating the issues it found.

Answer 963

Answer: A. To handle test results and report any results of concern to management immediately so they can be aware of potential risks and alerts Explanation: Those that analyze the security of organization apps and services need to know how to handle test results. Any results of concern need to be reported to management immediately so they can be aware of potential risks and alerts. The detail in reporting to management may be on a “need-to-know” basis.

Answer 964

Answer: A. Formal assessments and informal assessments Explanation: The two primary categories of assessments are formal assessments and informal assessments. Formal assessments are evaluations against a compliance standard, which includes regulatory and other legal requirements.

Answer 965

Answer: A. Purpose, scope, results of the audit, audit events Explanation: The key elements of an audit report are the purpose, scope, results of the audit, and audit events. The purpose outlines the reason for the audit, the scope defines the boundaries of the audit, the results of the audit provide the findings, and the audit events detail the specific instances or activities audited.

Answer 966

Answer: A. SOC 1 Type 1, SOC 1 Type 2, SOC 2, SOC 3 Explanation: The four types of SOC reports are SOC 1 Type 1, SOC 1 Type 2, SOC 2, and SOC 3. Each type of report has a different focus and is used for different purposes within an organization’s overall audit strategy.

Answer 967

Answer: A. Preparations phase and Audit phase Explanation: There are two phases in preparing for the SOC audit: the Preparations phase and the Audit phase. The Preparations phase involves scheduling, defining the scope, inventorying controls, conducting a readiness review, and resolving discrepancies. The Audit phase involves creating a detailed project plan, gathering artifacts, providing physical access and workspace, conducting meetings, testing, off-site analysis, issue resolution, providing audit reports, and conducting a lessons learned review.

Answer 968

Answer: A. To present the data in a meaningful way for most people who need the data Explanation: Security controls, vulnerability scans, penetration tests, and audits – all these activities generate a significant amount of data. Perhaps a few gifted people can review the raw data and draw salient conclusions, but most people need the data presented to them in a meaningful way.

Answer 969

Answer: A. To evaluate the situation without any forewarning of the evaluation Explanation: “No-notice” assessments, which simply means that the situation being evaluated has no forewarning of the evaluation (e.g., spot check, desk audit). A no-notice assessment isn’t really a “type” of assessment, it’s basically a surprise audit or an informal assessment where notice isn’t given. It can likely fit into a subcategory or type of informal assessment.

Answer 970

Answer: A. To see if controls meet risk expectations or to see if there are ways to improve efficiency of operations Explanation: Internal assessments are done for the purpose of seeing if controls meet risk expectations or to see if there are ways to improve efficiency of operations and how well an organization is prepared for an external or formal audit. An internal assessment might follow a formal process, but is most likely considered informal by nature.

Answer 971

Answer: A. Nmap Explanation: Nmap (Network Mapper) is primarily used for network discovery and port scanning. It is a versatile tool that allows for the identification of active hosts and open ports within a network.

Answer 972

Answer: D. Port 1433 is open. Explanation: Port 1433 is commonly associated with Microsoft SQL Server. An open SQL Server port exposed to an external network is a significant security risk and should be addressed immediately.

Answer 973

Answer: C. The inclination to experiment with novel testing tools Explanation: The desire to experiment with new testing tools should not be a factor when planning a security testing schedule. The focus should be on the system’s security posture and potential risks.

Answer 974

Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the security posture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 975

Answer: B. 22 Explanation: Port 22 is the standard port used for SSH connections, commonly employed for secure server access.

Answer 976

Answer: D. Authenticated scan Explanation: An authenticated scan provides the most detailed information about the security state of a server. It allows for a deeper system inspection by using valid credentials to access it.

Answer 977

Answer: C. TCP SYN scan Explanation: A TCP SYN scan, also known as a “half-open” scan, utilizes only the first two steps of the TCP three-way handshake. It sends a SYN packet and waits for a SYN-ACK response but does not send the final ACK packet to complete the handshake. Answer: D. Web vulnerability scanner

Answer 978

Answer: D. Web vulnerability scanner Explanation: A web vulnerability scanner is specifically designed to identify vulnerabilities in web applications, including SQL injection flaws.

Answer 979

Answer: B. 80 Explanation: Port 80 is the standard port for unencrypted HTTP traffic. Servers running unencrypted HTTP services typically listen on this port.

Answer 980

Answer: B. Vulnerability scanner Explanation: A vulnerability scanner is specifically designed to automatically identify known vulnerabilities in systems and networks, making it the most effective choice for this scenario.

Answer 981

Answer: D. Vulnerability scan Explanation: A vulnerability scan is designed to identify known security risks in a system by probing for its configuration, software, and hardware weaknesses.

Answer 982

Answer: C. Ensuring that implemented changes do not compromise security Explanation: One of the primary goals of a change management program is to ensure that any changes made to systems or processes do not adversely affect the organization’s security posture.

Answer 983

Answer: A. Infrastructure as a Service (IaaS) Explanation: Infrastructure as a Service (IaaS) provides an organization with the most control over its cloud resources, including virtual machines, storage, and networking. However, this level of control comes with the responsibility of managing and maintaining the operating systems and applications.

Answer 984

Answer: C. Implementing vulnerability mitigation measures Explanation: A security assessment focuses on identifying vulnerabilities, assessing risks, and evaluating threats. The actual mitigation of vulnerabilities is usually a separate process that follows the assessment.

Answer 985

Answer: A. Organizational management Explanation: A security assessment report is primarily intended for organizational management. It provides them with an overview of the security posture of the system or network, allowing them to make informed decisions regarding security policies and resource allocation.

Answer 986

Answer: A. Response Explanation: In the (ISC) 2 framework for incident management, the first step is usually the “Response” phase, where the incident is initially addressed and contained.

Answer 987

Answer: B. Audit trails Explanation: The term “audit trails” best describes the body of data collected through event logging. Audit trails are records that provide documentary evidence of sequences of activities that have affected at any time a specific operation, procedure, or event.

Answer 988

Answer: B. An intrusion detection system (IDS) Explanation: A mirrored port is often used to connect an intrusion detection system (IDS) for monitoring network traffic.

Answer 989

Answer: B. A false negative Explanation: A false negative occurs when an intrusion detection system fails to detect an actual attack, allowing it to penetrate the network without raising an alarm.

Answer 990

Answer: B. Disrupting communication capabilities in preparation for a physical attack Explanation: Disrupting an organization’s ability to communicate and respond to a physical attack is most indicative of a terrorist attack, as it aims to cause widespread harm and panic.

