OPT Flashcards

Question 1

Q

What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost/benefit analysis.

Answer

A

D. The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organization should implement proposed countermeasure(s).

Question 2

Q

Match the following numbered wireless attack terms with their appropriate lettered
descriptions:
Wireless attack terms
Rogue access point
Replay
Evil twin
War driving
Descriptions
A. An attack that relies on an access point to spoof a legitimate access point’s SSID and Mandatory Access Control (MAC) address
B. An access point intended to attract new connections by using an apparently legitimate SSID
C. An attack that retransmits captured communication to attempt to gain access to a targeted system
D. The process of using detection tools to find wireless networks

Question 3

Q

Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an internet service provider after it receives a notification of infringement claim from a copyright holder?
A. Storage of information by a customer on a provider’s server
B. Caching of information by the provider
C. Transmission of information over the provider’s network by a customer
D. Caching of information in a provider search engine

Question 4

Q

4.  FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
A.  The right to access
B.  Privacy by design
C.  The right to be forgotten
D.  The right of data portability

Answer

A

C. The right to be forgotten, also known as the right to erasure, guarantees the data subject the ability to have their information removed from processing or use. It may be tied to consent given for data processing; if a subject revokes consent for processing, the data controller may need to take additional steps, including erasure.

Question 5

Q

5.  Which one of the following is not one of the three common threat modeling techniques?
A.  Focused on assets
B.  Focused on attackers
C.  Focused on software
D.  Focused on social engineering

Answer

A

D. The three common threat modeling techniques are focused on attackers, software, and assets. Social engineering is a subset of attackers.

Question 6

Q

6.  Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?
A.  Student identification number
B.  Social Security number
C.  Driver’s license number
D.  Credit card number

Answer

A

A. Most state data breach notification laws are modeled after California’s law, which covers Social Security number, driver’s license number, state identification card number, credit/debit card numbers, bank account numbers (in conjunction with a PIN or password), medical records, and health insurance information.

Question 7

Q

7.  In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior executives to take personal responsibility for information security matters. What is the name of this rule?
A.  Due diligence rule
B.  Personal liability rule
C.  Prudent man rule 
D.  Due process rule

Answer

A

C. The prudent man rule requires that senior executives take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation. The rule originally applied to financial matters, but the Federal Sentencing Guidelines applied them to information security matters in 1991.

Question 8

Q

9.  What United States government agency is responsible for administering the terms of privacy shield agreements between the European Union and the United States under the EU GDPR?
A.  Department of Defense
B.  Department of the Treasury
C.  State Department
D.  Department of Commerce

Answer

A

D. The US Department of Commerce is responsible for implementing the EU-U.S. Privacy Shield Agreement. This framework replaced an earlier framework known as Privacy Shield, which was ruled insufficient in the wake of the NSA surveillance disclosures.

Question 9

Q

10.  Yolanda is the chief privacy officer for a financial institution and is researching privacy issues related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?
A.  GLBA
B.  SOX
C.  HI PAA
D.  FERPA

Answer

A

A. The Gramm-Leach-Bliley Act (GLBA) contains provisions regulating the privacy of customer financial information. It applies specifically to financial institutions.

Question 10

Q

11.  Tim’s organization recently received a contract to conduct sponsored(贊助) research as a government contractor(政府承包商). What law now likely applies to the information systems involved in this contract?
A.  FISMA
B.  PCI DSS
C.  HI PAA
D.  GISRA

Answer

A

A. The Federal Information Security Management Act (FISMA) specifically applies to government contractors. The Government Information Security Reform Act (GISRA) was the precursor to FISMA and expired in November 2002. HIPAA and PCI DSS apply to healthcare and credit card information, respectively.

Question 11

Q

12.  Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliance with export control laws(出口管制法律). Which of the following technologies is most likely to trigger these regulations?
A.  Memory chips
B.  Office productivity applications
C.  Hard drives
D.  Encryption software

Answer

A

D. The export of encryption software to certain countries is regulated under US export control laws.

Question 12

Q

15.  Which one of the following control categories does not accurately describe a fence(圍欄) around a facility?
A.  Physical
B.  Detective
C.  Deterrent
D.  Preventive

Answer

A

B. A fence does not have the ability to detect intrusions. It does, however, have the ability to prevent and deter an intrusion. Fences are an example of a physical control.

Question 13

Q

Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets.
What would be the most effective risk assessment approach for him to use?
A. Quantitative risk assessment
B. Qualitative risk assessment
C. Neither quantitative nor qualitative risk assessment
D. Combination of quantitative and qualitative risk assessment

Answer

A

D. Tony would see the best results by combining elements of quantitative and qualitative risk assessment. Quantitative risk assessment excels at analyzing financial risk, while qualitative risk assessment is a good tool for intangible risks. Combining the two techniques provides a well-rounded risk picture.

Question 14

Q

17.  What law provides intellectual property protection to the holders of trade secrets?
A.  Copyright Law
B.  Lanham Act
C.  Glass-Steagall Act
D.  Economic Espionage Act

Answer

A

D. The Economic Espionage Act(經濟間諜法) imposes fines and jail sentences on anyone found guilty of stealing trade secrets from a US corporation. It gives true teeth to the intellectual property rights of trade secret owners.

Question 15

Q

18.  Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?
A.  Due diligence
B.  Separation of duties
C.  Due care 
D.  Least privilege

Answer

A

C. The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard. The due diligence principle is a more specific component of due care that states that an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner.

Question 16

Q

22.  Which one of the following actions might be taken as part of a business continuity plan?
A.  Restoring from backup tapes
B.  Implementing RAID
C.  Relocating to a cold site
D.  Restarting business operations

Answer

A

B. RAID technology provides fault tolerance for hard drive failures and is an example of a business continuity action. Restoring from backup tapes, relocating to a cold site, and restarting business operations are all disaster recovery actions.
#
A. Restoring from backup tapes

Question 17

Q

Which one of the following organizations would not be automatically subject to the terms of HIPAA if they engage in electronic transactions?#重點在問誰不受影響
A. Healthcare provider
B. Health and fitness application developer
C. Health information clearinghouse
D. Health insurance plan

Answer

A

B. A health and fitness application developer would not necessarily be collecting or processing healthcare data, and the terms of HIPAA do not apply to this category of business. HIPAA regulates three types of entities—healthcare providers, health information clearinghouses(健康信息交換所), and health insurance plans—as well as the business associates of any of those covered entities.

Question 18

Q

31.  Renee is designing the long-term security plan for her organization and has a three- to five-year planning horizon. What type of plan is she developing?
A.  Operational
B.  Tactical
C.  Summary
D.  Strategic

Answer

A

D. Strategic plans have a long-term planning horizon of up to five years in most cases.
Operational and tactical plans have shorter horizons of a year or less.

Question 19

Q

32.  What government agency is responsible for the evaluation and registration of trademarks?
A.  USPTO 
B.  Library of Congress
C.  TVA
D.  NIST

Answer

A

A. The United States Patent and Trademark Office (USPTO) bears responsibility for the registration of trademarks.

Question 20

Q

33.  The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation?
A.  Mandatory vacation
B.  Separation of duties
C.  Defense in depth
D.  Job rotation

Answer

A

B. When following the separation of duties principle, organizations divide critical tasks into discrete components and ensure that no one individual has the ability to perform both actions. This prevents a single rogue individual from performing that task in an unauthorized manner.

Question 21

Q

34.  Which one of the following categories of organizations is most likely to be covered by the provisions of FISMA?
A.  Banks
B.  Defense contractors
C.  School districts
D.  Hospitals

Answer

A

B. The Federal Information Security Management Act (FISMA) applies to federal government agencies and contractors(承包商). Of the entities listed, a defense contractor is the most likely to have government contracts subject to FISMA.

Question 22

Q

38.  Florian receives a flyer from a federal agency announcing that a new administrative law will affect his business operations. Where should he go to find the text of the law?
A.  United States Code
B.  Supreme Court rulings
C.  Code of Federal Regulations
D.  Compendium of Laws

Answer

A

C. The Code of Federal Regulations (CFR) contains the text of all administrative laws promulgated by federal agencies. The United States Code contains criminal and civil law.
Supreme Court rulings contain interpretations of law and are not laws themselves. The Compendium of Laws does not exist.

Question 23

Q

40.  Which one of the following individuals would be the most effective organizational owner for an information security program?
A.  CISSP-certified analyst
B.  Chief information officer (CIO)
C.  Manager of network security
D.  President and CEO

Answer

A

B. The owner of information security programs may be different from the individuals responsible for implementing the controls. This person should be as senior an individual as possible who is able to focus on the management of the security program. The president and CEO would not be an appropriate choice because an executive at this level is unlikely to have the time necessary to focus on security. Of the remaining choices, the CIO is the most senior position who would be the strongest advocate at the executive level.

Question 24

Q

Which one of the following issues is not normally addressed in a service-level agreement (SLA)?
A. Confidentiality of customer information
B. Failover time
C. Uptime
D. Maximum consecutive downtime

Answer

A

A. SLAs do not normally address issues of data confidentiality. Those provisions are normally included in a nondisclosure agreement (NDA).

Question 25

Q

46.  Joan is seeking to protect a piece of computer software that she developed under intellectual property law. Which one of the following avenues of protection would not apply to a piece of software?
A.  Trademark
B.  Copyright
C.  Patent 
D.  Trade secret

Answer

A

A. Trademarks protect words and images that represent a product or service and would not protect computer software.

Question 26

Q

48.  You are also concerned about the availability of data stored on each office’s server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. What integrity control allows you to add robustness without adding additional servers?
A.  Server clustering
B.  Load balancing
C.  RAID
D.  Scheduled backups

Answer

A

C. RAID uses additional hard drives to protect the server against the failure of a single device. Load balancing and server clustering do add robustness but require the addition of a server. Scheduled backups protect against data loss but do not provide immediate access to data in the event of a hard drive failure.

Question 27

Q

What law serves as the basis for privacy rights in the United States?
A. Privacy Act of 1974
B. Fourth Amendment
C. First Amendment
D. Electronic Communications Privacy Act of 1986

Answer

A

B. The Fourth Amendment directly prohibits government agents from searching private property without a warrant and probable cause. The courts have expanded the interpretation of the Fourth Amendment to include protections against other invasions of privacy.

Question 28

Q

52. An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud?
A.  Separation of duties
B.  Least privilege
C.  Defense in depth
D.  Mandatory vacation

Answer

A

D. Mandatory vacation programs require that employees take continuous periods of time off each year and revoke their system privileges during that time. This will hopefully disrupt any attempt to engage in the cover-up actions necessary to hide fraud and result in exposing the threat. Separation of duties, least privilege, and defense in depth controls all may help prevent the fraud in the first place but are unlikely to speed the detection of fraud that has already occurred.

Question 29

Q

53.  Which one of the following is not normally considered a business continuity task?
A.  Business impact assessment
B.  Emergency response guidelines
C.  Electronic vaulting
D.  Vital records program

Answer

A

C. Electronic vaulting(電子存儲) is a data backup task that is part of disaster recovery, not business continuity, efforts.

Question 30

Q

Who should receive initial business continuity plan training in an organization?
A. Senior executives
B. Those with specific business continuity roles
C. Everyone in the organization
D. First responders

Answer

A

C. Everyone in the organization should receive a basic awareness training for the business continuity program. Those with specific roles, such as first responders and senior executives, should also receive detailed, role-specific training.

Question 31

Q

57.  James is conducting a risk assessment for his organization and is attempting to assign an asset value to the servers in his data center. The organization’s primary concern is ensuring that it has sufficient funds available to rebuild the data center in the event it is damaged or destroyed. Which one of the following asset valuation methods would be most appropriate in this situation?
A.  Purchase cost
B.  Depreciated cost
C.  Replacement cost
D.  Opportunity cost

Answer

A

C. If the organization’s primary concern is the cost of rebuilding the data center, James should use the replacement cost method to determine the current market price for equivalent servers.

Question 32

Q

The Computer Security Act of 1987 gave a federal agency responsibility for developing computer security standards and guidelines for federal computer systems. What agency did the act give this responsibility to?
A. National Security Agency
B. Federal Communications Commission
C. Department of Defense
D. National Institute of Standards and Technology

Answer

A

D. The Computer Security Act of 1987 gave the National Institute of Standards and Technology (NIST) responsibility for developing standards and guidelines for federal computer systems. For this purpose, NIST draws upon the technical advice and assistance of the National Security Agency where appropriate.

Question 33

Q

61.  What is the formula used to determine risk?
A.  Risk = Threat * Vulnerability
B.  Risk = Threat / Vulnerability
C.  Risk = Asset * Threat
D.  Risk = Asset / Threat

Answer

A

A. Risks exist when there is an intersection of a threat and a vulnerability. This is described using the equation Risk = Threat * Vulnerability.

Question 34

Q

62.  The following graphic shows the NIST risk management framework with step 4 missing. 
What is the missing step?
A.  Assess security controls.
B.  Determine control gaps.
C.  Remediate control gaps.
D.  Evaluate user activity

Answer

A

A. The fourth step of the NIST risk management framework is assessing security controls.

Question 35

Q

Which one of the following components should be included in an organization’s emergency response guidelines?
A. List of individuals who should be notified of an emergency incident
B. Long-term business continuity protocols
C. Activation procedures for the organization’s cold sites
D. Contact information for ordering equipment

Answer

A

A. The emergency response guidelines should include the immediate steps an organization should follow in response to an emergency situation. These include immediate response procedures, a list of individuals who should be notified of the emergency and secondary response procedures for first responders. They do not include long-term actions such as activating business continuity protocols, ordering equipment, or
activating DR sites.

Question 36

Q

Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?
A. Structured analysis of the organization
B. Review of the legal and regulatory landscape
C. Creation of a BCP team
D. Documentation of the plan

Answer

A

D. The project scope and planning phase includes four actions: a structured analysis of the organization, the creation of a BCP team, an assessment of available resources, and an analysis of the legal and regulatory landscape.
#
Phase 1: Project Scoping and Planning
Business analysis from crisis point of view
Creation of the BCP Team with Approval from senior management
Assessment of resources available to participate in continuity processes
Legal and Regulatory requirements analysis
Business Organizational Analysis
Phase 2: Business Impact Analysis
Phase 3: Continuity Planning - Recovery Strategies and Continuity Development
Phase 4: Approval and Implementation
Phase 5: Testing and Maintenance
Exercise, Test, Drill and Maintain the BCP.
Maintenance includes updating documentation as processes and controls change.

Question 37

Q

69.  Becka recently signed a contract with an alternate data processing facility that will provide her company with space in the event of a disaster. The facility includes HVAC, power, and communications circuits but no hardware. What type of facility is Becka using?
A.  Cold site
B.  Warm site
C.  Hot site 
D.  Mobile sit

Answer

A

A. A cold site includes the basic capabilities required for data center operations: space, power, HVAC, and communications, but it does not include any of the hardware required to restore operations.

Question 38

Q

70.  What is the threshold for malicious damage to a federal computer system that triggers the Computer Fraud and Abuse Act?
A.  $500
B.  $2,500
C.  $5,000
D.  $10,000

Answer

A

C. The Computer Fraud and Abuse Act (CFAA) makes it a federal crime to maliciously cause damage in excess of $5,000 to a federal computer system during any one-year period.

Question 39

Q

72.  Which one of the following laws requires that communications service providers cooperate with law enforcement requests?
A.  ECPA
B.  CALEA
C.  Privacy Act
D.  HITECH Act

Answer

A

B. The Communications Assistance to Law Enforcement Act (CALEA) requires that all communications carriers make wiretaps possible for law enforcement officials who have an appropriate court order.