Answer 991

Answer: D. Utilizing automated tools to scan for vulnerable ports on the organization’s systems Explanation: Grudge attacks are usually motivated by personal vendettas and aim to cause embarrassment or harm to the target. Scanning for vulnerable ports is more indicative of a broader cyberattack rather than a grudge attack.

Answer 992

Answer: C. Avoid altering the evidence during the collection process Explanation: The integrity of evidence is crucial in any investigation. Therefore, avoiding any modification to the evidence during its collection is paramount.

Answer 993

Answer: C. Documentary evidence Explanation: Documentary evidence refers to written documents that are used in court to prove a fact.

Answer 994

Answer: C. Criminal Explanation: Criminal investigations require the highest standard of evidence, often “beyond a reasonable doubt,” due to the severe consequences involved, such as imprisonment.

Answer 995

Answer: B. Act honorably, honestly, justly, responsibly, and legally Explanation: The (ISC) 2 Code of Ethics outlines that CISSPs are expected to act honorably, honestly, justly, responsibly, and legally.

Answer 996

Answer: B. Cloud based Explanation: A cloud-based identity platform typically offers high availability and redundancy, making it a suitable choice when availability is the organization’s biggest priority.

Answer 997

Answer: C. Federation Explanation: The Federation allows for sharing identity information across different organizations and systems, making it the most appropriate choice for sharing identity information with a business partner.

Answer 998

Answer: C. Due care Explanation: The principle of “due care” requires that an individual should act responsibly and take the necessary steps to complete their responsibilities accurately and in a timely manner.

Answer 999

Answer: A. Maximum tolerable downtime (MTD) Explanation: Maximum tolerable downtime (MTD) is the metric that indicates the longest period of time a business process can be inoperative before causing irreparable harm to the organization

Answer 1000

D. Managing change is a difficult process. People resist change due to a certain amount of discomfort that a change may bring. It does not matter how well the change is planned, communicated, or implemented if it is not spread throughout the organization evenly. Institutionalizing the change means changing the climate of the company. This needs to be done in a consistent and orderly manner. Any major change should be done using a pilot approach. After a number of pilots have been successfully completed, it is time to use these success stories as leverage to change the entire company.

Answer 1001

C. Any application software change must start with a change request from a functional user. An information technology (IT) person can plan, test, and release the change after approved by the functional user.

Answer 1002

C. Configuration management is a procedure for applying technical and administrative direction and monitoring to (i) identify and document the functional and physical characteristics of an item or system, (ii) control any changes made to such characteristics, and (iii) record and report the change, process, and implementation status. The authorization process may be manual or automated. All authorized transactions should be recorded and entered into the system for processing. Validation ensures that the data entered meets predefined criteria in terms of its attributes. Error notification is as important as error correction.

Answer 1003

C. Software configuration management (SCM) is a discipline for managing the evolution of computer products, both during the initial stages of development and through to maintenance and final product termination. Visibility into the status of the evolving software product is provided through the adoption of SCM on a software project. Software developers, testers, project managers, quality assurance staff, and the customer benefit from SCM information. SCM answers questions such as (i) what constitutes the software product at any point in time? (ii) What changes have been made to the software product? How a software product is planned, developed, or maintained does not matter because it describes the history of a software product’s evolution, as described in the other choices.

Answer 1004

A. Software configuration management (SCM) is practiced and integrated into the software development process throughout the entire life cycle of the product. One of the main features of SCM is the tracing of all software changes. Identifying individual components is incorrect because it is a part of configuration identification function. The goals of configuration identification are to create the ability to identify the components of the system throughout its life cycle and to provide traceability between the software and related configuration identification items. Computer-assisted software engineering (CASE) tools, compilers, and assemblers are incorrect because they are examples of technical factors. SCM is essentially a discipline applying technical and administrative direction and surveillance for managing the evolution of computer program products during all stages of development and maintenance. Some examples of technical factors include use of CASE tools, compilers, and assemblers.

Answer 1005

d. There are four elements of configuration management. The first element is configuration identification, consisting of selecting the configuration items for a system and recording their functional and physical characteristics in technical documentation. The second element is configuration change control, consisting of evaluation, coordination, approval or disapproval, and implementation of changes to configuration items after formal establishment of their configuration identification. The third element is configuration status accounting, consisting of recording and reporting of information that is needed to manage a configuration effectively. The fourth element is software configuration audit, consisting of periodically performing a review to ensure that the SCM practices and procedures are rigorously followed. Auditing is performed last after all the elements are in place to determine whether they are properly working.

Answer 1006

c. In an input validation error, the input received by a system is not properly checked, resulting in a vulnerability that can be exploited by sending a certain input sequence. In a buffer overflow, the input received by a system is longer than the expected input length, but the system does not check for this condition. In an access validation error, the system is vulnerable because the access control mechanism is faulty. A configuration error occurs when user controllable settings in a system are set so that the system is vulnerable. Race condition error occurs when there is a delay between the time when a system checks to see if an operation is allowed by the security model and the time when the system actually performs the operation.

Answer 1007

d. In the operation/maintenance phase of the SDLC, risk management activities are performed whenever major changes are made to an IT system in its operational (production) environment (for example, new system interfaces).

Answer 1008

c. The action plan and milestones document is a latter part of security certification and accreditation phases, which describe the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls and to reduce or eliminate known system vulnerabilities. The other three choices are part of the initiation phase, which is the first phase, where it is too early to develop the action plan and milestones.

Answer 1009

b. To determine what security controls to select for ongoing review, organizations should first prioritize testing on “action plan and milestones” items that become closed. These newly implemented controls should be validated first. The other three documents are part of the continuous monitoring phase and come into play when there are major changes or modifications to the operational system.

Answer 1010

B. Instantiation is what happens when an object is created from a class. Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes. This can be done for several reasons. The example given in the chapter was a way to use polyinstantiation for security purposes to ensure that a lower-level subject could not access an object at a higher level.

Answer 1011

C. A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks.

Answer 1012

A. Partitioning means to logically split the database into parts. Views then dictate what users can view specific parts. Cell suppression means that specific cells are not viewable by certain users. And noise and perturbation is when bogus information is inserted into the database to try to give potential attackers incorrect information.

Answer 1013

D. Some files cannot be properly sanitized by the antivirus software without destroying them or affecting their functionality. So, the administrator must replace such a file with a known uninfected file. Plus, the administrator needs to make sure he has the patched version of the file, or else he could be introducing other problems. Answer C is not the best answer because the administrator may not know the file was clean yesterday, so just restoring yesterday’s file may put him right back in the same boat.