Question 40

Q

73.  Every year, Gary receives privacy notices in the mail from financial institutions where he has accounts. What law requires the institutions to send Gary these notices?
A.  FERPA
B.  GLBA
C.  HI PAA
D.  HITECH

Answer

A

B. The Gramm-Leach-Bliley Act (GLBA) places strict privacy regulations on financial institutions, including providing written notice of privacy practices to customers.

Question 41

Q

76.  Which one of the following stakeholders is not typically included on a business continuity planning team?
A.  Core business function leaders
B.  Information technology staff
C.  CEO
D.  Support departments

Answer

A

C. While senior management should be represented on the BCP team, it would be highly unusual for the CEO to fill this role personally.

Question 42

Q

77.  Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve?
A.  Authentication
B.  Authorization
C.  Integrity
D.  Nonrepudiation

Answer

A

D. Nonrepudiation allows a recipient to prove to a third party that a message came from a purported source. Authentication would provide proof to Ben that the sender was authentic, but Ben would not be able to prove this to a third party.

Question 43

Q

Which one of the following is not a goal of a formal change management program?
A. Implement change in an orderly fashion.
B. Test changes prior to implementation.
C. Provide rollback plans for changes.
D. Inform stakeholders of changes after they occur.

Answer

A

D. Stakeholders should be informed of changes before, not after, they occur. The other items listed are goals of change management programs.

Question 44

Q

80.  Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option?
A.  Purchasing insurance
B.  Encrypting the database contents
C.  Removing the data
D.  Objecting to the exception

Answer

A

B. Ben should encrypt the data to provide an additional layer of protection as a compensating control. The organization has already made a policy exception, so he should not react by objecting to the exception or removing the data without authorization. Purchasing insurance may transfer some of the risk but is not a mitigating control.

Question 45

Q

84.  Helen is the owner of a website that provides information for middle and high school students preparing for exams. She is concerned that the activities of her site may fall under the jurisdiction of the Children’s Online Privacy Protection Act (COPPA). What is the cutoff age below which parents must give consent in advance of the collection of personal information from their children under COPPA?
A.  13
B.  15
C.  17
D.  18

Answer

A

A. COPPA requires that websites obtain advance parental consent for the collection of personal information from children under the age of 13.

Question 46

Q

Alan is performing threat modeling and decides that it would be useful to decompose the system into the key elements shown here. What tool is he using?

A. Vulnerability assessment
B. Fuzzing
C. Reduction analysis
D. Data modeling

Answer

A

C. In reduction analysis, the security professional breaks the system down into five key elements: trust boundaries, data flow paths, input points, privileged operations, and details about security controls.

Question 47

Q

Match the following numbered laws or industry standards to their lettered description:
Laws and industry standards
GLBA
PCI DSS
HI PAA
SOX
Descriptions
A. A U.S. law that requires covered financial institutions to provide their customers with
a privacy notice on a yearly basis
B. A U.S. law that requires internal controls assessments, including IT transaction flows
for publicly traded companies
C. An industry standard that covers organizations that handle credit cards
D. A U.S. law that provides data privacy and security requirements for medical
information

Question 48

Q

91.  Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?
A.  Quantitative
B.  Qualitative
C.  Annualized loss expectancy
D.  Reduction

Answer

A

B. Qualitative tools are often used in business impact assessment to capture the impact on intangible factors such as customer confidence, employee morale, and reputation.

Question 49

Q

93.  Which one of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks?
A.  Awareness
B.  Training
C.  Education
D.  Indoctrination

Answer

A

B. Security training is designed to provide employees with the specific knowledge they need to fulfill their job functions. It is usually designed for individuals with similar job functions.

Question 50

Q

95.  Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the threat? #ch11Q77  #ch12Q82
A.  Unpatched web application
B.  Web defacement
C.  Malicious hacker
D.  Operating system

Answer

A

C. Risks are the combination of a threat and a vulnerability. Threats are the external forces seeking to undermine security, such as the malicious hacker in this case.
Vulnerabilities are the internal weaknesses that might allow a threat to succeed. In this case, the missing patch is the vulnerability. In this scenario, if the malicious hacker (threat) attempts a SQL injection attack against the unpatched server (vulnerability), the result is website defacement.

Question 51

Q

102. STRIDE, PASTA, and VAST are all examples of what type of tool?
A.  Risk assessment methodologies
B.  Control matrices
C.  Threat modeling methodologies
D.  Awareness campaign tools

Answer

A

C. STRIDE, Process for Attack Simulation and Threat Analysis (PASTA), and Visual, Agile, and Simple Threat (VAST) modeling are all threat modeling methodologies. STRIDE was designed for applications and operating systems (but can be used more broadly), PASTA is a risk-centric(以風險為中心) modeling system, and VAST is a threat modeling concept based on Agile project management and programming techniques.

Question 52

Q

105. Which of the following is not typically included in a prehire screening process?
A.  A drug test
B.  A background check
C.  Social media review
D.  Fitness evaluation

Answer

A

D. A fitness evaluation is not a typical part of a hiring process. Drug tests, background checks, and social media checks are all common parts of current hiring practices.

Question 53

Q

Greg’s company recently experienced a significant data breach involving the personal data of many of their customers. Which breach laws should they review to ensure that they are taking appropriate action?
A. The breach laws in the state where they are headquartered
B. The breach laws of states they do business in
C. Only federal breach laws
D. Breach laws only cover government agencies, not private businesses

Answer

A

B. In general, companies should be aware of the breach laws in any location where they do business. US states have a diverse collection of breach laws and requirements, meaning that in this case, Greg’s company may need to review many different breach laws to determine which they may need to comply with if they conduct business in the state or with the state’s residents.

Question 54

Q

Lawrence has been asked to perform vulnerability scans and a risk assessment of systems.
Which organizational process are these more likely to be associated with?
A. A merger
B. A divestiture
C. A layoff
D. A financial audit

Answer

A

A. When organizations merge, it is important to understand the state of the security for both organizations. Running vulnerability scans and performing a risk assessment are both common steps taken when preparing to merge two (or more!) IT environments.

Question 55

Q

110.  Laura has been asked to perform an SCA. What type of organization is she most likely in?
A.  Higher education
B.  Banking 
C.  Government
D.  Healthcare

Answer

A

C. A security controls assessment (SCA) most often refers to a formal US government process for assessing security controls and is often paired with a Security Test and Evaluation (ST&E) process. This means that Laura is probably part of a government organization or contractor.

Question 56

Q

2. Control Objectives for Information and Related Technology (COBIT) is a framework for information technology (IT) management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?
A.  Business owners
B.  Data processors
C.  Data owners
D.  Data stewards

Answer

A

A. Business owners have to balance the need to provide value with regulatory, security, and other requirements. This makes the adoption of a common framework like COBIT attractive. Data owners are more likely to ask that those responsible for control selection identify a standard to use. Data processors are required to perform specific actions under regulations like the EU GDPR. Finally, in many organizations, data stewards are internal roles that oversee how data is used.

Question 57

Q

How can a data retention policy help to reduce liabilities(減少負債)?
A. By ensuring that unneeded data isn’t retained
B. By ensuring that incriminating data is destroyed
C. By ensuring that data is securely wiped so it cannot be restored for legal discovery
D. By reducing the cost of data storage required by law

Answer

A

A. A data retention policy can help to ensure that outdated data is purged, removing potential additional costs for discovery. Many organizations have aggressive retention policies to both reduce the cost of storage and limit the amount of data that is kept on hand and discoverable. Data retention policies are not designed to destroy incriminating data, and legal requirements for data retention must still be met.

Question 58

Q

Ben has been tasked with identifying security controls for systems covered by his organization’s information classification system. Why might Ben choose to use a security baseline?
A. It applies in all circumstances, allowing consistent security controls.
B. They are approved by industry standards bodies, preventing liability.
C. They provide a good starting point that can be tailored to organizational needs.
D. They ensure that systems are always in a secure state.

Answer

A

C. Security baselines provide a starting point to scope and tailor security controls to your organization’s needs. They aren’t always appropriate to specific organizational needs, they cannot ensure that systems are always in a secure state, and they do not prevent liability(責任).

Question 59

Q

10.  What term is used to describe overwriting media to allow for its reuse in an environment operating at the same sensitivity level?
A.  Clearing
B.  Erasing 
C.  Purging 
D.  Sanitization

Answer

A

A. Clearing describes preparing media for reuse. When media is cleared, unclassified data is written over all addressable locations on the media. Once that’s completed, the media can be reused. Erasing is the deletion of files or media. Purging is a more intensive form of clearing for reuse in lower-security areas, and sanitization is a series of processes that removes data from a system or media while ensuring that the data is unrecoverable by any means.

Question 60

Q

11.  Which of the following classification levels is the United States (U.S.) government’s classification label for data that could cause damage but wouldn’t cause serious or grave damage?
A.  Top S ecret
B.  Secret 
C.  Confidential
D.  Classified

Answer

A

C. The US government uses the label Confidential for data that could cause damage if it was disclosed without authorization. Exposure of Top Secret data is considered to potentially cause grave damage, while Secret data could cause serious damage. Classified is not a level in the US government classification scheme.

Question 61

Q

What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs?
A. They can be used to hide data.
B. They can only be degaussed.
C. They are not addressable, resulting in data remanence.
D. They may not be cleared, resulting in data remanence.

Answer

A

D. Spare sectors, bad sectors, and space provided for wear leveling on SSDs (overprovisioned space) may all contain data that was written to the space that will not be cleared when the drive is wiped. Most wiping utilities only deal with currently addressable space on the drive. SSDs cannot be degaussed, and wear leveling space cannot be reliably used to hide data. These spaces are still addressable by the drive, although they may not be seen by the operating system.

Question 62

Q

For questions 14–16, please refer to the following scenario:
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations.
14. What civilian data classifications best fit this data?
A. Unclassified, confidential, top secret
B. Public, sensitive, private
C. Public, sensitive, proprietary(專有)
D. Public, confidential, private

Answer

A

C. Information shared with customers is public, internal business could be sensitive or private, and trade secrets are proprietary. Thus, public, sensitive, proprietary matches this most closely. Confidential is a military classification, which removes two of the remaining options, and trade secrets are more damaging to lose than a private classification would allow.

Question 63

Q

For questions 14–16, please refer to the following scenario:
Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations.
15. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it?
A. Classification
B. Symmetric encryption
C. Watermarks
D. Metadata

Answer

A

C. A watermark is used to digitally label data and can be used to indicate ownership. Encryption would have prevented the data from being accessed if it was lost, while classification is part of the set of security practices that can help make sure the right controls are in place. Finally, metadata is used to label data and might help a data loss prevention system flag it before it leaves your organization.

Question 64

Q

Why is it cost effective to purchase high-quality media to contain sensitive data?
A. Expensive media is less likely to fail.
B. The value of the data often far exceeds the cost of the media.
C. Expensive media is easier to encrypt.
D. More expensive media typically improves data integrity.

Answer

A

B. The value of the data contained on media often exceeds the cost of the media, making more expensive media that may have a longer life span or additional capabilities like encryption support a good choice. While expensive media may be less likely to fail, the reason it makes sense is the value of the data, not just that it is less likely to fail. In general, the cost of the media doesn’t have anything to do with the ease of encryption, and data integrity isn’t ensured by better media.

Answer 62

A

C. Sanitization is a combination of processes that ensure that data from a system cannot be recovered by any means. Erasing and clearing are both prone to mistakes and technical problems that can result in remnant data and don’t make sense for systems that handled proprietary information. Destruction is the most complete method of ensuring that data cannot be exposed, and some organizations opt to destroy the entire workstation, but that is not a typical solution due to the cost involved.

Answer 63

A

D. The CIS benchmarks are an example of a security baseline. A risk assessment would help identify which controls were needed, and proper system ownership is an important part of making sure baselines are implemented and maintained. Data labeling can help ensure that controls are applied to the right systems and data.

Answer 64

A

B. Many organizations require the destruction of media that contains data at higher levels of classification. Often the cost of the media is lower than the potential costs of data exposure, and it is difficult to guarantee that reused media doesn’t contain remnant data. Tapes can be erased by degaussing, but degaussing is not always fully effective. Bitrot describes the slow loss of data on aging media, while data permanenceis a term
sometimes used to describe the life span of data and media.

Answer 65

A

B. Downgrading systems and media is rare due to the difficulty of ensuring that sanitization is complete. The need to completely wipe (or destroy) the media that systems use means that the cost of reuse is often significant and may exceed the cost of purchasing a new system or media. The goal of purging is to ensure that no data remains, so commingling data should not be a concern, nor should the exposure of the data; only staff with the proper clearance should handle the systems! Finally, a DLP system should flag data based on labels, not on the system it comes from.

Answer 66

A

A. Classification should be conducted based on the value of the data to the organization, its sensitivity, and the amount of harm that could result from exposure of the data. Cost should be considered when implementing controls and is weighed against the damage that exposure would create.

Answer 67

A

C. Erasing, which describes a typical deletion process in many operating systems, typically removes only the link to the file and leaves the data that makes up the file itself. The data will remain in place but not indexed until the space is needed and it is overwritten. Degaussing works only on magnetic media, but it can be quite effective on it. Purging and clearing both describe more elaborate removal processes.#典型刪除過程，只刪除文件的鏈接並保留構成文件本身的數據

Answer 68

A

BACC
Medical records are an example of protected health information (PHI). Credit card numbers are personally identifiable information (PII), but they are also covered by the Payment Card Industry Data Security Standard (PCI DSS), which is a more specific category governing only credit card information and is a better answer. Social Security numbers and driver’s license numbers are examples of PII.

Answer 69

A

C. We know that the data classification will not be the top level classification of “Confidential” because the loss of the data would not cause severe damage. This means we have to choose between private (PHI) and sensitive (confidential). Calling this private due to the patient’s personal health information fits the classification scheme, giving us the correct answer.

Answer 70

A

B. Group Policy provides the ability to monitor and apply settings in a security baseline. Manual checks by users and using startup scripts provide fewer reviews and may be prone to failure, while periodic review of the baseline won’t result in compliance being checked.

Answer 71

A

B. A baseline is a set of security configurations that can be adopted and modified to fit an organization’s security needs. A security policy is written to describe an organization’s approach to security, while DSS is the second half of the Payment Card Industry Data Security Standard. The NIST SP-800 series of documents address computer security in a variety of areas.

Answer 72

A

D. Electronic signatures, as used in this rule, prove that the signature was provided by the intended signer. Electronic signatures as part of the FDA code are intended to ensure that electronic records are “trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.” Signatures cannot provide confidentiality or integrity and don’t ensure that someone has reviewed the data.

Answer 73

A

D. Secure Shell (SSH) is an encrypted protocol for remote login and command-line access. SCP and SFTP are both secure file transfer protocols, while WDS is the acronym for Windows Deployment Services, which provides remote installation capabilities for Windows operating systems.

Answer 74

A

C. Data labels are crucial to identify the classification level of information contained on the media. Digital rights management (DRM) tools provide ways to control how data is used, while encrypting it can help maintain the confidentiality and integrity of the data. Classifying the data is necessary to label it, but it doesn’t automatically place a label on the data.

Answer 75

A

D. The NIST SP 800-88 process for sanitization and disposition shows that media that will be reused and was classified at a moderate level should be purged and then that purge should be validated. Finally, it should be documented.