Answer 1014

A. The Capability Maturity Model Integration (CMMI) for development is a comprehensive integrated set of guidelines for developing products and software. It addresses the different phases of a software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operations, and maintenance and what should happen in each phase. The model describes procedures, principles, and practices that underlie software development process maturity. This model was developed to help software vendors improve their development processes by providing an evolutionary path from an ad hoc “fly by the seat of your pants” approach to a more disciplined and repeatable method that improves software quality, reduces the life cycle of development, provides better project management capabilities, allows for milestones to be created and met in a timely manner, and takes a more proactive approach than the less effective reactive approach. B is incorrect because the system development life cycle (SDLC) addresses how a system should be developed and maintained throughout its life cycle and does not entail process improvement. Each system has its own life cycle, which is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. A system development life cycle is different from a software development life cycle, even though they are commonly confused. The industry as a whole is starting to differentiate between system and software life-cycle processes because at a certain point of granularity, the manner in which a computer system is dealt with is different from how a piece of software is dealt with. A computer system should be installed properly, tested, patched, scanned continuously for vulnerabilities, monitored, and replaced when needed. A piece of software should be designed, coded, tested, documented, released, and maintained. In either case, the question is asking for a type of process improvement model for software development, which is the focus of Capability Maturity Model Integration and not a system development life cycle. C is incorrect because ISO/IEC 27002 is an international standard created by the International Organization for Standardization (ISO) and by the international Electrotechnical Commission (IEC) that outlines how to create and maintain an organizational information security management system (ISMS). While ISO/IEC 27002 has a section that deals with information systems acquisition, development, and maintenance, it does not provide a process improvement model for software development. It provides guidance on how to build security into applications, but it does not provide guidance on how to create standardized development procedures for a team of programmers. The focus of ISO/IEC 27002 is how to build a security program within an organization. D is incorrect because a certification and accreditation (C&A) process deals with testing and evaluating systems against a predefined criteria. This does not have anything to do with software development process improvement. The certification process is the technical testing of a system. Established verification procedures are followed to ensure the effectiveness of the system and its security controls. Accreditation is the formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process. C&A procedures are commonly carried out within government and military environments to ensure that systems and software are providing the necessary functionality and security to support critical missions.

Answer 1015

d. Major outputs from the testing phase include the security evaluation report and accreditation statement. The purpose of the testing phase is to perform various tests (unit, integration, system, and acceptance). Security is tested to see if it works and is then certified.

Answer 1016

D. Due to its iterative process and end-user involvement, the rapid prototype model brings the operational viewpoint to the requirements specification phase. Requirements are defined, refined, tested, and changed until the end user cannot change it any more. Later, these requirements will become input to the design work. Waterfall model is incorrect because it will not bring the operational viewpoint to the requirements phase until the system is completely implemented. Although the incremental development model and the evolutionary development models are better than the waterfall model, they are not as good as rapid prototyping in terms of bringing the operational viewpoint to the requirements specification.

Answer 1017

d. Adequate information security means (i) security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information, (ii) operating systems and applications operate effectively, (iii) operating systems and applications provide appropriate confidentiality (C), integrity (I), and availability (A), known as CIA security objectives, and (iv) security objectives use cost-effective management, operational, and technical controls (security controls).

Answer 1018

C. Confidentiality is not affected by the presence of computer viruses in computer systems because confidentiality is ensuring that data is disclosed only to authorized subjects. However, computer viruses affect integrity, availability, and usability. Computer programs can be deleted or modified, thus losing their integrity, the computer system may not be available due to disruption or denial of computer services, and end users may not use the system due to loss of files or disruption of services.

Answer 1019

A. Access to source code can provide tremendous assistance to any criminal wishing to penetrate a system’s security. Without the source code, an intruder has to probe through a system to find its flaws. Access to the source code helps the intruder to identify gaps or flaws in security. It is important to ensure that adequate security is provided for the system’s source code. It is not good to allow source code to reside on client machines or on the server. It should be located only on a workstation belonging to the configuration management group. The workstation should have extremely limited access. If the workstation can be disconnected from the network most of the time, that would provide additional security for the source code. Moreover, the source code is in human-readable format while the other three types of codes listed are not.

Answer 1020

B. A reference monitor concept is an access control concept that refers to an abstract machine (computer) that mediates all accesses to objects by subjects. The five design requirements that must be met by a reference validation mechanism include (i) it must be tamperproof, (ii) it must not be bypassed, (iii) it must always be invoked, (iv) it must be small enough to be subject to analysis and tests, and (v) it must provide confidence that the other four items are assured. The reference monitor concept is useful to any system providing multilevel secure computing facilities and controls.

Answer 1021

A. Layering, abstraction, and data hiding are part of security design architecture. The other three choices deal with security control architecture. Layering uses multiple, overlapping protection mechanisms to address the people, technology, and operational aspects of IT. Abstraction is related to stepwise refinement and modularity of computer programs. Data hiding is closely related to modularity and abstraction and, subsequently, to program maintainability.

Answer 1022

C. In denial-of-service attacks, attackers can consume Web application resources to a point where other legitimate users can no longer access or use the application. Attackers can also lock users out of their accounts or even cause the entire application to fail.

Answer 1023

D. Improper error handling means error conditions that occur during normal operation are not handled properly. If an attacker can cause errors to occur that the Web application does not handle, they can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server.

Answer 1024

C. Reauthorization should occur prior to a significant change in processing of an information system. A periodic review of controls should also contribute to future authorizations.

Answer 1025

B. The design phase translates requirements into a representation of the software. The design is placed under configuration management control before coding begins. Requirements analysis is incorrect because it focuses on gathering requirements to understand the nature of the programs to be built. The design must be translated into code-readable form. The coding step performs this task. Code is verified, for example, through the inspection process and put under configuration management control prior to the start of formal testing. After code is generated, program testing begins. The testing focuses on the logical internals of the software, ensuring that all statements have been tested, and on the functional externals; that is, conducting tests to uncover errors to ensure that the defined input can produce actual results that agree with required results.

Answer 1026

C. The request for proposal development, evaluation, and acceptance are a part of other planning components in the development/acquisition phase of an SDLC. It is a part of project management activities. The other three choices are part of the security planning document.

Answer 1027

b. Worm incidents often necessitate as rapid a response as possible, because an infected system may be attacking other systems both inside and outside the organization. Organizations may choose to disconnect infected systems from networks immediately, instead of performing an analysis of the host first. Next, the analyst can examine fixed (nonvolatile) characteristics of the server’s operating system, such as looking for administrative-level user accounts and groups that may have been added by the worm. Ultimately, the analyst should gather enough information to identify the worm’s behavior in sufficient detail so that the incident response team can act effectively to contain, eradicate, and recover from the incident.