Answer 76

A

A. Chris is most likely to be responsible for classifying the data that he owns as well as assisting with or advising the system owners on security requirements and control selection. In an organization with multiple data owners, Chris is unlikely to set criteria for classifying data on his own. As a data owner, Chris will also not typically have direct responsibility for scoping, tailoring, applying, or enforcing those controls.

Answer 77

A

B. The system administrators are acting in the roles of data administrators who grant access and will also act as custodians who are tasked with the day-to-day application of security controls. They are not acting as data owners who own the data itself. Typically, system administrators are delegated authority by system owners, such as a department head, and of course they are tasked with providing access to users.

Answer 78

A

C. Third-party organizations that process personal data on behalf of a data controller are known as data processors. The organization that they are contracting with would act in the role of the business or mission owners, and others within Chris’s organization would have the role of data administrators, granting access as needed to the data based on their operational procedures and data classification.

Answer 79

A

B. The GDPR does include requirements that data be processed fairly, maintained securely, and maintained accurately. It does not include a requirement that information be deleted within one year, although it does specify that information should not be kept longer than necessary.

Answer 80

A

D. Under EU regulations,both the organization sharing data and the third-party data processor bear responsibility for maintaining the privacy and security of personal information.

Answer 81

A

D. The U.S. government specifies Secret as the classification level for information that, if disclosed, could cause serious harm to national security. Top Secret is reserved for information that could cause exceptionally grave harm, while confidential data could be expected to cause less harm. Unclassified is not an actual classification but only indicates that the data may be released to unclassified individuals. Organizations may still restrict access to unclassified information.

Answer 82

A

A. Sanitization is the combination of processes used to remove data from a system or media. When a PC is disposed of, sanitization includes the removal or destruction of drives, media, and any other storage devices it may have. Purging, destruction, and declassification are all other handling methods.

Answer 83

A

D. Bcrypt is based on Blowfish (the b is a key hint here). AES and 3DES are both replacements for DES, while Diffie-Hellman is a protocol for key exchange.

Answer 84

A

B. Requiring all media to have a label means that when unlabeled media is found, it should immediately be considered suspicious. This helps to prevent mistakes that might leave sensitive data unlabeled. Prelabeled media is not necessarily cheaper (nor may it make sense to buy!), while reusing public media simply means that it must be classified based on the data it now contains. HIPAA does not have specific media labeling requirements.

Answer 85

A

C. Ensuring that data cannot be recovered is difficult,and the time and effort required to securely and completely wipe media as part of declassification can exceed the cost of new media.
Sanitization, purging, and clearing may be part of declassification, but they are not reasons that it is not frequently chosen as an option for organizations with data security concerns.

Answer 86

A

D. Destruction is the final stage in the lifecycle of media and can be done via disintegration, incineration, or a variety of other methods that result in the media and data being nonrecoverable. Sanitization is a combination of processes used when data is being removed from a system or media. Purging is an intense form of clearing, and degaussing uses strong magnetic fields to wipe data from magnetic media.

Answer 87

A

D. The GDPR does include the need to collect information for specified, explicit, and legitimate purposes; the need to ensure that collection is limited to the information necessary to achieve the stated purpose; and the need to protect data against accidental destruction. It does not include a specific requirement to encrypt information at rest.

Answer 88

A

C. If an organization allows media to be downgraded, the purging process should be followed, and then the media should be relabeled. Degaussing may be used for magnetic media but won’t handle all types of media. Pulverizing would destroy the media, preventing reuse, while relabeling first could lead to mistakes that result in media that hasn’t been purged entering use.

Answer 89

A

B. The data owner sets the rules for use and protection of data. The remaining options all describe tasks for the system owner, including implementation of security controls.

Answer 90

A

B. In the NIST SP 800-60 diagram, the process determines appropriate categorization levels resulting in security categorization and then uses that as an input to determine controls. Standard selection would occur at an organizational level, while baselining occurs when systems are configured to meet a baseline. Sanitization would require the intentional removal of data from machines or media.

Answer 91

A

B. Sending a file that is encrypted before it leaves means that exposure of the file in transit will not result in a confidentiality breach and the file will remain secure until decrypted at location E. Since answers A, C, and D do not provide any information about what happens at point C, they should be considered insecure, as the file may be at rest at point C in an unencrypted form.

Answer 92

A

C. Encrypting and labeling sensitive email will ensure that it remains confidential and can be identified. Performing these actions only on sensitive email will reduce the cost and effort of encrypting all email, allowing only sensitive email to be the focus of the organization’s efforts. Only encrypting highly sensitive email not only skips labeling but might expose other classifications of email that shouldn’t be exposed.

Answer 93

A

D. Scoping is performed when you match baseline controls to the IT system you’re working to secure. Creation of standards is part of the configuration process and may involve the use of baselines. Baselining can mean the process of creating a security baseline or configuring systems to meet the baseline. CIS, the Center for Internet Security, provides a variety of security baselines.

Answer 94

A

C. Systems used to process data are data processors. Data owners are typically CEOs or other very senior staff, custodians are granted rights to perform day-to-day tasks when handling data, and mission owners are typically program or information system owners.

Answer 95

A

D. Personally identifiable information includes any information that can uniquely identify an individual. This would include name, Social Security number, and any other unique identifier (including a student ID number). ZIP code, by itself, does not uniquely identify an individual.

Answer 96

A

B. Protected health information, or PHI, includes a variety of data in multiple formats, including oral and recorded data, such as that created or received by healthcare providers, employers, and life insurance providers. PHI must be protected by HIPAA. PII is personally identifiable information. SHIand HPHIare both made-up acronyms.

Answer 97

A

D. The principle of data portability says that the data subject has the right to receive personal information and to transfer that information to another data controller. The principle of data integrity states that data should be reliable and that information should not be used for purposes other than those that users are made aware of by notice and that they have accepted through choice. Enforcement is aimed at ensuring that compliance with principles is assured. Onward transfer limits transfers to other organizations that comply with the principles of notice and choice.

Answer 98

A

C. Due to problems with remnant data, the US National Security Agency requires physical destruction of SSDs. This process, known as disintegration#崩解, results in very small fragments via a shredding process. Zero fill wipes a drive by replacing data with zeros, degaussing uses magnets to wipe magnetic media, and clearing is the process of preparing media for reuse.

Answer 99

A

A. The data owner bears responsibility for categorizing information systems and delegates selection of controls to system owners, while custodians implement the controls. Users don’t perform any of these actions, while business owners are tasked with ensuring that systems are fulfilling their business purpose.

Answer 100

A

B. PCI DSS provides a set of required security controls and standards. Step 2 would be guided by the requirements of PCI DSS. PCI DSS will not greatly influence step 1 because all of the systems handle credit card information, making PCI DSS apply to all systems covered. Steps 3 and 4 will be conducted after PCI DSS has guided the decisions in step 2.

Answer 101

A

C. Custodians are tasked with the day-to-day monitoring of the integrity and security of data. Step 5 requires monitoring, which is a custodial(監管) task. A data owner may grant rights to custodians but will not be responsible for conducting monitoring. Data processors process data on behalf of the data controller, and a user simply uses the data via a computing system.

Answer 102

A

B. Susan’s organization is limiting its risk by sending drives that have been sanitized before they are destroyed. This limits the possibility of a data breach if drives are mishandled by the third party, allowing them to be stolen, resold, or simply copied. The destruction of the drives will handle any issues with data remanence, while classification mistakes are not important if the drives have been destroyed. Data permanence and the life span of the data are not important on a destroyed drive.

Answer 103

A

C. A digital watermark is used to identify the owner of a file or to otherwise label it. A copyright notice provides information about the copyright asserted on the file, while data loss prevention (DLP) is a solution designed to prevent data loss. Steganography is the science of hiding information, often in images or files.

Answer 104

A

D. Administrators have the rights to assign permissions to access and handle data.
Custodians are trusted with day-to-day data handling tasks. Business owners are typically system or project owners, and data processors are systems used to process data.

Answer 105

A

B. The California Online Privacy Protection Act (COPPA) requires that operators of commercial websites and services post a prominently displayed privacy policy if they collect personal information on California residents.
The Personal Information Protection and Electronic Documents Act is a Canadian privacy law, while California Civil Code 1798.82 is part of the set of California codes that requires breach notification. The California Online Web Privacy Act does not exist.

Answer 106

A

C. PGP, or Pretty Good Privacy (or its open-source alternative, GPG) provide strong encryption of files, which can then be sent via email. Email traverses multiple servers and will be unencrypted at rest at multiple points along its path as it is stored and forwarded to its destination.

Answer 107

A

D. The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.
當主體無法讀取位於不同數據集中的另一個對象時，主體才能寫入對象。它的創建是為了提供可根據用戶之前的操作動態更改的訪問控制。該模型的主要目標是通過用戶的訪問嘗試來防止利益衝突。

Answer 108

A

A. Fires may be detected as early as the incipient stage. During this stage, air ionization takes place, and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.
#早在初期階段就可以檢測到火災。 在此階段，空氣電離發生，專門的初期火災探測系統可以識別這些變化，以提供火災的早期預警。

Answer 109

A

A. Closed-circuit television (CCTV) systems act as a secondary verification mechanism for physical presence because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.

Answer 110

A

B. In an M of n control system, at least M of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.
#秘密共享用於希望在N股之間分配秘密的情況，使得其中的M

Answer 111

A

B. The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as
part of the digital signature process, they do not provide encryption.

Answer 112

A

C. The use of a sandbox is an example of confinement, where the system restricts the access of a particular process to limit its ability to affect other processes running on the same system.

Answer 113

A

D. Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.

Answer 114

A

B. The Simple Integrity Property states that an individual may not read a file classified at a lower security level than the individual’s security clearance.#不要讀到不乾淨的

Answer 115

A

B. The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.

Answer 116

A

D. Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1 was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list.#選安全的

Answer 117

A

D. A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Answer 118

A

A. DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.

Answer 119

A

C. Protection Profiles (PPs) specify the security requirements and protections that must be in place for a product to be accepted under the Common Criteria.

Answer 120

A

A. Mantraps use a double set of doors to prevent piggybacking by allowing only a single individual to enter a facility at a time.

Answer 121

A

A. While it would be ideal to have wiring closets in a location where they are monitored by security staff, this is not feasible in most environments. Wiring closets must be distributed geographically in multiple locations across each building used by an organization.#理想的，但在大多數環境中這是不可行的

Answer 122

A

B. In the Fair Cryptosystem approach to key escrow, the secret keys used in communications are divided into two or more pieces, each of which is given to an independent third party.

Answer 123

A

A. The Ready state is used when a process is prepared to execute but the CPU is not available. The Running state is used when a process is executing on the CPU. The Waiting state is used when a process is blocked waiting for an external event. The Stopped state is used when a process terminates.

Answer 124

A

A. EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
#EAL(Evaluation Assurance Level of CC)
EAL1:Functionally tested
EAL2:Structurally tested
EAL3:Methodically tested & checked
EAL4:Methodically designed, tested & reviewed
EAL5:Semi-formally designed & tested
EAL6:Semi-formally verified designed & tested
EAL7:Formally verified designed & tested

Answer 125

A

A. Administrators and processes may attach security labels to objects that provide information on an object’s attributes. Labels are commonly used to apply classifications in a mandatory access control system.

Answer 126

A

D. Multistate systems are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.

Answer 127

A

C. For systems running in System High mode, the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all, information processed by the system.

Answer 128

A

D. In an infrastructure as a service environment, security duties follow a shared responsibility model. Since the vendor is responsible for managing the storage hardware, the vendor would retain responsibility for destroying or wiping drives as they are taken out of service. However, it is still the customer’s responsibility to validate that the vendor’s sanitization procedures meet their requirements prior to utilizing the vendor’s storage services.

Answer 129

A

B. The major difference between a code and a cipher is that ciphers alter messages at the character or bit level, not at the word level. DES, shift ciphers, and word scrambles all work at the character or bit level and are ciphers. “One if by land; two if by sea” is a message with hidden meaning(某些人才看得懂，但和密碼無關) in the words and is an example of a code.

Answer 130

A

C. The verification process is similar to the certification process in that it validates security controls. Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.

Answer 131

A

B. The mean time to failure (MTTF) provides the average amount of time before a device of that particular specification fails.

Answer 132

A

A. Class A fire extinguishers are useful only against common combustible materials. They use water or soda acid as their suppressant(抑製劑). Class B extinguishers are for liquid fires. Class C extinguishers are for electrical fires, and Class D fire extinguishers are for combustible metals(可燃金屬).
#1可燃，2水水，3電火，4電金

Answer 133

A

D. The TEMPEST program creates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations(電磁輻射).

Answer 134

A

B. The Trusted Computing Base (TCB) is a small subset of the system contained within the kernel that carries out critical system activities.

Answer 135

A

A. The MD5 hash algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments.

Answer 136

A

B. Encrypting data on SSD drives does protect against wear leveling. Disk formatting does not effectively remove data from any device. Degaussing is only effective for magnetic media. Physically destroying the drive would not permit reuse.

Answer 137

A

B. In a time of check to time of use (TOCTOU) attack, the attacker exploits the difference in time between when a security control is verified and the data protected by the control is actually used.

Answer 138

A

D. Fences designed to deter more than the casual intruder should be at least 6 feet high. If a physical security system is designed to deter even determined intruders, it should be at least 8 feet high and topped with three strands of barbed wire.

Answer 139

A

D. While all of the controls mentioned protect against unwanted electromagnetic emanations, only white noise is an active control. White noise generates false emanations that effectively “jam” the true emanations from electronic equipment.

Answer 140

A

C. The grant rule allows a subject to grant rights that it possesses on an object to another subject(擁有的權利授予另一個主體).

Answer 141

A

D. The system Charles is remediating may have a firmware or BIOS infection, with malware resident on the system board. While uncommon, this type of malware can be difficult to find and remove. Since he used original media, it is unlikely that the malware came from the software vendor. Charles wiped the system partition, and the system would have been rebooted before being rebuilt, thus clearing system memory.

Answer 142

A

D. Multithreading permits multiple tasks to execute concurrently within a single process. These tasks are known as threads and may be alternated between without switching processes.

Answer 143

A

C. This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language.

Answer 144

A

D. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute-force manner to identify the encryption key in approximately double the time of a brute-force attack against the basic DES algorithm.
#這個術語指的是用於嘗試從兩端打破數學問題的數學分析。
這是一種同時處理函數的正向映射和第二函數的逆的技術。攻擊的工作原理是從一端加密並從另一端解密，從而在中間進行會議。
中間會合攻擊使用已知的明文消息，並以強力方式同時使用明文加密和密文解密，以大約兩倍於暴力攻擊的時間識別加密密鑰。基本的DES算法。

Answer 145

A

A. Heartbeat sensors send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.#都叫Heartbeat

Answer 146

A

B. In a zero-knowledge proof, one individual demonstrates to another that they can achieve a result that requires sensitive information without actually disclosing the sensitive information.
#在零知識證明中，一個人向另一個人證明他們可以在不實際披露敏感信息的情況下獲得需要敏感信息的結果。

Answer 147

A

A. Blowfish allows the user to select any key length between 32 and 448 bits.

Answer 148

A

B. Soda acid and other dry powder extinguishers work to remove the fuel supply. Water suppresses temperature, while halon and carbon dioxide remove the oxygen supply from a fire.
#蘇打酸和其他乾粉滅火器用於去除燃料供應。水可以抑制溫度，而哈龍和二氧化碳可以消除火災中的氧氣供應。#考英文&amp;化學

Answer 149

A

A. The information flow model applies state machines to the flow of information. The Bell-LaPadula model applies the information flow model to confidentiality while the Biba model applies it to integrity.

Answer 150

A

D. Each process that runs on a system is assigned certain physical or logical bounds for resource access, such as memory.

Answer 151

A

C. Capacitance(電容) motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.

Answer 152

A

B. A Faraday cage is a metal skin that prevents electromagnetic emanations from exiting. It is a rarely used technology because it is unwieldy and expensive, but it is quite effective at blocking unwanted radiation.
#法拉第籠是一種金屬皮，可防止電磁輻射的流出。 它是一種很少使用的技術，因為它既笨重又昂貴，但在阻擋不需要的輻射方面非常有效。

Answer 153

A

B. The feedback model of composition theory occurs when one system provides input for a second system and then the second system provides input for the first system. This is a specialized case of the cascading model, so the feedback model is the most appropriate answer.

Answer 154

A

B. UPSs are designed to protect against short-term power losses, such as power faults. When they conduct power conditioning, they are also able to protect against sags and noise. UPSs have limited-life batteries and are not able to maintain continuous operating during a sustained(連續) blackout.

Answer 155

A

D. Data center humidity should be maintained between 40% and 60%. Values below this range increase the risk of static electricity, while values above this range may generate moisture that damages equipment.

Answer 156

A

B. Accreditation is the formal approval by a DAA that an IT system may operate in a described risk environment.

Answer 157

A

B. Abstraction uses a black box approach to hide the implementation details of an object from the users of that object.#你眼殘

Answer 158

A

A. The certificate revocation list contains the serial numbers of digital certificates issued by a certificate authority that have later been revoked.

Answer 159

A

C. Covert channels use surreptitious communications’ paths. Covert timing channels alter the use of a resource in a measurable fashion to exfiltrate information. If a user types using a specific rhythm of Morse code, this is an example of a covert timing channel. Someone watching or listening to the keystrokes could receive a secret message with no trace of the message left in logs.

Answer 160

A

C. Self-signed digital certificates should be used only for internal-facing applications, where the user base trusts the internally generated digital certificate.
#自簽名數字證書應僅用於面向內部的應用程序，其中用戶群信任內部生成的數字證書。

Answer 161

A

C. Lauren has implemented “address space layout randomization”(ALSR), a memory protection methodology that randomizes memory locations, which prevents attackers from using known address spaces and contiguous memory regions to execute code via overflow or stack smashing attacks.

Answer 162

A

A. Supervisory Control and Data Acquisition systems, or SCADA systems, provide a graphical interface to monitor industrial control systems (ICS).
Joanna should ask about access to her organization’s SCADA systems.

Answer 163

A

A. When operating system patches are no longer available for mobile devices, the best option is typically to retire or replace the device. Building isolated networks will not stop the device from being used for browsing or other purposes, which means it is likely to continue to be exposed to threats. Installing a firewall will not remediate the security flaws in the OS, although it may help somewhat. Finally, reinstalling the OS will not allow new updates or fix the root issue.

Answer 164

A

C. The most reasonable choice presented is to move the devices to a secure and isolated network segment. This will allow the devices to continue to serve their intended function while preventing them from being compromised. All of the other scenarios either create major new costs or deprive her organization of the functionality that the devices were purchased to provide.#就很…都給他講這樣= =

Answer 165

A

D. Alex can use digital rights management technology to limit use of the PDFs to paying customers. While DRM is rarely a perfect solution, in this case, it may fit his organization’s needs. EDM is electronic dance music, which his customers may appreciate but which won’t solve the problem. Encryption and digital signatures can help to keep the files secure and to prove who they came from but won’t solve the rights management issue Alex is tackling.

Answer 166

A

A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a packet-switching technology that provides a Committed Information Rate (CIR), which is a minimum bandwidth guarantee provided by the service provider to customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with the DTE providing access to the Frame Relay network, and a provider-supplied DCE, which transmits the data over the network.

Answer 167

A

B. LEAP, the Lightweight Extensible Authentication Protocol, is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.

Answer 168

A

C. He should choose 802.11n, which supports 200+ Mbps in the 2.4 GHz or the 5 GHz frequency range.
802.11a and 802.11ac are both 5 GHz only,
while 802.11g is only capable of 54 Mbps.

11a 5G
11g 2.4G 54Mbps
11n 2.4/5G 200+ Mbps
11ac 5G 1G Mbps

Answer 169

A

DACB. These common ports are important to know, although some of the protocols are becoming less common. SMTP is the Simple Mail Transfer Protocol, IMAP is the Internet Message Access Protocol, and LPD is the Line Printer Daemon protocol used to send print jobs to printers.

Answer 170

A

B. Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency-Division Multiplexing (OFDM) all use spread spectrum techniques to transmit on more than one frequency at the same time. Neither FHSS nor DHSS uses orthogonal modulation, while multiplexing describes combining multiple signals over a shared medium of any sort. WiFi may receive interference from
FHSS systems but doesn’t use it.

Answer 171

A

B. The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP sends passwords unencrypted. EAP is extensible and was used for PPP connections, but it doesn’t directly address the listed items.

Answer 172

A

B. The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec protocols but do not provide authentication services for other systems.

Answer 173

A

B. The firewall in the diagram has two protected zones behind it, making it a two-tier firewall design.

Answer 174

A

D. Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means that user workstations (and users) must be trusted in the same way that local workstations are.

Answer 175

A

B. Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.

Answer 176

A

B. A proxy is a form of gateway that provide clients with a filtering, caching, or other service that protects their information from remote systems. A router connects networks, while a firewall uses rules to limit traffic permitted through it. A gateway translates between protocols.

Answer 177

A

B. Screen scrapers copy the actual screen displayed and display it at a remote location. RDP provides terminal sessions without doing screen scraping, remote node operation is the same as dial-up access, and remote control is a means of controlling a remote system (screen scraping is a specialized subset of remote control).

Answer 178

A

A. S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.

Answer 179

A

A. Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP/IP does not have a specific
throughput as designed, so issues with throughput are device-level issues.

Answer 180

A

C. WEP has a very weak security model that relies on a single, predefined, shared static key. This means that modern attacks can break WEP encryption in less than a minute.

Answer 181

A

C. 802.11n can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.

Answer 182

A

D. iSCSI is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.

Answer 183

A

A. A repeater or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000BaseT is not an issue. A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.

Answer 184

A

B. If a business need requires messaging, using a local messaging server is the best option.
This prevents traffic from traveling to a third-party server and can offer additional benefits such as logging, archiving, and control of security options like the use of encryption.

Answer 185

A

A. Wardriving and warwalking are both processes used to locate wireless networks, but are not typically as detailed and thorough as a site survey, and design mapis a made-up term.
#現場調查

Answer 186

A

C. The DARPA TCP/IP model was used to create the OSI model, and the designers of the OSI model made sure to map the OSI model layers to it. The Application layer of the TCP model maps to the Application, Presentation, and Session layers, while the TCP and OSI models both have a distinct Transport layer.

Answer 187

A

D. Direct Inward System Access uses access codes assigned to users to add a control layer for external access and control of the PBX. If the codes are compromised, attackers can make calls through the PBX or even control it. Not updating a PBX can lead to a range of issues, but this question is looking for a DISA issue. Allowing only local calls and using unpublished numbers are both security controls and might help keep the PBX more secure.
#一個或多個用戶的訪問代碼已被洩露

Answer 188

A

D. Ping uses ICMP, the Internet Control Message Protocol, to determine whether a system responds and how many hops there are between the originating system and the remote system. Lauren simply needs to filter out ICMP to not see her pings.

Answer 189

A

D. 1000BaseT is capable of a 100-meter run according to its specifications. For longer distances, a fiber-optic cable is typically used in modern networks.

Answer 190

A

C. PRI, or Primary Rate Interface, can use between 2 and 23 64 Kbps channels, with a maximum potential bandwidth of 1.544 Mbps. Actual speeds will be lower due to the D channel, which can’t be used for actual data transmission, but PRI beats BRI’s two B channels paired with a D channel for 144 Kbps of bandwidth.

Answer 191

A

C. SPIT stands for Spam over Internet Telephony and targets VoIP systems.

Answer 192

A

C. PPTP, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication Protocol sometimes used with PPTP.

Answer 193

A

C. The Physical layer includes electrical specifications, protocols, and standards that allow control of throughput, handling line noise, and a variety of other electrical interface and signaling requirements. The OSI layer doesn’t have a Device layer. The Transport layer connects the Network and Session layers, and the Data Link layer packages packets from the network layer for transmission and receipt by devices operating on the Physical layer.

Answer 194

A

A. User awareness is one of the most important tools when dealing with attachments. Attachments are often used as a vector for malware, and aware users can help prevent successful attacks by not opening the attachments. Antimalware tools, including antivirus software, can help detect known threats before users even see the attachments. Encryption, including tools like S/MIME, won’t help prevent attachment-based security
problems, and removing ZIP file attachments will only stop malware that is sent via those ZIP files.

Answer 195

A

D. PEAP provides encryption for EAP methods and can provide authentication. It does not implement CCMP, which was included in the WPA2 standard. LEAP is dangerously insecure and should not be used due to attack tools that have been available since the early 2000s.

Answer 196

A

C. Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the Internet, and changing to PAT would not fix the issue.

Answer 197

A

C. Traditional private branch exchange (PBX) systems are vulnerable to eavesdropping because voice communications are carried directly over copper wires. Since standard telephones don’t provide encryption (and you’re unlikely to add encrypted phones unless you’re the NSA), physically securing access to the lines and central connection points is the best strategy available.

Answer 198

A

A. Most cordless phones don’t use encryption, and even modern phones that use DECT (which does provide encryption) have already been cracked. This means that a determined attacker can almost always eavesdrop on cordless phones, and makes them a security risk if they’re used for confidential communication.

Answer 199

A

A. VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won’t help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the problem if it’s on a port that must be allowed through.

Answer 200

A

B. All stateful inspection firewalls enforce an implicit deny rule as the final rule of the rulebase. It is designed to drop all inbound traffic that was not accepted by an earlier rule. Stealth rules hide the firewall from external networks, but they are not included by default. This firewall does not contain any egress filtering rules, and egress filtering is not enforced by default. Connection proxying is an optional feature of stateful inspection
firewalls and would not be enforced without a rule explicitly implementing it.

Answer 201

A

C. A three-tier design separates three distinct protected zones and can be accomplished with a single firewall that has multiple interfaces. Single- and two-tier designs don’t support the number of protected networks needed in this scenario, while a four-tier design would provide a tier that isn’t needed.

Answer 202

A

B. ISDN, cable modems, DSL, and T1 and T3 lines are all examples of broadband technology that can support multiple simultaneous signals. They are analog, not digital, and are not broadcast technologies.

Answer 203

A

D. Network segmentation can reduce issues with performance as well as diminish the chance of broadcast storms by limiting the number of systems in a segment. This decreases broadcast traffic visible to each system and can reduce congestion. Segmentation can also help provide security by separating functional groups who don’t need to be able to access each other’s systems. Installing a firewall at the border would only help with inbound and outbound traffic, not cross-network traffic. Spanning tree loop prevention helps prevent loops in Ethernet networks (for example, when you plug a switch into a switch via two ports on each), but it won’t solve broadcast storms that aren’t caused by a loop or security issues.
Encryption might help prevent some problems between functional groups, but it won’t stop them from scanning other systems, and it definitely won’t stop a broadcast storm!

Answer 204

A

C. One of the visibility risks of virtualization is that communication between servers and systems using virtual interfaces can occur “inside” the virtual environment. This means that visibility into traffic in the virtualization environment has to be purpose-built as part of its design. Option D is correct but incomplete because inter-hypervisor traffic isn’t the only traffic the IDS will see.#VM內部看不到

Answer 205

A

B. Cut and paste between virtual machines can bypass normal network-based data loss prevention tools and monitoring tools like an IDS or IPS. Thus, it can act as a covert channel, allowing the transport of data between security zones. So far, cut and paste has not been used as a method for malware spread in virtual environments and has not been associated with denial of service attacks. Cut and paste requires users to be logged in and does not bypass authentication requirements.

Answer 206

A

A. While virtual machine escape has only been demonstrated in laboratory environments, the threat is best dealt with by limiting what access to the underlying hypervisor can prove to a successful tracker. Segmenting by data types or access levels can limit the potential impact of a hypervisor compromise. If attackers can access the underlying system, restricting the breach to only similar data types or systems will limit the impact.
Escape detection tools are not available on the market, restoring machines to their original snapshots will not prevent the exploit from occurring again, and Tripwire detects file changes and is unlikely to catch exploits that escape the virtual machines themselves.

Answer 207

A

C. WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book, there have not been any practical real-world attacks against WPA2. DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

Answer 208

A

C. A T3 (DS-3) line is capable of 44.736 Mbps. This is often referred to as 45 Mbps.
A T1 is 1.544 Mbps,
ATM is 155 Mbps, and
ISDN is often 64 or 128 Kbps.#記下來

Answer 209

A

B. A two-tier firewall uses a firewall with multiple interfaces or multiple firewalls in series. This image shows a firewall with two protected interfaces, with one used for a DMZ and one used for a protected network. This allows traffic to be filtered between each of the zones (Internet, DMZ, and private network).

Answer 210

A

B. Endpoint security solutions face challenges due to the sheer volume of data that they can create. When each workstation is generating data about events, this can be a massive amount of data. Endpoint security solutions should reduce the number of compromises when properly implemented, and they can also help by monitoring traffic after it is decrypted on the local host. Finally, non-TCP protocols are relatively uncommon on
modern networks, making this a relatively rare concern for endpoint security system implementations.

Answer 211

A

B. Since Bluetooth doesn’t provide strong encryption, it should only be used for activities that are not confidential. Bluetooth PINs are four-digit codes that often default to 0000. #反正他就是不安全
Turning it off and ensuring that your devices are not in discovery mode can help prevent Bluetooth attacks.

Answer 212

A

B. Fibre Channel over Ethernet allows Fibre Channel communications over Ethernet networks, allowing existing high-speed networks to be used to carry storage traffic. This avoids the cost of a custom cable plant for a Fibre Channel implementation. MPLS, or Multiprotocol Label Switching, is used for high performance networking; VoIP is Voice over IP; and SDN is software-defined networking.

Answer 213

A

D. The Point-to-Point Protocol (PPP) is used for dial-up connections for modems, IDSN, Frame Relay, and other technologies. It replaced SLIP in almost all cases. PPTP is the Point-to-Point Tunneling Protocol used for VPNs, and SLAP is not a protocol at all!

Answer 214

A

B. While non-IP protocols like IPX/SPX, NetBEUI, and AppleTalk are rare in modern networks, they can present a challenge because many firewalls are not capable of filtering them. This can create risks when they are necessary for an application or system’s function

Answer 215

A

A. L2TP can use IPsec to provide encryption of traffic, ensuring confidentiality of the traffic carried via an L2TP VPN. PPTP sends the initial packets of a session in plaintext, potentially including usernames and hashed passwords. PPTP does support EAP and was designed to encapsulate PPP packets. All VPNs are point to point, and multipoint issues are not a VPN problem.

Answer 216

A

C. A full mesh topology directly connects each machine to every other machine on the network. For five systems, this means four connections per system.