Answer 1028

c. Host-based intrusion detection system (IDS) and firewall products running on the infected system may contain more detailed information than network-based IDS and firewall products. For example, host-based IDS can identify changes to files or configuration settings on the host that were performed by a worm. This information is helpful not only in planning containment, eradication, and recovery activities by determining how the worm has affected the host, but also in identifying which worm infected the system. However, because many worms disable host-based security controls and destroy log entries, data from host-based IDS and firewall software may be limited or missing. If the software was configured to forward copies of its logs to centralized log servers, then queries to those servers may provide some useful information (assuming the host logs’ integrity is not in doubt). Network-based IDS is incorrect because it indicates which server was attacked and on what port number, which indicates which network service was targeted. Network-based firewalls are typically configured to log blocked connection attempts, which include the intended destination IP address and port number. Other perimeter devices that the worm traffic may have passed through, such as routers, virtual private network (VPN) gateways, and remote access se

Answer 1029

d. Media sanitization ensures that data is deleted, erased, and written over as necessary. Media sanitization and information disposition activity is usually most intense during the disposal phase of the system life cycle. However, throughout the life of an information system, many types of data storage media will be transferred outside positive control, and some will be reused during all phases of the SDLC. This media sanitization activity may be for maintenance reasons, system upgrades, or during a configuration update.

Answer 1030

b. The security certification assessor is involved in assessing security controls in an information system to provide an unbiased opinion. The assessor’s independence implies that he is not involved in the information system development, implementation, or operation.

Answer 1031

d. Both phishing and virus hoaxes rely entirely on social engineering, which is a general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious. Phishing refers to using deceptive computer-based means to trick individuals into disclosing sensitive personal information. Virus hoaxes are false virus warnings. The majority of virus alerts that are sent via e-mail among users are actually hoaxes. Trojan horse is incorrect because it is a nonreplicating program that appears to be benign but actually has a hidden malicious purpose. Mobile code is incorrect because it is software that is transmitted from a remote system to be executed on a local system, typically without the user’s explicit instruction. Trojan horse and mobile code do not rely on social engineering.

Answer 1032

c. Organizations should identify which individuals or groups can assist in infection identification efforts. Network administrators are good at analyzing routers along with analyzing network traffic using packet sniffers and misconfigurations. The roles of administrators defined in the other three choices are different due to separation of duties, independence, and objectivity viewpoints.

Answer 1033

C. An organization employs automated mechanisms to provide notification of failed security tests, which is a control used in the verification of security functionality. The organization employs integrity verification applications on the information system to look for evidence of information tampering, errors, and omissions. The organization employs good software engineering practices for commercial off-the-shelf integrity mechanisms (for example, parity checks, cyclical redundancy checks, and cryptographic hashes) and uses tools to automatically monitor the integrity of the information system and the applications it hosts.

Answer 1034

A. When restrictions on what authenticated users are allowed to do are not properly enforced, it leads to broken access control vulnerability in Web applications. The other three choices do not deal with accessing user accounts, viewing sensitive files, or using unauthorized functions.

Answer 1035

a. A unit test is a test of software elements at the lowest level of development. Black-box testing, also known as functional testing, executes part or all the system to validate that the user requirement is satisfied. White-box testing, also known as structural testing, examines the logic of the units and may be used to support software requirements for test coverage, i.e., how much of the program has been executed. Because the unit test is the first test conducted, its scope should be comprehensive enough to include both types of testing, that is, black box and white box. Integration testing is incorrect because it comes after completion of unit tests. An integration test is performed to examine how units interface and interact with each other with the assumption that the units and the objects (for example, data) they manipulate have all passed their unit tests. Software integration tests check how the units interact with other software libraries and hardware. System testing is incorrect because it comes after completion of the integration tests. It tests the completely integrated system and validates that the software meets its requirements. Acceptance testing is incorrect because it comes after completion of integration tests. It is testing of user requirements in an operational mode conducted by end users and computer operations staff.

Answer 1036

a. In general, automated controls compensate for the weaknesses in or lack of manual controls or vice versa (i.e., a compensating control). For example, an automated software management system can help in strengthening controls by moving programs from production to test libraries and back. It minimizes human errors in moving wrong programs or forgetting to move the right ones. Written policies, procedures, and standards are equally necessary in manual and automated environments.

Answer 1037

c. System accreditation is a management’s formal acceptance of the adequacy of an application system’s security. The accreditors are responsible for evaluating the certification evidence, deciding on the acceptability of application security safeguards, approving corrective actions, ensuring that corrective actions are accomplished, and issuing the accreditation statement. System certification is the technical evaluation of compliance with security requirements for the purpose of accreditation. The technical evaluation uses a combination of security evaluation techniques (for example, risk analysis, security plans, validation, verification, testing, security safeguard evaluation, and audit) and culminates in a technical judgment of the extent to which safeguards meet security requirements. Security certification is a formal testing of the security controls (safeguards) implemented in the computer system to determine whether they meet applicable requirements and specifications. Security accreditation is the formal authorization by the accrediting (management) official for system operation and an explicit acceptance of risk. It is usually supported by a review of the system, including its management, operational, and technical controls. A system certification is conducted first and system accreditation is next because the former supports the latter. Security certification and security accreditation processes follow the system certification and system accreditation processes.

Answer 1038

c. Macro viruses are nonresident viruses. A resident virus is one that loads into memory, hooks one or more interrupts, and remains inactive in memory until some trigger event. All boot viruses and most common file viruses are resident viruses. Macro viruses are found in documents, not in disks.

Answer 1039

a. Programmers frequently create entry points (backdoors) into a program for debugging purposes and/or insertion of new program codes at a later date. The other three choices do not apply here because they do not deal with entry points.

Answer 1040

b. The biggest vulnerable area is in the manual handling of data before it is entered into an application system or after it has been retrieved from the system in hard copy form. Because human intervention is significant here, the risk is higher. Controls over internal and external computer processing and telecommunications and the network can be made stronger with automated controls.

Answer 1041

c. A log file is most likely to be tampered (manipulated) with either by insiders or outsiders because it contains unsuccessful login attempts or system usage. A configuration file contains system parameters. A password file contains passwords and user IDs, whereas a system file contains general information about computer system hardware and software.