Answer 217

A

D. Ethernet uses a bus topology. While devices may be physically connected to a switch in a physical topology that looks like a star, systems using Ethernet can all transmit on the bus simultaneously, possibly leading to collisions.

Answer 218

A

B. Category 3 UTP cable is primarily used for phone cables and was also used for early Ethernet networks where it provided 10 Mbps of throughput. Cat 5 cable provides 100 Mbps (and 1000 Mbps if it is Cat 5e). Cat 6 cable can also provide 1000 Mbps.

Answer 219

A

B. Crosstalk occurs when data transmitted on one set of wires is picked up on another set of wires. Interference like this is electromagnetic rather than simply magnetic, transmission absorptionis a made-up term, and amplitude modulation is how AM radio works.

Answer 220

A

B. WEP’s implementation of RC4 is weakened by its use of a static common key and a limited number of initialization vectors. It does not use asymmetric encryption, and clients do not select encryption algorithms.

Answer 221

A

B. VLANs can be used to logically separate groups of network ports while still providing access to an uplink. Per-room VPNs would create significant overhead for support as well as create additional expenses. Port security is used to limit what systems can connect to ports, but it doesn’t provide network security between systems. Finally, while firewalls might work, they would add additional expense and complexity without adding any benefits over a VLAN solution.

Answer 222

A

C. Domain Keys Identified Mail, or DKIM, is designed to allow assertions of domain identity to validate email. S/MIME, PEM, and MOSS are all solutions that can provide authentication, integrity, nonrepudiation, and confidentiality, depending on how they are used.

Answer 223

A

C. Capability tables list the privileges assigned to subjects and identify the objects that subjects can access. Access control lists are object-focused rather than subject-focused.
Implicit deny is a principle that states that anything that is not explicitly allowed is denied, and a rights management matrix is not an access control model.#ACL vs CT

Answer 224

A

#本地第三方身份服務
B. Since Jim’s organization is using a cloud-based identity as a service solution, a third-party, on-premises identity service can provide the ability to integrate with the IDaaS solution, and the company’s use of Active Directory is widely supported by third-party vendors. OAuth is used to log into third-party websites using existing credentials and would not meet the needs described. SAML is a markup language and would not meet the full set of AAA needs. Since the organization is using Active Directory, a custom in-house solution is unlikely to be as effective as a pre-existing third-party solution and may take far more time and expense to implement.

Answer 225

A

C. Kerberos encrypts messages using secret keys, providing protection for authentication traffic. The KDC both is a single point of failure and can cause problems if compromised because keys are stored on the KDC that would allow attackers to impersonate any user. Like many authentication methods, Kerberos can be susceptible to password guessing.

Answer 226

A

B. Menus, shells, and database views are all commonly used for constrained interfaces.
A keyboard is not typically a constrained interface, although physically constrained interfaces like those found on ATMs, card readers, and other devices are common.

Answer 227

A

C. Dictionary attacks use a dictionary or list of common passwords as well as variations of those words to attempt to login as an authorized user. This attack shows a variety of passwords based on a similar base word, which is often a good indicator of a dictionary attack. A brute-force attack will typically show simple iteration of passwords, while a man-in-the-middle attack would not be visible in the authentication log. A rainbow table
attack is used when attackers already have password hashes in their possession and would also not show up in logs.

Answer 228

A

ECBAD.  
User provides authentication credentials =>
Client/TGS key generated=>
TGT generated=>
Client/server ticket generated=>
User accesses service

Answer 229

A

B. A callback to a landline phone number is an example of a “somewhere you are” factor because of the fixed physical location of a wired phone.
A callback to a mobile phone would be a “something you have” factor.
#考你英文差

Answer 230

A

D. Kerberos uses realms, and the proper type of trust to set up for an Active Directory environment that needs to connect to a K5 domain is a realm trust.
A shortcut trust is a transitive trust between parts of a domain tree or forest that shortens the trust path,
a forest trust is a transitive trust between two forest root domains,
and an external trust is a nontransitive trust between AD domains in separate forests.

Answer 231

A

D. Kerberos, Active Directory Federation Services (ADFS), and Central Authentication Services (CAS) are all SSO implementations. RADIUS is not a single sign-on implementation, although some vendors use it behind the scenes to provide authentication for proprietary SSO.#考你沒常識

Answer 232

A

C. Interface restrictions based on user privileges is an example of a constrained interface.
Least privilege describes the idea of providing users with only the rights they need to accomplish their job, while need to know limits access based on whether a subject needs to know the information to accomplish an assigned task. Separation of duties focuses on preventing fraud or mistakes by splitting tasks between multiple subjects.

Answer 233

A

B. The client needs to install the TGT for use until it expires and must also decrypt the symmetric key using a hash of the user’s password.#session key

Answer 234

A

A. Retina scans can reveal additional information, including high blood pressure and pregnancy, causing privacy concerns. Newer retina scans don’t require a puff of air, and retina scanners are not the most expensive biometric factor. Their false positive rate can typically be adjusted in software, allowing administrators to adjust their acceptance rate as needed to balance usability and security.

Answer 235

A

C. Mandatory access control systems are based on a lattice-based model. Lattice-based models use a matrix of classification labels to compartmentalize data. Discretionary access models allow object owners to determine access to the objects they control, role-based access controls are often group based, and rule-based access controls like firewall ACLs apply rules to all subjects they apply to.

Answer 236

A

A. Logging systems can provide accountability for identity systems by tracking the actions, changes, and other activities a user or account performs.

Answer 237

A

B. As an employee’s role changes, they often experience privilege creep, which is the accumulation of old rights and roles. Account review is the process of reviewing accounts and ensuring that their rights match their owners’ role and job requirements. Account revocation(撤銷) removes accounts, while re-provisioning might occur if an employee was terminated and returned or took a leave of absence and returned.

Answer 238

A

A. Biba uses a lattice to control access and is a form of the mandatory access control (MAC) model. It does not use rules, roles, or attributes, nor does it allow user discretion. Users can create content at their level or lower but cannot decide who gets access, levels are not roles, and attributes are not used to make decisions on access control.

Answer 239

A

C. RADIUS is an AAA protocol used to provide authentication and authorization; it’s often used for modems, wireless networks, and network devices. It uses network access servers to send access requests to central RADIUS servers. Kerberos is a ticket-based authentication protocol; OAuth is an open standard for authentication allowing the use of credentials from one site on third-party sites; and EAP is the Extensible Authentication Protocol, an authentication framework often used for wireless networks.

Answer 240

A

A. Resource-based access controls match permissions to resources like a storage volume. 
Resource-based access controls are becoming increasingly common in cloud-based infrastructure as a service environments. The lack of roles, rules, or a classification system indicate that role-based, rule-based, and mandatory access controls are not in use here.
#基於雲的基礎架構即服務環境中

Answer 241

A

C. By default, RADIUS uses UDP and only encrypts passwords. RADIUS supports TCP and TLS, but this is not a default setting.

Answer 242

A

D. A key distribution center (KDC) provides authentication services, and ticket-granting tickets (TGTs) provide proof that a subject has authenticated and can request tickets to access objects. Authentication services (ASs) are part of the KDC. There is no TS in a Kerberos infrastructure.

Answer 243

A

B. Phishing is not an attack against an access control mechanism. While phishing can result in stolen credentials, the attack itself is not against the control system and is instead against the person being phished. Dictionary attacks and man-in-the-middle attacks both target access control systems.

Answer 244

A

C. Mandatory access controls use a lattice to describe how classification labels relate to each other.
In this image, classification levels are set for each of the labels shown.
A discretionary access control (DAC) system would show how the owner of the objects allows access.
RBAC could be either rule- or role-based access control and would use either system-wide rules or roles.
Task-based access control (TBAC) would list tasks for users.
#注意看是不是格子式控管

Answer 245

A

C. LDAP distinguished names are made up of zero or more comma-separated components known as relative distinguished names. cn=ben,ou=example; ends with a semicolon and is not a valid DN. It is possible to have additional values in the same RDN by using a plus sign between then.

Answer 246

A

A. The stored sample of a biometric factor is called a reference profile or a reference template. None of the other answers is a common term used for biometric systems.

Answer 247

A

B. Biometric systems can face major usability challenges if the time to enroll is long (over a couple of minutes) and if the speed at which the biometric system is able to scan and accept or reject the user is too slow. FAR and FRR may be important in the design decisions made by administrators or designers, but they aren’t typically visible to users. CER and ERR are the same and are the point where FAR and FRR meet. Reference profile requirements are a system requirement, not a user requirement.

Answer 248

A

C. TLS provides message confidentiality and integrity, which can prevent eavesdropping. When paired with digital signatures, which provide integrity and authentication, forged assertions can also be defeated. SAML does not have a security mode and relies on TLS and digital signatures to ensure security if needed. Message hashing without a signature would help prevent modification of the message but won’t necessarily provide
authentication.#SAML是Web based & 防偽造的概念

Answer 249

A

B. Integration with cloud-based third parties that rely on local authentication can fail if the local organization’s Internet connectivity or servers are offline. Adopting a hybrid cloud and local authentication system can ensure that Internet or server outages are handled, allowing authentication to work regardless of where the user is or if their home organization is online. Using encrypted and signed communication does not address availability, redirects are a configuration issue with the third party, and a local gateway won’t handle remote users. Also, host files don’t help with availability issues with services other than DNS.#考英文

Answer 250

A

A. While many solutions are technical, if a trusted third party redirects to an unexpected authentication site, awareness is often the best defense. Using TLS would keep the transaction confidential but would not prevent the redirect. Handling redirects locally only works for locally hosted sites, and using a third-party service requires offsite redirects. An IPS might detect an attacker’s redirect, but tracking the multitude of load-balanced servers most large providers use can be challenging, if not impossible. In addition, an IPS relies on visibility into the traffic, and SAML integrations should be encrypted for security, which would require a man-in-the-middle type of IPS to be configured.

Answer 251

A

C. Service Provisioning Markup Language, or SPML, is an XML-based language designed to allow platforms to generate and respond to provisioning requests. SAML is used to make authorization and authentication data, while XACML is used to describe access controls. SOAP, or Simple Object Access Protocol, is a messaging protocol and could be used for any XML messaging but is not a markup language itself.

Answer 252

A

B. Google’s federation(ex:openID) with other applications and organizations allows single sign-on as well as management of their electronic identity and its related attributes. While this is an example of SSO, it goes beyond simple single sign-on. Provisioning provides accounts and rights, and a public key infrastructure is used for certificate management.

Answer 253

A

D. When users have more rights than they need to accomplish their job, they have excessive privileges. This is a violation of the concept of least privilege. Unlike creeping privileges, this is a provisioning or rights management issue rather than a problem of retention of rights the user needed but no longer requires. Rights collisionis a made-up term and thus is not an issue here.

Answer 254

A

B. Registration is the process of adding a user to an identity management system. This includes creating their unique identifier and adding any attribute information that is associated with their identity. Proofing occurs when the user provides information to prove who they are. Directories are managed to maintain lists of users, services, and other items. Session management tracks application and user sessions.

Answer 255

A

A. Port 636 is the default port for LDAP-S, which provides LDAP over SSL or TLS, thus indicating that the server supports encrypted connections. Since neither port 3268 nor 3269 is mentioned, we do not know if the server provides support for a global catalog.

Answer 256

A

D. The X.500 series of standards covers directory services. Kerberos is described in RFCs; biometric systems are covered by a variety of standards, including ISO standards; and provisioning standards include SCIM, SPML, and others.

Answer 257

A

B. Active Directory Domain Services is based on LDAP, the Lightweight Directory Access Protocol. Active Directory also uses Kerberos for authentication.

Answer 258

A

A. By default, OpenLDAP stores the userPassword attribute in the clear. This means that ensuring that the password is provided to OpenLDAP in a secure format is the responsibility of the administrator or programmer who builds its provisioning system.

Answer 259

A

C. Kathleen should implement a biometric factor. The cards and keys are an example of a Type 2 factor, or “something you have.” Using a smart card replaces this with another Type 2 factor, but the cards could still be loaned out or stolen. Adding a PIN suffers from the same problem: a PIN can be stolen. Adding cameras doesn’t prevent access to the facility and thus doesn’t solve the immediate problem (but it is a good idea!).
#淦話題

Answer 260

A

D. Administrative access controls are procedures and the policies from which they derive. They are based on regulations, requirements, and the organization’s own policies. Corrective access controls return an environment to its original status after an issue, while logical controls are technical access controls that rely on hardware or software to protect systems and data. Compensating controls are used in addition to or as an alternative to other controls.

Answer 261

A

A. When clients perform a client service authorization, they send a TGT and the ID of the requested service to the TGS, and the TGS responds with a client-to-server ticket and session key back to the client if the request is validated. An AS is an authentication server, and the SS is a service server, neither of which can be sent.

Answer 262

A

C. In a mandatory access control system, all subjects and objects have a label.
Compartments may or may not be used, but there is not a specific requirement for either subjects or objects to be compartmentalized. The specific labels of Confidential, Secret, and Top Secret are not required by MAC.
Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are given the choice between using their Google account using OAuth 2.0 or creating a new account on the platform using their own email address and a password of their choice.

Answer 263

A

B. The anti-forgery state token exchanged during OAuth sessions is intended to prevent cross-site request forgery. This makes sure that the unique session token with the authentication response from Google’s OAuth service is available to verify that the user, not an attacker, is making a request. XSS attacks focus on scripting and would have script tags involved, SQL injection would have SQL code included, and XACML is the
eXtensible Access Control Markup Language, not a type of attack.

Answer 264

A

C. An access control matrix is a table that lists objects, subjects, and their privileges.
Access control lists focus on objects and which subjects can access them. Capability tables list subjects and what objects they can access. Subject/object rights management systems are not based on an access control model.

Answer 265

A

The security controls match with the categories as follows:
1. Password: B. Technical.
2. Account reviews: A. Administrative.
3. Badge readers: C. Physical.
4. MFA: B. Technical.
5. IPS: B. Technical.
Passwords, multi-factor authentication (MFA) techniques, and intrusion prevention systems (IPS) are all examples of technical controls. Account reviews are an administrative control, while using badges to control access is a physical control.

Answer 266

A

A. Verifying information that an individual should know about themselves using third-party factual information (a Type 1 authentication factor) is sometimes known as dynamic knowledge-based authentication and is a type of identity proofing. Out-of-band identity proofing would use another means of contacting the user, like a text message or phone call, and password verification requires a password.#ref

Answer 267

A

C. The US government’s Common Access Card is a smart card. The US government also issues PIV cards, or personal identity verification cards.

Answer 268

A

C. OpenID Connect is a RESTful, JSON-based authentication protocol that, when paired with OAuth, can provide identity verification and basic profile information. SAML is the Security Assertion Markup Language, Shibboleth is a federated identity solution designed to allow web-based SSO, and Higgins is an open-source project designed to provide users with control over the release of their identity information.

Answer 269

A

B. Time-based controls are an example of context-dependent controls. A constrained interface would limit what Susan was able to do in an application or system interface, while content-dependent control would limit her access to content based on her role or rights. Least privilege is used to ensure that subjects only receive the rights they need to perform their role.

Answer 270

A

C. Synchronous soft tokens, such as Google Authenticator, use a time-based algorithm that generates a constantly changing series of codes. Asynchronous tokens typically require a challenge to be entered on the token to allow it to calculate a response, which the server compares to the response it expects. Smartcards typically present a certificate but may have other token capabilities built in. Static tokens are physical devices that can contain credentials and include smart cards and memory cards.

Answer 271

A

B. CER is a standard used to assess biometric devices. If the CER for this device does not fit the needs of the organization, Ben should assess other biometric systems to find one with a lower CER. Sensitivity is already accounted for in CER charts, and moving the CER isn’t something Ben can do. FRR is not a setting in software, so Ben can’t use that as an option either.

Answer 272

A

B. The Simple Authentication and Security Layer (SASL) for LDAP provides support for a range of authentication types, including secure methods. Anonymous authentication does not require or provide security, and simple authentication can be tunneled over SSL or TLS but does not provide security by itself. S-LDAP is not an LDAP protocol.

Answer 273

A

C. Palm scans compare the vein patterns in the palm to a database to authenticate a user.
Vein patterns are unique, and this method is a better single-factor authentication method than voice pattern recognition, hand geometry, and pulse patterns, each of which can be more difficult to uniquely identify between individuals or can be fooled more easily.

Answer 274

A

B. Allowing the relying party to provide the redirect to the OpenID provider could allow a phishing attack by directing clients to a fake OpenID provider that can capture valid credentials. Since the OpenID provider URL is provided by the client, the relying party cannot select the wrong provider. The relying party never receives the user’s password, which means that they can’t steal it. Finally, the relying party receives the signed assertion but does not send one.

Answer 275

A

B. Drives in a RAID-5 array are intended to handle failure of a drive. This is an example of a recovery control, which is used to return operations to normal function after a failure. Administrative controls are policies and procedures. Compensation controls help cover for issues with primary controls or improve them. Logical controls are software and hardware mechanisms used to protect resources and systems.

Answer 276

A

A. In this example, uid=ben,ou=sales,dc=example,dc=com, the items proceed from most specific to least specific (broadest) from left to right, as required by a DN.

Answer 277

A

A. Kerberos, KryptoKnight, and SESAME are all single sign-on, or SSO, systems. PKI systems are public key infrastructure systems, CMS systems are content management systems, and LDAP and other directory servers provide information about services, resources, and individuals.

Answer 278

A

B. Locks can be preventative access controls by stopping unwanted access, can deter potential intruders by making access difficult, and are physical access controls. They are not directive controls because they don’t control the actions of subjects.

Answer 279

A

B. Windows uses Kerberos for authentication. RADIUS is typically used for wireless networks, modems, and network devices, while OAuth is primarily used for web applications. TACACS+ is used for network devices.

Answer 280

A

C. The default ports for SSL/TLS LDAP directory information and global catalog services are 636 and 3269, respectively.
Unsecure LDAP uses 389, and unsecure global directory services use 3268.

Answer 281

A

D. Mutation(變異) testing modifies a program in small ways and then tests that mutant to determine if it behaves as it should or if it fails. This technique is used to design and test software tests through mutation.
Static code analysis and regression testing are both means of testing code, whereas code auditing is an analysis of source code rather than a means of designing and testing software tests.

Answer 282

A

B. An IPS is an example of a mechanism like a hardware-, software-, or firmware-based control or system.
Specifications are document-based artifacts like policies or designs, activities are actions that support an information system that involves people, and an individual is one or more people applying specifications, mechanisms, or activities.

Answer 283

A

A. Service Organization Control (SOC) reports replaced SAS-70 reports in 2010. A Type I report only covers a point in time, so Susan needs an SOC Type II report to have the information she requires to make a design and operating effectiveness decision based on the report.

Answer 284

A

B. Not only should active scanning be expected to cause wireless IPS alarms, but they may actually be desired if the test is done to test responses. Accidentally scanning guests or neighbors or misidentifying devices belonging to third parties are all potential problems with active scanning and require the security assessor to carefully verify the systems that she is scanning.#他覺得那個不叫問題

Answer 285

A

C. Generational fuzzing relies on models for application input and conducts fuzzing attacks based on that information. Mutation-based fuzzers are sometimes called “dumb” fuzzers because they simply mutate or modify existing data samples to create new test samples. Neither parametricnor derivativeis a term used to describe types of fuzzers.

Answer 286

A

B. Flows, also often called network flows, are captured to provide insight into network traffic for security, troubleshooting, and performance management. Audit logging provides information about events on the routers, route logging is not a common network logging function, and trace logs are used in troubleshooting specific software packages as they perform their functions.

Answer 287

A

B. Karen can’t use MTD verification because MTD is the Maximum Tolerable Downtime.Verifying it will only tell her how long systems can be offline without significant business impact. Reviewing logs, using hashing to verify that the logs are intact, and performing periodic tests are all valid ways to verify that the backups are working properly.
“should Karen avoid”“應避免使用”

Answer 288

A

B. Windows systems generate logs in the Windows native logging format. To send syslog events, Windows systems require a helper application or tool. Enterprise wireless access points, firewalls, and Linux systems all typically support syslog.#M$要另外想辦法弄出來

Answer 289

A

A. A test coverage analysis is often used to provide insight into how well testing covered the set of use cases that an application is being tested for. Source code reviews look at the code of a program for bugs, not necessarily at a use case analysis, whereas fuzzing tests invalid inputs. A code review report might be generated as part of a source code review.

Answer 290

A

B. Synthetic monitoring uses emulated or recorded transactions to monitor for performance changes in response time, functionality, or other performance monitors.
Passive monitoring uses a span port or other method to copy traffic and monitor it in real time. Log analysis is typically performed against actual log data but can be performed on simulated traffic to identify issues. Simulated transaction analysisis not an industry term.

Answer 291

A

B. Emily is using synthetic transactions, which can use recorded or generated transactions, and is conducting use case testing to verify that the application responds properly to actual use cases. Neither actual datanor dynamic monitoringis an industry term. Fuzzing involves sending unexpected inputs to a program to see how it responds. Passive monitoring uses a network tap or other capture technology to allow monitoring of actual traffic to a system or application.

Answer 292

A

B. Jim should ask the information security team to flag the issue as resolved if he is sure the patch was installed. Many vulnerability scanners rely on version information or banner information and may flag patched versions if the software provider does not update the information they see. Uninstalling and reinstalling the patch will not change this. Changing the version information may not change all of the details that are being flagged by the scanner and may cause issues at a later date. Reviewing the vulnerability information for a workaround may be a good idea but should not be necessary if the proper patch is installed; it can create maintenance issues later.

Answer 293

A

C. An important part of application threat modeling is threat categorization. It helps to assess attacker goals that influence the controls that should be put in place. The other answers all involve topics that are not directly part of application threat modeling.

Answer 294

A

A. Passive scanning can help identify rogue devices by capturing MAC address vendor IDs that do not match deployed devices, by verifying that systems match inventories of organizationally owned hardware by hardware address, and by monitoring for rogue SSIDs or connections.
Scripted attacks are part of active scanning rather than passive scanning, and active scanning is useful for testing IDS or IPS systems, whereas passive scanning will not be detected by detection systems. Finally, a shorter dwell time can actually miss troublesome traffic, so balancing dwell time versus coverage is necessary for passive wireless scanning efforts

Answer 295

A

D. Bluetooth active scans can determine both the strength of the PIN and what security mode the device is operating in. Unfortunately, Bluetooth scans can be challenging due to the limited range of Bluetooth and the prevalence of personally owned Bluetooth enabled devices. Passive Bluetooth scanning only detects active connections and typically requires multiple visits to have a chance of identifying all devices.

Answer 296

A

D. Regression testing, which is a type of functional or unit testing, tests to ensure that changes have not introduced new issues. Non-regression testing checks to see whether a change has had the effect it was supposed to, smoke testing focuses on simple problems with impact on critical functionality, and evolution testing is not a software testing technique.

Answer 297

A

B. Code coverage testing most frequently requires that every function has been called, that each statement has been executed, that all branches have been fully explored, and that each condition has been evaluated for all possibilities. API, input, and loop testing are not common types of code coverage testing measures.

Answer 298

A

B. Time to remediate a vulnerability is a commonly used key performance indicator for security teams. Time to live measures how long a packet can exist in hops, business criticality is a measure used to determine how important a service or system is to an organization, and coverage rates are used to measure how effective code testing is.

Answer 299

A

B. Application programming interfaces (APIs), user interfaces (UIs), and physical interfaces are all important to test when performing software testing. Network interfaces are not a part of the typical list of interfaces tested in software testing.

Answer 300

A

C. The Common Vulnerabilities and Exposures (CVE) database provides a consistent reference for identifying security vulnerabilities. The Open Vulnerability and Assessment Language (OVAL) is used to describe the security condition of a system. The Extensible Configuration Checklist Description Format (XCCDF) is used to create security checklists in a standardized fashion. The Script Check Engine (SCE) is designed to make scripts interoperable with security policy definitions.

Answer 301

A

B. Security vulnerabilities can be created by misconfiguration, logical or functional design or implementation issues, or poor programming practices. Fuzzing is a method of software testing and is not a type of issue. Buffer overflows and race conditions are both caused by logical or programming flaws, but they are not typically caused by misconfiguration or functional issues.

Answer 302

A

C. Simply updating the version that an application provides may stop the vulnerability scanner from flagging it, but it won’t fix the underlying issue. Patching, using workarounds, or installing an application layer firewall or IPS can all help to remediate or limit the impact of the vulnerability.

Answer 303

A

C. Penetration tests are intended to help identify vulnerabilities, and exploiting them is part of the process rather than a hazard. Application crashes; denial of service due to system, network, or application failures; and even data corruption can all be hazards of penetration tests.#那是他本來就在做的事情

Answer 304

A

B. NIST SP 800-53A is titled “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans,” and covers methods for assessing and measuring controls.
NIST 800-12 is an introduction to computer security, 800-34 covers contingency planning, and 800-86 is the “Guide to Integrating Forensic Techniques into Incident Response.”

Answer 305

A

C. ITIL, which originally stood for IT Infrastructure Library, is a set of practices for IT service management, and is not typically used for auditing. COBIT, or the Control Objectives for Information and Related Technology, ISO 27002, and SSAE-18, or the Statement on Standards for Attestation Engagements number 18, are all used for auditing.

Answer 306

A

A. NIST SP 800-137 outlines the process for organizations that are establishing, implementing, and maintaining an ISCM as define, establish, implement, analyze and report, respond, review, and update. Prepare, detect and analyze, contain, respond, recover, report is an incident response plan, and the others do not match the NIST process.

Answer 307

A

B. Lauren’s team is using regression testing, which is intended to prevent the recurrence of issues. This means that measuring the rate of defect recurrence is an appropriate measure for their work. Time to remediate vulnerabilities is associated with activities like patching, rather than preparing the patch, whereas a weighted risk trend is used to measure risk over time to an organization. Finally, specific coverage may be useful to determine if they are fully testing their effort, but regression testing is more specifically covered by defect recurrence rates.

Answer 308

A

C. Static program reviews are typically performed by an automated tool. Program understanding, program comprehension, code review, software inspections and software walkthroughs are all human-centric methods for reviewing code.

Answer 309

A

A. A test coverage report measures how many of the test cases have been completed and is used as a way to provide test metrics when using test cases. A penetration test report is provided when a penetration test is conducted—this is not a penetration test. A code coverage report covers how much of the code has been tested, and a line coverage report is a type of code coverage report.#不要看到黑盒子就開槍

Answer 310

A

C. The changes from a testing environment with instrumentation inserted into the code and the production environment for the code can mask timing-related issues like race conditions. Bounds checking, input validation, and pointer manipulation are all related to coding issues rather than environmental issues and are more likely to be discoverable in a test environment.

Answer 311

A

D. Once a vulnerability scanner identifies a potential problem, validation is necessary to verify that the issue exists. Reporting, patching, or other remediation actions can be conducted once the vulnerability has been confirmed.

Answer 312

A

B. Fagan testing is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases. Dynamic tests test the code in a real runtime environment, whereas fuzzing is a type of dynamic testing that feeds invalid inputs to software to test its exception-handling capabilities. Roth-Parker reviews were made up for this question.#中文那本p452

Answer 313

A

D. The Common Vulnerability Scoring System (CVSS) includes metrics and calculation tools for exploitability, impact, how mature exploit code is, and how vulnerabilities can be remediated, as well as a means to score vulnerabilities against users’ unique requirements. NVD is the National Vulnerability Database, CSV is short for comma-separated values, and VSS (Visual SourceSafe)is an irrelevant term related to software development rather than vulnerability management.

Answer 314

A

DCEBFA. Planning=>Overview=>Preparation=>Inspection=>Rework=>Follow-up

Answer 315

A

B. The Common Platform Enumeration (CPE) component of SCAP provides a consistent way to refer to operating systems and other system components. The Common Vulnerabilities and Exposures (CVE) component provides a consistent way to refer to security vulnerabilities. The Common Weaknesses Enumeration (CWE) component helps describe the root causes of software flaws. The Open Vulnerability and Assessment Language (OVAL) standardizes steps of the vulnerability assessment process.

Answer 316

A

C. Rebooting a Windows machine results in an information log entry. Windows defines five types of events: errors, which indicate a significant problem; warnings, which may indicate future problems; information, which describes successful operation; success audits, which record successful security accesses; and failure audits, which record failed security access attempts.

Answer 317

A

A. Authenticated scans use a read-only account to access configuration files, allowing more accurate testing of vulnerabilities. Web application, unauthenticated scans, and port scans don’t have access to configuration files unless they are inadvertently exposed.

Answer 318

A

D. Since a shared symmetric key could be used by any of the servers, transaction identification problems caused by a shared key are likely to involve a repudiation issue. If encrypted transactions cannot be uniquely identified by server, they cannot be proved to have come from a specific server.

Answer 319

A

C. Filtering is useful for preventing denial of service attacks but won’t prevent tampering with data. Hashes and digital signatures can both be used to verify the integrity of data, and authorization controls can help ensure that only those with the proper rights can modify the data.

Answer 320

A

X. A & C right B & D wrong
Fuzz testers are capable of automatically generating input sequences to test an application. Therefore, testers do not need to manually generate input, although they may do so if they wish. Fuzzers can reproduce errors (and thus, “fuzzers can’t reproduce errors” is not an issue) but typically don’t fully cover the code—code coverage tools are usually paired with fuzzers to validate how much coverage was possible. Fuzzers are often
limited to simple errors because they won’t handle business logic or attacks that require knowledge from the application user.

Answer 321

A

D. Statement coverage tests verify that every line of code was executed during the test. Branch coverage verifies that every if statement was executed under all if and else conditions. Condition coverage verifies that every logical test in the code was executed under all sets of inputs. Function coverage verifies that every function in the code was called and returns results.

Answer 322

A

D. Nmap only scans 1000 TCP and UDP ports by default, including ports outside the 0–1024 range of “well-known” ports. By using the defaults for nmap, Ben missed 64,535 ports. OS fingerprinting won’t cover more ports but would have provided a best guess of the OS running on the scanned system.

Answer 323

A

A. Sqlmap is a dedicated database vulnerability scanner and is well suited for Kevin’s purposes. Nmap is a network port scanner that would not provide relevant results. Nessus is a network vulnerability scanner and may detect issues with a database but would not be as effective as sqlmap. Sqlthrash does not exist.

Answer 324

A

A. Specifications are the documents associated with the system being audited.
Specifications generally include policies, procedures, requirements, and designs.

Answer 325

A

B. Once additional tools have been installed, penetration testers will typically use them to gain additional access. From there they can further escalate privileges, search for new targets or data, and once again, install more tools to allow them to pivot further into infrastructure or systems.

Answer 326

A

C. While most organizations would want to log attempts to log in to a workstation, this is not considered a privileged administrative activity and would go through normal logging processes.