Answer 1042

a. The objectives of the software configuration management (SCM) process are to track the different versions of the software and ensure that each version of the software contains the exact software outputs generated and approved for that version. SCM is responsible for ensuring that any changes to any software outputs during the development processes are made in a controlled and complete manner. The objective of the project management process is to establish the organizational structure of the project and assign responsibilities. This process uses the system requirements documentation and information about the purpose of the software, criticality of the software, required deliverables, and available time and resources to plan and manage the software development and software assurance processes. It establishes or approves standards, monitoring and reporting practices, and high level policy for quality, and it cites policies and regulations. The objectives of the software quality assurance process are to ensure that the software development and software assurance processes comply with software assurance plans and standards, and to recommend process improvement. This process uses the system requirements and information about the purpose and criticality of the software to evaluate the outputs of the software development and software assurance processes. The objective of the software verification and validation (SV&V) process is to comprehensively analyze and test the software concurrently with processes of software development and software maintenance. The process determines that the software performs its intended functions correctly, ensures that it performs no unintended functions, and measures its quality and reliability. SV&V is a detailed engineering assessment for evaluating how well the software is meeting its technical requirements, in particular its safety, security, and reliability objectives, and for ensuring that software requirements are not in conflict with any standards or requirements applicable to other system components.

Answer 1043

d. The purpose of configuration management is to minimize the effects of negative changes or differences in configurations on an information system or network. The other three choices are examples of minor purposes, all leading to the major purpose. Note that modifications could be proper or improper where the latter leads to a negative effect and the former leads to a positive effect.

Answer 1044

d. The primary implementation of the configuration management process is performed during the operation/maintenance phase of the SDLC, the operation/maintenance phase. The other phases are too early for this process to take place.

Answer 1045

d. The fourth phase of the security certification and accreditation process, continuous-monitoring, primarily deals with configuration management. Documenting information system changes and assessing the potential impact those changes may have on the security of the system is an essential part of continuous monitoring and maintaining the security accreditation.

Answer 1046

d. Constant monitoring of a system is performed to identify possible risks to the system so that these can be addressed through the risk management, security certification and accreditation, and configuration management processes.

Answer 1047

c. Conducting impact analysis of changes and notifying users of system changes are the responsibilities of the configuration manager, whereas discussing change requests and requesting funding to implement changes are the responsibilities of the configuration control review board.

Answer 1048

b. After initiating a change request, the effects that the change may have on a specific system or other interrelated systems must be evaluated. An impact analysis of the change is conducted in the “evaluate change request” step. Evaluation is the end result of identifying changes, deciding what changes to approve and how to implement them, and actually implementing the approved changes.

Answer 1049

d. In the “defer” choice, immediate decision is postponed until further notice. In this situation, additional testing or analysis may be needed before a final decision can be made later. On the other hand, approve, implement, and deny choices do not require additional testing and analysis because management is already satisfied with the testing and analysis.

Answer 1050

c. A security-test-plan, whether high level or low level, is developed in the development/acquisition phase. The other three choices are performed in the initiation phase.

Answer 1051

b. Security controls are developed, designed, and implemented in the development/acquisition phase. Additional controls may be developed to support the controls already in place or planned.

Answer 1052

b. Product acquisition and integration costs that can be attributed to information security over the life cycle of the system are determined in the development/acquisition phase. These costs include hardware, software, personnel, and training.

Answer 1053

d. If new security controls are added to an existing application system or to a support system, system users must perform additional acceptance tests of these new controls. This approach ensures that new controls meet security specifications and do not conflict with or invalidate existing controls.

Answer 1054

c. In the implementation phase, the organization configures and enables system security features, tests the functionality of these features, installs or implements the system, and finally, obtains a formal authorization to operate the system.

Answer 1055

b. Security and functional requirements can be expressed as technical (for example, access controls), assurances (for example, background checks for system developers), or operational practices (for example, awareness and training).

Answer 1056

d. Documenting information system changes and assessing the potential impact of these changes on the security of a system is an essential part of continuous monitoring and key to avoiding a lapse in the system security reaccreditation. Periodic reaccreditation is done in the operation phase.

Answer 1057

a. Black-box testing, also known as functional testing, executes part or all the system to validate that the user requirement is satisfied. White-box testing, also known as structural testing, examines the logic of the units and may be used to support software requirements for test coverage, i.e., how much of the program has been executed. Gray-box testing can be looked at as anything that is not tested in white-box or black-box. An integration testing is performed to examine how units interface and interact with each other with the assumption that the units and the objects (for example, data) they manipulate have all passed their unit tests.

Answer 1058

c. The new system is integrated at the operational site where it is to be deployed for operation. Security control settings and switches are enabled.

Answer 1059

b. Formal risk assessment is conducted in the development/acquisition phase to identify system protection requirements. This analysis builds on the initial (preliminary or informal) risk assessment performed during the initiation phase, but will be more in-depth and specific

Answer 1060

d. Configuration management and control procedures are critical to establishing an initial baseline of hardware, software, and firmware components for the information system. This task is performed in the operation/maintenance phase so that changes can be tracked and monitored. Prior to this phase, the system is in a fluid state, meaning that initial baselines cannot be established.

Answer 1061

a. Configuration management and controls, which is a part of system operation and maintenance phase, deals with controlling and maintaining an accurate inventory of any changes to the system. Security certification and security accreditation are part of system implementation phase, whereas continuous monitoring is a part of operation and maintenance phase.

Answer 1062

c. System assessors or auditors do not develop security controls due to loss of objectivity in thinking and loss of independence in appearance. Security controls should be built by system designers and developers prior to performing internal control reviews, conducting penetration testing, or using security checklists by system assessors or auditors. Internal control reviews, penetration testing, and security checklists simply facilitate self-assessments or independent audits of an information system later.

Answer 1063

c. Investment analysis is defined as the process of managing the enterprise information system portfolio and determining an appropriate investment strategy. The investment analysis optimizes the organization’s system needs within budget constraints. Fit-gap analysis identifies the differences between what is required and what is available; or how two things fit or how much gap there is between them. Risk analysis is determining the amount of risk and sensitivity analysis can determine the boundaries of the risk in terms of changing input values and the accompanying changes in output values.

Answer 1064

d. Integrity can be examined from several perspectives. From a user’s or application owner’s perspective, integrity is the quality of data that is based on attributes such as accuracy and completeness. The other three choices do not reflect the attributes of integrity.

Answer 1065

b. The requirements analysis task of the SDLC phase of development is an in-depth study of the need for a new system. The requirements analysis draws on and further develops the work performed during the initiation phase. The needs-determination activity is performed at a high-level x of functionality in the initiation phase.

Answer 1066

c. A formal security risk assessment should be conducted before the approval of system design specifications. The other three choices are considered during a formal security risk assessment process.

Answer 1067

d. The capital planning process determines how much the acquisition or development of a new system will cost over its life cycle. These costs include hardware, software, personnel, and training. Another critical area often overlooked is security.

Answer 1068

b. Detailed plans of action and milestones (POA&M) schedules are required to document the corrective measures needed to increase the effectiveness of the security controls and to provide the requisite security for the information system prior to security authorization. The other three choices are not corrective steps requiring action plans and milestone schedules.

Answer 1069

a. The statement of work development is a part of other planning components in the development/acquisition phase of a system development life cycle (SDLC). The other three choices are part of the security-planning document.

Answer 1070

b. Configuration files, system files, or files with sensitive information must not be migrated to different storage media and must be retained in a secure location due to their access restrictions. The files listed in the other three choices are not sensitive; they are temporary and don't need to be retained after their use is completed.

Answer 1071

d. Integration and acceptance testing occurs after delivery and installation of the new information system. The unit, subsystem and full system testing are not conducted for an acquired system but conducted for the in-house developed system. The integration and acceptance testing is conducted for an acquired system.

Answer 1072

a. Prior to final system deployment, a security certification should be conducted to ensure that security controls established in response to security requirements are included as part of the system development process. The other three choices are part of the scope of the security certification process.

Answer 1073

b. The security accreditation decision is a risk-based decision that depends heavily, but not exclusively, on the security testing and evaluation results produced during the security control verification process. The security accreditation focuses on risk, whereas system accreditation focuses on an evaluation based on tests and their results.

Answer 1074

d. Managing and controlling the configuration of the system and providing for a process of continuous monitoring are the two key information security steps of the operation/maintenance phase of an SDLC. Information preservation is an activity of the disposal phase, whereas security accreditation is an activity of the implementation phase of an SDLC.

Answer 1075

d. The ongoing monitoring of security control effectiveness can be accomplished in a variety of ways including security reviews, self assessments, security test and evaluation, and independent security audits.

Answer 1076

a. Organizations need periodic and continuous testing and evaluation of the security controls in an information system to ensure that the controls are effective in their application. Security-control monitoring means verifying the continued effectiveness of those controls over time.

Answer 1077

c. Usually, there is no definitive end to an SDLC process because the system can become a legacy system for a long-time or it can eventually be replaced with a new system. Systems evolve or transition to the next generation as follow-on systems with changing requirements and technology. Security plans evolve with the system. Much of management and operational controls in the old, legacy system are still relevant and useful in developing the security plan for the follow-on system.

Answer 1078

b. Some systems may contain sensitive information after the storage media is removed. If there is a doubt whether sensitive information remains on a system, the information system security officer should be consulted before disposing of the system because the officer deals with technical aspects of a system. The other parties mentioned do not have a technical focus but instead have a business focus.

Answer 1079

b. Quality control is similar to security certification and accreditation in terms of scope of work and goals. Quality control is a technical control. Quality assurance is included in security planning, which is a management control. Operational control deals with day-to day procedures.

Answer 1080

b. Both risk assessment and security plans are essential components of the security certification and accreditation process. These two components accurately reflect the security requirements and security controls through the system development life cycle (SDLC) methodology. Security requirements and security controls (planned or designed) drive the risk assessment process and security plans.

Answer 1081

c. By accrediting an information system, an organization’s management official accepts the risks associated with operating the system and the associated security implications to the organization’s operations, assets, or individuals.

Answer 1082

d. System assurance is the grounds for confidence that a system meets its security expectations. Good understanding of the threat environment, evaluation of system requirements sets, knowledge of hardware and software engineering principles, and the availability of product and system evaluation results are required for system assurance.

Answer 1083

d. During the security certification and accreditation process, the system security plan is analyzed, updated, and accepted. For this to happen, the system security plan must have been developed and in place.

Answer 1084

c. The Software Engineering Institute (SEI) is a nationally recognized, federally funded research and development center established in the United States to address software development issues. It developed a process maturity framework that would help organizations improve their software development process. In general, the CMM serves as an indicator of the likely range of cost, schedule, and quality results to be achieved by system development projects within an organization. In the repeatable level, basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications. The other three choices are not applicable because the correct answer is based on the definition of CMM levels.

Answer 1085

a. As a part of preventive controls, compatibility tests are used to determine whether an acceptable user is allowed to proceed in the system. This test focuses on passwords, access rules, and system privileges. A validity check is incorrect because it tests for the accuracy of codes such as state, tax rates, and vendor number. A security label check is incorrect because it tests for the specific designation assigned to a system resource such as a file, which cannot be changed except in emergency situations. A confidentiality test is incorrect because it ensures that data is disclosed only to authorized individuals.

Answer 1086

c. Just as replication complicates concurrency control, it can affect scalability. The major concern in scalability is determining the effect of increased scale on client performance. Additional storage sites increase the amount of work servers must do to maintain a consistent state of the file system. Similarly, clients in a replicated file system may have more work to do when they make file updates. For this reason, both clients and servers share portions of system management work. Fault-tolerant mechanisms, availability, and recoverability are incorrect. Replicated servers have a positive impact on system availability and recoverability. If the primary server fails, the replicated server takes over, thus making the system available to system users. Recovery protocols help both servers and clients recover from system failures. Fault-tolerant mechanisms such as disk mirroring and disk duplexing help in recovering from a system failure. They all have a positive effect.

Answer 1087

a. Expert systems are aimed at problems that cannot always be solved using a purely algorithmic approach. These problems are often characterized by irregular structure, incomplete or uncertain information, and considerable complexity.

Answer 1088

d. A heuristic is a rule of thumb, a known fact, or even a known procedure that can be used to solve some problems, but it is not guaranteed to do so. It may fail. Heuristics can be conveniently regarded as simplifications of comprehensive formal descriptions of real-world systems. These heuristics are acquired through learning and experience.

Answer 1089

b. The computing environment consists of hardware, programming languages, editors and compilers, file management facilities, browsing program code, debugging and tracing program execution, and graphic programming. This computing environment is outside the expert systems architecture because it can change from one organization to another. On the other hand, knowledge base, inference engine, and end user interface are integral parts of expert systems architecture. Knowledge is stored in the knowledge base using symbols and data structures to stand for important concepts. The symbols and data structures are said to represent knowledge. A software module called the inference engine executes inference procedures. If the user of the expert system is a person, communications with the end user are handled via an end user interface.

Answer 1090

c. Expert system programs differ from conventional systems in four important ways. First, knowledge is separated from program control; the knowledge base and inference engine are separate. Second, knowledge is represented declaratively. Third, expert systems perform computation through symbolic reasoning. And finally, expert systems can explain their own actions.

Answer 1091

a. The size of completed expert systems is often large, consisting of hundreds or thousands of rules. If the task is too broad, the development effort may take an inordinate amount of time, or even be impossible. Two important guidelines on evaluating the scope and size of the problem include the task must be narrowly focused and the task should be decomposable. In other words, expert system tasks should be based on a limited domain. The other three choices are areas to avoid for expert system methods. These include (i) tasks based on common sense, (ii) tasks requiring perceptual (seeing or touching) knowledge, and (iii) tasks requiring creativity. People, not expert systems, are creative.