Answer 327

A

D. Real evidence consists of things that may actually be brought into a courtroom as evidence. For example, real evidence includes hard disks, weapons, and items containing fingerprints. Documentary evidence consists of written items that may or may not be in tangible form. Testimonial evidence is verbal testimony given by witnesses with relevant information. The parol evidence rule says that when an agreement is put into written form, the written document is assumed to contain all the terms of the agreement.

Answer 328

A

A. In a manual recovery approach, the system does not fail into a secure state but requires an administrator to manually restore operations. In an automated recovery, the system can recover itself against one or more failure types. In an automated recovery without undue loss, the system can recover itself against one or more failure types and also preserve data against loss. In function recovery, the system can restore functional processes automatically.
#在手動恢復方法中，系統不會故障進入安全狀態，而是需要管理員手動恢復操作。 在自動恢復中，系統可以針對一種或多種故障類型進行自我恢復。 在沒有不適當損失的自動恢復中，系統可以針對一種或多種故障類型進行自我恢復，還可以保留數據以防丟失。 在功能恢復中，系統可以自動恢復功能過程。

Answer 329

A

A. Netflow records contain an entry for every network communication session that took place on a network and can be compared to a list of known malicious hosts. IDS logs may contain a relevant record, but it is less likely because they would only create log entries if the traffic triggers the IDS, as opposed to netflow records, which encompass all communications. Authentication logs and RFC logs would not have records of any network traffic.

Answer 330

A

B. Before granting access, Gary should verify that the user has a valid security clearance and a business need to know the information. Gary is performing an authorization task, so he does not need to verify the user’s credentials, such as a password or biometric scan.

Answer 331

A

D. Gary should follow the principle of two-person control by requiring simultaneous action by two separate authorized individuals to gain access to the encryption keys. He should also apply the principles of least privilege and defense in depth, but these principles apply to all operations and are not specific to sensitive operations. Gary should avoid the security through obscurity principle, the reliance upon the secrecy of security mechanisms to provide security for a system or process.

Answer 332

A

D. Hotfixes, updates, and security fixes are all synonyms for single patches designed to correct a single problem. Service packs are collections of many different updates that serve as a major update to an operating system or application.

Answer 333

A

C. A forensic disk controller performs four functions. One of those, write blocking, intercepts write commands sent to the device and prevents them from modifying data on the device. The other three functions include returning data requested by a read operation, returning access-significant information from the device, and reporting errors from the device back to the forensic host.

Answer 334

A

A. The change log contains information about approved changes and the change management process. While other logs may contain details about the change’s effect, the audit trail for change management would be found in the change log.

Answer 335

A

D. A disaster is any event that can disrupt normal IT operations and can be either natural or manmade. Hacking and terrorism are examples of manmade disasters, while flooding and fire are examples of natural disasters.

Answer 336

A

D. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems. During a parallel test, the team actually activates the
disaster recovery site for testing, but the primary site remains operational. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive.

Answer 337

A

B. The Grandfather/Father/Son, Tower of Hanoi, and Six Cartridge Weekly schemes are all different approaches to rotating backup media that balance reuse of media with data retention concerns. Meet-in-the-middle is a cryptographic attack against 2DES encryption.

Answer 338

A

C. Evidence provided in court must be relevant to determining a fact in question, material to the case at hand, and competently obtained. Evidence does not need to be tangible.
Witness testimony is an example of intangible evidence that may be offered in court.

Answer 339

A

D. 電腦資安事件應變小組（Computer Security Incident Response Team）CSIRT representation normally includes at least representatives of senior management, information security professionals, legal representatives, public affairs staff, and engineering/technical staff.

Answer 340

A

C. Intrusion detection systems (IDSs) provide only passive responses, such as alerting administrators to a suspected attack. Intrusion prevention systems and firewalls, on the other hand, may take action to block an attack attempt. Antivirus software also may engage in active response by quarantining suspect files.

Answer 341

A

D. Entitlementrefers#權利 to the privileges granted to users when an account is first provisioned.

Answer 342

A

C. The (ISC)2code of ethics applies only to information security professionals who are members of (ISC)2. Adherence to the code is a condition of certification, and individuals found in violation of the code may have their certifications revoked. (ISC)2members who observe a breach of the code are required to report the possible violation by following the ethics complaint procedures.

Answer 343

A

B. The principle of least privilege says that an individual should only have the privileges necessary to complete their job functions. Removing administrative privileges from nonadministrative users is an example of least privilege.

Answer 344

A

D. There is no need to conduct forensic imaging as a preventative measure. Rather, forensic imaging should be used during the incident response process. Maintaining patch levels, implementing intrusion detection/prevention, and removing unnecessary services and accounts are all basic preventative measures.

Answer 345

A

B. The scrutiny of hard drives for forensic purposes is an example of media analysis.
Embedded device analysis looks at the computers included in other large systems, such as automobiles or security systems. Software analysis analyzes applications and their logs.
Network analysis looks at network traffic and logs.

Answer 346

A

C. An attack committed against an organization by an insider, such as an employee, is known as sabotage. Espionage and confidentiality breaches involve the theft of sensitive information, which is not alleged to have occurred in this case. Integrity breaches involve the unauthorized modification of information, which is not described in this scenario.
A.  Espionage#間諜活動
B.  Confidentiality breach#違反保密規定
C.  Sabotage#破壞
D.  Integrity breach

Answer 347

A

A. Interviews occur when investigators meet with an individual who may have information relevant to their investigation but is not a suspect. If the individual is a suspect, then the meeting is an interrogation.

Answer 348

A

D. The image clearly contains the watermark of the US Geological Survey (USGS), which ensures that anyone seeing the image knows its origin. It is not possible to tell from looking at the image whether steganography was used. Sampling and clipping are data analysis techniques and are not used to protect images.

Answer 349

A

C. In an electronic vaulting approach, automated technology moves database backups from the primary database server to a remote site on a scheduled basis, typically daily.
Transaction logging is not a recovery technique alone; it is a process for generating the logs used in remote journaling. Remote journaling transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, typically hourly. Remote mirroring maintains a live database server at the backup site and mirrors all transactions at the primary site on the server at the backup site.

Answer 350

A

#恢復主要設施的運營
C. The end goal of the disaster recovery process is restoring normal business operations in the primary facility. All of the other actions listed may take place during the disaster recovery process, but the process is not complete until the organization is once again functioning normally in its primary facilities.

Answer 351

A

C. A host-based intrusion detection system (HIDS) may be able to detect unauthorized processes running on a system. The other controls mentioned, network intrusion detection systems (NIDSs), firewalls, and DLP systems, are network-based and may not notice rogue processes.

Answer 352

A

B. Carla’s account has experienced aggregation, where privileges accumulated over time.
This condition is also known as privilege creep and likely constitutes a violation of the least privilege principle.

Answer 353

A

C. The Mitigation phase of incident response focuses on actions that can contain the damage incurred during an incident. This includes limiting the scope and or effectiveness of the incident.

Answer 354

A

D. To be admissible, evidence must be relevant, material, and competent. The laptop in this case is clearly material because it contains logs related to the crime in question.
It is also relevant because it provides evidence that ties the hacker to the crime. It is not competent because the evidence was not legally obtained.
A. Materiality#重要性
B. Relevance#關聯性
C. Hearsay#傳聞
D. Competence#能力

Answer 355

A

B. Software escrow agreements place a copy of the source code for a software package in the hands of an independent third party who will turn the code over to the customer if the vendor ceases business operations. Service level agreements, mutual assistance agreements, and compliance agreements all lose some or all of their effectiveness if the vendor goes out of business.

Answer 356

A

D. Any attempt to undermine the security of an organization or violation of a security policy is a security incident. Each of the events described meets this definition and should be treated as an incident.

Answer 357

A

D. Egress filtering scans outbound traffic for potential security policy violations. This includes traffic with a private IP address as the destination, traffic with a broadcast address as the destination, and traffic that has a falsified source address not belonging to the organization.#除了D以外其他都要BAN

Answer 358

A

B. Netflow data contains information on the source, destination, and size of all network communications and is routinely saved as a matter of normal activity. Packet capture data would provide relevant information, but it must be captured during the suspicious activity and cannot be re-created after the fact unless the organization is already conducting 100 percent packet capture, which is very rare. Additionally, the use of encryption limits the effectiveness of packet capture. Intrusion detection system logs would not likely contain relevant information because the encrypted traffic would probably not match intrusion signatures. Centralized authentication records would not contain information about network traffic.

Answer 359

A

A. Virtual machines run full guest operating systems on top of a host platform known as the hypervisor.

Answer 360

A

C. In an infrastructure as a service environment, the vendor is responsible for hardware- and network-related responsibilities. These include configuring network firewalls, maintaining the hypervisor, and managing physical equipment. The customer retains responsibility for patching operating systems on its virtual machine instances.

Answer 361

A

A. Transitive trusts go beyond the two domains directly involved in the trust relationship and extend to their subdomains.

Answer 362

A

B. The Fourth Amendment states, in part, that “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The First Amendment contains protections related to freedom of speech. The Fifth Amendment ensures that no person will be required to serve as a witness
against themselves. The Fifteenth Amendment protects the voting rights of citizens.

Answer 363

A

A. Expert opinion evidence allows individuals to offer their opinion based upon the facts in evidence and their personal knowledge. Expert opinion evidence may be offered only if the court accepts the witness as an expert in a particular field. Direct evidence is when witnesses testify about their direct observations. Real evidence consists of tangible items brought into court as evidence. Documentary evidence consists of written records used as evidence in court.

Answer 364

A

D. The standard methods for clearing magnetic tapes, according to the NIST Guidelines for Media Sanitization, are overwriting the tape with nonsensitive data, degaussing, and physical destruction via shredding or incineration. Reformatting a tape does not remove remnant data.

Answer 365

A

B. The analysis of application logs is one of the core tasks of software analysis. This is the correct answer because SQL injection attacks are application attacks.

Answer 366

A

C. Quantum may choose to use any or all of these security controls, but data encryption is, by far, the most important control. It protects the confidentiality of data stored on the tapes, which are most vulnerable to theft while in transit between two secure locations.

Answer 367

A

D. If software is released into the public domain, anyone may use it for any purpose, without restriction. All other license types contain at least some level of restriction.

Answer 368

A

#持續
C. Generators are capable of providing backup power for a sustained period of time in the event of a power loss, but they take time to activate. Uninterruptible power supplies (UPS) provide immediate, battery-driven power for a short period of time to cover momentary losses of power, which would not cover a sustained period of power loss. RAID and redundant servers are high-availability controls but do not cover power loss scenarios.

Answer 369

A

D. The benefits of additional discovery must be proportional to the additional costs that they will require. This prevents additional discovery requests from becoming inordinately expensive, and the requester will typically have to justify these requests to the judge presiding over the case.

Answer 370

A

A. System Center Configuration Manager (SCCM) provides this capability and is designed to allow administrators to evaluate the configuration status of Windows workstations and servers, as well as providing asset management data. SCOM is primarily used to monitor for health and performance, Group Policy can be used for a variety of tasks including deploying settings and software, and custom PowerShell scripts could do this but should not be required for a configuration check.

Answer 371

A

A. John’s design provides multiple processing sites, distributing load to multiple regions.
Not only does this provide business continuity and disaster recovery functionality, but it also means that his design will be more resilient to denial of service attacks.

Answer 372

A

B. Duress, or being under threat of violence or other constraints, is a concern for organizations such as banks, jewelry stores, or other organizations where an attacker may attempt to force an employee to perform actions. Organizations that expect that a scenario like this may occur will often use duress code words that let others know that they are performing actions under threat.

Answer 373

A

C. Code review takes place after code has been developed, which occurs after the design phase of the system’s development lifecycle (SDLC). Code review may use a combination of manual and automated techniques, or rely solely on one or the other. It should be a peer-driven(同行驅動) process that includes developers who did not write the code. Developers should expect to complete the review of around 300 lines per hour, on average.

Answer 374

A

C. One of the responsibilities of the release control process is ensuring that the process includes acceptance testing that confirms that any alterations to end-user work tasks are understood and functional prior to code release. The request control, change control, and configuration control processes do not include acceptance testing.

Answer 375

A

A. The SDLC consists of seven phases, in the following order: conceptual definition(概念定義), functional requirements determination, control specifications development, design review, code review, system test review, and maintenance and change management.

Answer 376

A

D. The error message shown in the figure is the infamous “Blue Screen of Death” that occurs when a Windows system experiences a dangerous failure and enters a fail secure state. If the system had “failed open,” it would have continued operation. The error described is a memory fault that is likely recoverable by rebooting the system. There is no indication that the system has run out of usable memory.

Answer 377

A

D. Software threat modeling is designed to reduce the number of security-related design and coding flaws as well as the severity of other flaws. The developer or evaluator of software has no control over the threat environment, because it is external to the organization.
軟件威脅建模旨在減少與安全相關的設計和編碼缺陷的數量，以及其他缺陷的嚴重性。軟件開發人員或評估人員無法控制威脅環境，因為它在組織外部。

Answer 378

A

A. Primary storage is a technical term used to refer to the memory that is directly available to the CPU. Nonvolatile storage mechanisms, such as flash drives, DVDs, and hard drives, are classified as secondary storage.
主存儲是一個技術術語，用於指代CPU直接可用的內存。非易失性存儲機制（例如閃存驅動器，DVD和硬盤驅動器）被分類為輔助存儲。

Answer 379

A

C. Design reviews should take place after the development of functional and control specifications but before the creation of code. The code review, unit testing, and functional testing all take place after the creation of code and, therefore, after the design review.

Answer 380

A

D. Assurance, when it comes to software, is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. It is a term typically used in military and defense environments.

Answer 381

A

D. Aggregation is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. An inference problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity. SQL injection is a web application exploit. Multilevel security is a system control that allows the simultaneous processing of information at different classification levels.

Answer 382

A

A. The two major classifications of covert channels are timing and storage. A covert timing channel conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable manner. A covert storage channel conveys information by writing data to a common storage area where another process can read it. There is no such thing as a covert firewall channel. Memory is a type of storage, so a memory-based covert channel would fit into the covert storage channel category.

Answer 383

A

B. In this example, the two SQL commands are indeed bundled in a transaction, but it is not an error to issue an update command that does not match any rows. Therefore, the first command would “succeed” in updating zero rows and not generate an error or cause the transaction to roll back. The second command would then execute, reducing the balance of the second account by $250.
#在此示例中，兩個SQL命令確實捆綁在一個事務中，但是發出不匹配任何行的更新命令"並不是錯誤"。 因此，第一個命令將“成功”更新零行，並且不會產生錯誤或導致事務回滾。 然後執行第二個命令，將第二個帳戶的餘額減少$ 250。

Answer 384

A

C. A fail open configuration may be appropriate in this case. In this configuration, the firewall would continue to pass traffic without inspection while it is restarting. This would minimize downtime, and the traffic would still be protected by the other security controls described in the scenario. Failover devices and high availability clusters would indeed increase availability, but at potentially significant expense. Redundant disks would not
help in this scenario because no disk failure is described.

Answer 385

A

D. An inference problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity. Aggregation is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. SQL injection is a web application exploit. Multilevel security is a system control that allows the simultaneous processing of information at different classification levels.

Answer 386

A

B. Polymorphic viruses mutate each time they infect a system by making adjustments to their code that assists them in evading signature detection mechanisms. Encrypted viruses also mutate from infection to infection but do so by encrypting themselves with different keys on each device.