Answer 1092

a. The intention is not to replicate the workings of the human brain but to use a simple model to see if some of the strengths of the human brain can be shown by computers based on that model. An important goal is to develop computers that can learn from experience. In the process of learning from experience, ANNs show a capacity to generalize. That is, recognizing a new problem as being “close” to the one they know and offering the same solution. ANNs are not meant to replace or supersede the existing design of computers. They are meant to complement them

Answer 1093

d. System design reviews and system tests should be performed in the implementation phase before placing the system into production operation to ensure that it meets all required security specifications. The results of the design reviews or system tests should be fully documented, updating as new reviews or tests are performed. Analysis of functional requirements and assurance requirements is done in the development/acquisition phase, which is prior to the implementation phase.

Answer 1094

a. Organizations should identify which individuals or groups can assist in infection identification efforts. Security administrators are good at analyzing host scans along with antivirus software, intrusion prevention system (IPS) software, firewalls, and vulnerability assessment results.

Answer 1095

d. During the operation/maintenance phase, the organization should continuously monitor performance of the system to ensure that it is consistent with pre-established user and security requirements and that all needed system modifications are incorporated into the system. Monitoring is done in the operation/maintenance phase of the SDLC because all the development work is completed, and the system should start delivering results. During implementation phase, the system is tested, employees are trained, and the system is not yet ready to put into production operation/maintenance phase to monitor system performance.

Answer 1096

b. System assurance is the grounds for confidence that the set of intended security controls in an information system are effective in their application. Information security needs should address the appropriate level of assurance because this is a significant cost driver. The higher the assurance level required, the higher the cost and vice versa. Usually, investment analysis is structured to translate system needs and mission into high-level performance, assurance, functional, and supportability requirements. However, the assurance requirements are the significant cost driver because it integrates all the other requirements at the highest level.

Answer 1097

b. The development and execution of necessary contracting plans and processes are a part of other planning components in the development/acquisition phase of an SDLC. The other three choices are part of the security-planning document.

Answer 1098

c. The authorizing official in charge of the security accreditation process relies primarily on the other three choices, but not exclusively on the security test and evaluation results produced during the security control verification process. The authorizing official pays more attention to the other three choices because of their significance.

Answer 1099

c. If there were a significant change addressed in the configuration management process, then the system must be recertified and reaccredited. System certification and system accreditation are done when a new system is installed and implemented, prior to any changes.

Answer 1100

d. Configuration management change control and auditing takes place in the operation/maintenance phase of the SDLC. The phases in the other three choices are too early for this activity to take place.

Answer 1101

c. An organization monitors changes to the information system and conducts security impact analyses to determine the effects of the changes. The other three choices are incorrect because they occur prior to the monitoring.

Answer 1102

d. The information system physically or logically separates the user functionality (including user interface services) from information storage and management services (for example, database management). Separation may be accomplished through the use of different computers, different CPUs, different instances of the operating system, different network addresses, or a combination of these methods.

Answer 1103

b. Integrity or validation controls, which are a part of technical control, include reconciliation routines in application systems. Authorization and access controls, which are a part of technical control, enable authorized individuals to access system resources. Audit trail mechanisms include transaction monitoring.

Answer 1104

d. Malware is malicious software and malicious code. In many cases, it is most effective to use multiple identification approaches simultaneously or in sequence to provide the best results for striking a balance between speed, accuracy, and timeliness. Multiple identifications include where a malicious code infection leads to unauthorized access to a host, which is then used to gain unauthorized access to additional hosts (for example, DoS and DDoS attacks). Forensic identification is effective when data is recent; although, the data might not be comprehensive. Active identification produces the most accurate results; although, it is often not the fastest way of identifying infections due to scanning every host in an organization. Manual identification is not feasible for comprehensive enterprise wide identification, but it is a necessary part of identification when other methods are not available and can fill in gaps when other methods are insufficient.

Answer 1105

b. Malware categories include viruses, worms, Trojan horses, and malicious mobile code, as well as combinations of these, known as blended attacks. Malware also includes attacker tools such as backdoors, rootkits, keystroke loggers, and tracking cookies used as spyware. Of all the types of malware attacker tools, rootkits are traditionally the hardest to detect because they often change the operating system at the kernel level, which allows them to be concealed from antivirus software. Newer versions of rootkits can hide in the master boot record, as do some viruses.

Answer 1106

c. Older obfuscation techniques, including self-encryption, polymorphism, and stealth, are generally handled effectively by antivirus software. However, newer, more complex obfuscation techniques, such as metamorphism, are still emerging and can be considerably more difficult for antivirus software to overcome. The idea behind metamorphism is to alter the content of the virus itself, rather than hiding the content with encryption. Self-encryption is incorrect because some viruses can encrypt and decrypt their virus code bodies, concealing them from direct examination. Polymorphism is incorrect because it is a particularly robust form of self-encryption where the content of the underlying virus code body does not change; encryption alters its appearance only. Stealth virus is incorrect because it uses various techniques to conceal the characteristics of an infection, such as interfering with file sizes.

Answer 1107

a. The intent of armoring is to write a virus so that it attempts to prevent antivirus software or human experts from analyzing the virus’s functions through disassembly (i.e., reverse engineering technique), traces, and other means. Tunneling is incorrect because it deals with the operating system. A virus that employs tunneling inserts itself into a low level of the operating system so that it can intercept low-level operating system calls. By placing itself below the antivirus software, the virus attempts to manipulate the operating system to prevent detection by antivirus software. Self-decryption is incorrect because some viruses can encrypt and decrypt their virus code bodies, concealing them from direct examination. Metamorphism is incorrect because the idea behind it is to alter the content of the virus itself, rather than hiding the content with encryption.

Answer 1108

d. Although some worms are intended mainly to waste system and network resources, many worms damage systems by installing backdoors, perform distributed denial-of-service (DDoS) attacks against other hosts, or perform other malicious acts.

Answer 1109

d. A blended attack is an instance of malware that uses multiple infection or transmission methods. Blended attacks can spread through such services as instant messaging and peer-to-peer (P2P) file sharing. Blended attacks do not have to use multiple methods simultaneously to spread; they can also perform multiple infections in sequence.

Answer 1110

d. Malicious mobile code differs significantly from viruses and worms in that it does not infect files or does not attempt to propagate itself. Instead of exploiting particular vulnerabilities, it often affects systems by taking advantage of the default privileges granted to mobile code. It uses popular languages such as Java, ActiveX, JavaScript, and VBScript. Although mobile code is typically benign, attackers have learned that malicious code can be an effective way of attacking systems, as well as a good mechanism for transmitting viruses, worms, and Trojan horses to users’ workstations.

Answer 1111

d. Backdoor is a general term for a malicious program that listens for commands on a certain TCP or UDP port. Most backdoors consist of a client component and a server component. The client resides on the intruder’s remote computer, and the server resides on the infected system. When a connection between client and server is established, the remote intruder has some degree of control over the infected computer. Both source port and destination port are incorrect because they are too generic to be of any use here.

Answer 1112

d. Incorporation of recovery requirements into system design can provide automatic backup and recovery procedures. This helps to prepare for disasters in a timely manner. Training every employee in emergency procedures is incorrect because it does not guarantee that they can respond to a disaster in an optimal manner when needed. Conducting fire drills regularly every month is incorrect because the scope of fire drill may not address all possible scenarios. Disaster recovery goes beyond fire drills; although, the fire drill is a good practice. Training all IT staff in file rotation procedures is incorrect because only key people need to be trained.

Answer 1113

d. A rootkit is a collection of files installed on a system to alter the standard functionality of the system in a malicious and stealthy way. Rootkits are often used to install attacker tools such as backdoors and keystroke loggers on a system. A Web browser plug-in provides a way for certain types of content to be displayed or executed through a Web browser. Attackers sometimes create malicious plug-ins that act as spyware. An example is the spyware dialer, which uses modem lines to dial phone numbers without the user’s permission or knowledge. Some dialers are in forms other than Web browser plug-ins, such as Trojan horses. Malware can deliver an e-mail-generating program to a system, which can be used to create and send large quantities of e-mail to other systems without the user’s permission or knowledge. Attackers often configure e-mail generators to send malware, spyware, spam, or other unwanted content to e-mail addresses on a predetermined list.

Answer 1114

d. There are two forms of non malware threats that are often associated with malware. The first is phishing attacks, which frequently place malware or other attacker tools onto systems. The second is virus hoaxes, which are false warnings of new malware threats. Viruses and worms are true forms of malware threats.

Answer 1115

c. Applications such as word processors and spreadsheets often contain macro languages; macro viruses take advantage of this. Most common applications with macro capabilities offer macro security features that permit macros only from trusted locations or prompt the user to approve or reject each attempt to run a macro. Restricting macro use cannot stop phishing and spyware delivery. Filtering spam is incorrect because spam is often used for phishing and spyware delivery (for example, Web bugs often are contained within spam), and it sometimes contains other types of malware. Using spam filtering software on e-mail servers or clients or on network-based appliances can significantly reduce the amount of spam that reaches users, leading to a corresponding decline in spam-triggered malware incidents. Filtering website content is incorrect because website content-filtering software contains lists of phishing websites and other sites that are known as hostile (i.e., attempting to distribute malware to visitors). The software can also block undesired file types, such as by file extension. Blocking Web browser pop-up windows is incorrect because some pop-up windows are crafted to look like legitimate system message boxes or websites and can trick users into going to phony websites, including sites used for phishing, or authorizing changes to their systems, among other malicious actions. Most Web browsers can block pop-up windows; other can do so by adding a third-party pop-up blocker to the Web browser.

Answer 1116

b. Antivirus software is an example of a threat mitigation technique for malware. Antivirus software, spyware detection and removal utility software, intrusion prevention systems, firewalls and routers, and application settings are security tools that can mitigate malware threats. Malware often attacks systems by exploiting vulnerabilities in operating systems, services, and applications. Vulnerability can usually be mitigated by patch management, least privilege, and host hardening measures.

Answer 1117

a. Antivirus software is the primary source of data for malware incident detection. Examples of secondary sources include (i) firewall and router log files, which might show blocked connection attempts, (ii) log files from e-mail servers and network-based IPS sensors, which might record e-mail headers or attachment names, (iii) packet capture files from packet sniffers, network-based IPS sensors, and network forensic analysis tools, which might contain a recording of malware related network traffic. Host-based IPS is also a secondary source.

Answer 1118

a. Transparency is the ability to simplify the task of developing management applications, hiding distribution details. There are different aspects of transparency such as access failure, location, migration replication, and transaction. Transparency means the network components or segments cannot be seen by insiders and outsiders, and that actions of one user group cannot be observed by other user groups. Transparency is achieved through process isolation and hardware segmentation principles. The principle of process isolation or separation is employed to preserve the object’s wholeness and subject’s adherence to a code of behavior. It is necessary to prevent objects from colliding or interfering with one another and to prevent actions of active agents (subjects) from interfering or colluding with one another. The principle of hardware segmentation provides hardware transparency when hardware is designed in a modular fashion and yet interconnected. A failure in one module should not affect the operation of other modules. Similarly, a module attacked by an intruder should not compromise the entire system. System architecture should be arranged so that vulnerable networks or network segments can be quickly isolated or taken offline in the event of an attack. Examples of hardware that need to be segmented include network switches, physical circuits, and power supply equipment. The abstraction principle is related to stepwise refinement and modularity of programs. As the software design evolves, each level of module in a program structure represents a refinement in the level of software abstraction. Abstraction is presented in levels, where a problem is defined and a solution is stated in broad terms at the highest level of abstraction (during requirements and analysis phases) and where source code is generated at the lowest levels of abstraction (during programming phase). The accountability principle holds an individual responsible for his actions. From this principle, requirements are derived to uniquely identity and authenticate the individual, to authorize his actions within the system, to establish a historical track record or account of these actions and their effects, and to monitor or audit this historical account for deviations from the specified code of action. The security kernel principle is the central part of a computer system (software and hardware) that implements the fundamental security procedures for controlling access to system resources. The principle of a reference monitor is the primary abstraction enabling an orderly evaluation of a standalone computer system with respect to its abilities to enforce both mandatory and discretionary access controls. The principle of complete mediation stresses that every access request to every object must be checked for authority. This requirement forces a global perspective for access control, during all functional phases (for example, normal operation and maintenance). Also stressed are reliable identification access request sources and reliable maintenance of changes in authority. The principle of open design stresses that design secrecy or the reliance on the user ignorance is not a sound basis for secure systems. Open design enables open debate and inspection of the strengths, or origins of a lack of strength, of that particular design. Secrecy can be implemented through the use of passwords and cryptographic keys, instead of secrecy in design.

Answer 1119

a. Malware test systems and environments are helpful not only for analyzing current malware threats without the risk of inadvertently causing additional damage to the organization, but also for training staff in malware incident handling. An infected production system or a disk image of an infected production system could also be placed into an isolated test environment. Physical separation may not be possible at all times; although, logical separation might be possible. Both physical and logical separation are important but not as important as using an isolated test system.