Answer 387

A

A. The script that Linda discovered merely pops up a message on a user’s screen and does not perform any more malicious action. This type of script, using an alert() call, is commonly used to probe websites for cross-site scripting vulnerabilities.

Answer 388

A

C. Input validation verifies that user-supplied input does not violate security conditions and is the most effective defense against cross-site scripting attacks. Bounds checking is a form of input validation, but it is used to ensure that numeric input falls within an acceptable range and is not applicable against cross-site scripting attacks. Peer review and OS patching are both good security practices but are unlikely to be effective against a cross-site scripting attack.

Answer 389

A

A. Pass-around reviews are often done via email or using a central code review system, allowing developers to review code asynchronously. Pair programming requires two programmers to work together, with one writing code and the other reviewing and tracking progress. Team reviews are typically done in a group, and Fagan inspection is a formal review process that would involve both the developer and a team to review the
code using a formal process.

Answer 390

A

B. Multipartite viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software. Stealth viruses tamper with the operating system to hide their existence. Polymorphic viruses alter their code on each system they infect to defeat signature detection. Encrypted viruses use a similar technique, employing encryption to
alter their appearance and avoid signature detection mechanisms.

Answer 391

A

C. User acceptance testing (UAT) is typically the last phase of the testing process. It verifies that the solution developed meets user requirements and validates it against use cases. Unit testing, integration testing, and system testing are all conducted earlier in the process leading up to UAT.

Answer 392

A

B. Chris is in an Agile sprint phase and is likely developing code based on user stories.
Planning includes stakeholder stories, as well as design and test case preparation.
Deployment includes the actual deployment of the application, as well as additional verification and testing.

Answer 393

A

A. Transport Layer Security (TLS) provides the most effective defense against session hijacking because it encrypts all traffic between the client and server, preventing the attacker from stealing session credentials. Secure Sockets Layer (SSL) also encrypts traffic, but it is vulnerable to attacks against its encryption technology. Complex and expiring cookies are a good idea, but they are not sufficient protection against session hijacking.

Answer 394

A

B. Client-side input validation is not an effective control against any type of attack because the attacker can easily bypass the validation by altering the code on the client.
Escaping restricted characters prevents them from being passed to the database, as does parameterization. Limiting database permissions prevents dangerous code from executing.

Answer 395

A

C. Heuristic-based anti-malware software has a higher likelihood of detecting a zero-day exploit than signature-based methods. Heuristic-based software does not require frequent signature updates because it does not rely upon monitoring systems for the presence of known malware. The trade-off with this approach is that it has a higher false positive rate than signature detection methods.

Answer 396

A

D. One possibility for the clean scan results is that the virus is using stealth techniques, such as intercepting read requests from the antivirus software and returning a correct-looking version of the infected file. The system may also be the victim of a zero-day attack, using a virus that is not yet included in the signature definition files provided by the antivirus vendor.

Answer 397

A

A. In URL encoding, the . character is replaced by %252E and the / character is replaced by %252F. You can see this in the log entry, where the expected pattern of ../../ is replaced by %252E%252E%252F%252E%252E%252F.

Answer 398

A

C. The Agile Manifesto includes 12 principles for software development. Three of those are listed as answer choices: maximizing the amount of work not done is essential, build projects around motivated individuals, and welcome changing requirements throughout the development process. Agile does not, however, consider clear documentation the primary measure of progress. Instead, working software is the primary measure of progress.

Answer 399

A

C. A database failure in the middle of a transaction causes the rollback of the entire transaction. In this scenario, the database would not execute either command.

Answer 400

A

D. In a gray box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted. White box tests also have access to the source code but perform testing from a developer’s perspective. Black box tests work from a user’s perspective but do not have access to source code. Blue boxes are a telephone hacking tool and not a software testing technique.

Answer 401

A

D. Each of these input parameters makes up part of the attack surface of the application. Attackers may opt to target any of them to attack the code or its supporting infrastructure.

Answer 402

A

B. Threat modeling commonly involves decomposing the application to understand it and how it interacts with other components or users. Next, identifying and ranking threats allows you to focus on the threats that should be prioritized. Finally, identifying how to mitigate those threats finishes the process. Once complete, an organization can take action to handle the threats that were identified with appropriate controls.

Answer 403

A

D. The fail closed approach prevents any activity from taking place during a system security failure and is the most conservative approach to failure management. Fail open takes the opposite philosophy, allowing all activity in the event of a security control failure. Fail clear and fail mitigation are not failure management approaches.

Answer 404

A

C. In the Establishing phase of the IDEAL model, the organization takes the general recommendations from the Diagnosing phase and develops a specific plan of action that achieves those changes.#中文那本p598

Answer 405

A

D. Despite many organizations moving to Agile, DevOps, or other more responsive development methodologies, waterfall remains a strong contender when clear objectives and stable requirements are combined with a need to prevent flaws and to have a high level of control over the development process and output.

Answer 406

A

D. Neural networks attempt to use complex computational techniques to model the behavior of the human mind. Knowledge banks are a component of expert systems, which are designed to capture and reapply human knowledge. Decision support systems are designed to provide advice to those carrying out standard procedures and are often driven by expert systems.

Answer 407

A

C. Multipartite viruses use multiple propagation mechanisms to spread between systems.
This improves their likelihood of successfully infecting a system because it provides alternative infection mechanisms that may be successful against systems that are not vulnerable to the primary infection mechanism.

Answer 408

A

C. Each of these problems is caused by improper or missing input validation and can be resolved by handling inputs properly. In many cases, this can be done using libraries or methods already built into the language or framework that the developer is using.

Answer 409

A

D. Rapid Application Development, or RAD, focuses on fast development and the ability to quickly adjust to changing requirements. RAD uses four phases: requirements planning, user design, construction, and cutover(轉換).

Answer 410

A

C. After developing a list of assets, the business impact analysis team should assign values to each asset.

Answer 411

A

A. Senior managers play several business continuity planning roles. These include setting priorities, obtaining resources, and arbitrating disputes among team members.
#A：高級經理扮演多個業務連續性計劃角色。 其中包括確定優先級，獲取資源以及仲裁團隊成員之間的爭議。

Answer 412

A

A. Business continuity plan documentation normally includes the continuity planning goals, a statement of importance, statement of priorities, statement of organizational responsibility, statement of urgency and timing, risk assessment and risk acceptance and mitigation documentation, a vital records program, emergency response guidelines, and documentation for maintaining and testing the plan.

Answer 413

A

A. An organization pursuing a vital records management program should begin by identifying all of the documentation that qualifies as a vital business record. This should include all of the records necessary to restart the organization invoke its business continuity plan.

Answer 414

A

D. Awareness establishes a minimum standard of information security understanding. It is designed to accommodate all personnel in an organization, regardless of their assigned tasks.

Answer 415

A

D. Signing a noncompete or nondisclosure agreement is typically done at hiring. Exit interviews, recovery of organizational property, and account termination are all common elements of a termination process.

Answer 416

A

B. Scoping involves selecting only the controls that are appropriate for your IT systems, while tailoring matches your organization’s mission and the controls from a selected baseline. Baselining is the process of configuring a system or software to match a baseline
or building a baseline itself. Selectionisn’t a technical term used for any of these processes.

Answer 417

A

B. The controls implemented from a security baseline should match the data classification of the data used or stored on the system. Custodians are trusted to ensure the day-to-day security of the data and should do so by ensuring that the baseline is met and maintained. Business owners often have a conflict of interest between functionality and data security, and of course, applying the same controls everywhere is expensive and may not meet business needs or be a responsible use of resources.

Answer 418

A

B. The biggest threat to data at rest is typically a data breach. Data at rest with a high level of sensitivity is often encrypted to help prevent this. Decryption is not as significant of a threat if strong encryption is used and encryption keys are well secured. Data integrity issues could occur, but proper backups can help prevent this, and of course data could be improperly classified, but this is not the primary threat to the data.

Answer 419

A

B. One way to use an IPsec VPN is to create a private, encrypted network (or tunnel) via a public network, allowing users to be a virtual part of their employer’s internal network. IPsec is distinct from TLS and provides encryption for confidentiality and integrity, and of course, in this scenario Sue is connecting to her employer’s network rather than the employer connecting to hers.

Answer 420

A

A. The POODLE (or Padding Oracle On Downgraded Legacy Encryption) attack helped force the move from SSL 3.0 to TLS because it allowed attackers to easily access SSL encrypted messages. Stuxnet was a worm aimed at the Iranian nuclear program, while CRIME and BEAST were earlier attacks against SSL.

Answer 421

A

C. The data owner has ultimate responsibility for data belonging to an organization and is typically the CEO, president, or another senior employee. Business and mission owners typically own processes or programs. System owners own a system that processes sensitive data.

Answer 422

A

C. The cost of the data is not directly included in the classification process. Instead, the impact to the organization if the data were exposed or breached is considered. Who can access the data and what regulatory or compliance requirements cover the data are also important considerations.

Answer 423

A

A. Adam created a list of individual users that may access the file. This is an access control list, which consists of multiple access control entries. It includes the names of users, so it is not role-based, and Adam was able to modify the list, so it is not mandatory access control.

Answer 424

A

C. The Caesar cipher is a shift cipher that works on a stream of text and is also a substitution cipher. It is not a block cipher or a transposition cipher. It is extremely weak as a cryptographic algorithm.
#also substitution cipher

Answer 425

A

D. Distance-vector protocols use metrics including the direction and distance in hops to remote networks to make decisions. A link-state routing protocol considers the shortest distance to a remote network. Destination metric and link-distance protocols don’t exist.

Answer 426

A

B. When a workstation or other device is connected simultaneously to both a secure and a nonsecure network like the Internet, it may act as a bridge, bypassing the security protections located at the edge of a corporate network. It is unlikely that traffic will be routed improperly leading to the exposure of sensitive data, as traffic headed to internal systems and networks is unlikely to be routed to the external network. Reflected DDoS attacks are used to hide identities rather than to connect through to an internal network, and security administrators of managed systems should be able to determine both the local and wireless IP addresses his system uses.
#讓過資安設備的問題

Answer 427

A

D. Bluesnarfing targets the data or information on Bluetooth-enabled devices. Bluejacking occurs when attackers send unsolicited messages via Bluetooth.

Answer 428

A

C. FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a pair of rings with traffic flowing in opposite directions. It can bypass broken segments by dropping the broken point and using the second, unbroken ring to continue to function.
Token Ring also uses tokens, but it does not use a dual loop. SONET is a protocol for sending multiple optical streams over fiber, and a ring topology is a design, not a technology.

Answer 429

A

B. Decentralized access control can result in less consistency because the individuals tasked with control may interpret policies and requirements differently and may perform their roles in different ways. Access outages, overly granular control, and training costs may occur, depending on specific implementations, but they are not commonly identified issues with decentralized access control.
#
B.分散的訪問控制可能會導致一致性降低，因為負責控制的個人可能對策略和要求的解釋不同，並且可能以不同的方式履行其職責。 取決於特定的實現方式，可能會發生訪問中斷，過於精細的控制以及培訓成本，但分散訪問控制通常不會發現這些問題。

Answer 430

A

C. The KDC uses the user’s password to generate a hash and then uses that hash to encrypt a symmetric key. It transmits both the encrypted symmetric key and an encrypted time-stamped TGT to the client.

Answer 431

A

B. Race conditions occur when two or more processes need to access the same resource in the right order. If an attacker can disrupt this order, they may be able to affect the normal operations of the system and gain unauthorized access or improper rights. Collisions occur when two different files produce the same result from a hashing operation, out-of-order execution is a CPU architecture feature that allows the use of otherwise unused cycles, and determinismis a philosophical term rather than something you should see on the CISSP exam!

Answer 432

A

C. Identity proofing can be done by comparing user information that the organization already has, like account numbers or personal information. Requiring users to create unique questions can help with future support by providing a way for them to do password resets. Using a phone call only verifies that the individual who created the account has the phone that they registered and won’t prove their identity. In-person verification would not fit the business needs of most websites.

Answer 433

A

C. RADIUS supports TLS over TCP. RADIUS does not have a supported TLS mode over UDP. AES pre-shared symmetric ciphers are not a supported solution and would be very difficult to both implement and maintain in a large environment, and the built-in encryption in RADIUS only protects passwords.

Answer 434

A

B. OAuth provides the ability to access resources from another service and would meet Jim’s needs.
OpenID would allow him to use an account from another service with his application, and Kerberos and LDAP are used more frequently for in-house services.

Answer 435

A

C. In a mandatory access control system, classifications do not have to include rights to lower levels. This means that the only label we can be sure Jim has rights to is Secret.
Despite that it is unclassified, Unclassified data remains a different label, and Jim may not be authorized to access it.

Answer 436

A

A. Asynchronous tokens use a challenge/response process in which the system sends a challenge and the user responds with a PIN and a calculated response to the challenge.
The server performs the same calculations, and if both match, it authenticates the user.
Synchronous tokens use a time-based calculation to generate codes. Smart cards are paired with readers and don’t need to have challenges entered, and RFID devices are not used for challenge/response tokens.

Answer 437

A

D. Diameter was designed to provide enhanced, modern features to replace RADIUS.
Diameter provides better reliability and a broad range of improved functionality.
RADIUS-NG does not exist, Kerberos is not a direct competitor for RADIUS, and TACACS is not an open protocol.

Answer 438

A

C. Path disclosures, local file inclusions, and buffer overflows are all vulnerabilities that may be found by a web vulnerability scanner, but race conditions that take advantage of timing issues tend to be found either by code analysis or using automated tools that specifically test for race conditions as part of software testing.

Answer 439

A

C. Key risk indicators are used to tell those in charge of risk management how risky an  activity is and how much impact changes are having on that risk profile. Identifying key  risk indicators and monitoring them can help to identify high-risk areas earlier in their  lifecycle. Yearly risk assessments may be a good idea, but only provide a point-in-time  view, whereas penetration tests may miss out on risks that are not directly security related.  Monitoring logs and events using a SIEM device can help detect issues as they occur but  won’t necessarily show trends in risk.
#KRI

Answer 440

A

C. Key risk indicators are used to tell those in charge of risk management how risky an activity is and how much impact changes are having on that risk profile. Identifying key risk indicators and monitoring them can help to identify high-risk areas earlier in their lifecycle. Yearly risk assessments may be a good idea, but only provide a point-in-time view, whereas penetration tests may miss out on risks that are not directly security related. Monitoring logs and events using a SIEM device can help detect issues as they occur but won’t necessarily show trends in risk.

Answer 441

A

B. Penetration test reports often include information that could result in additional exposure if they were accidentally released or stolen. Therefore, determining how vulnerability data should be stored and sent is critical. Problems with off-limits targets are more likely to result in issues during the vulnerability assessment and exploitation phase, and reports should not be limited in length but should be as long as they need to be to accomplish the goals of the test.

Answer 442

A

B. Penetration test reports often include information that could result in additional exposure if they were accidentally released or stolen. Therefore, determining how vulnerability data should be stored and sent is critical. Problems with off-limits targets are more likely to result in issues during the vulnerability assessment and exploitation phase, and reports should not be limited in length but should be as long as they need to be to accomplish the goals of the test.

Answer 443

A

D. The menu shown will archive logs when they reach the maximum size allowed (20 MB). These archives will be retained, which could fill the disk. Log data will not be overwritten, and log data should not be lost when the data is archived. The question does not include enough information to determine if needed information may not be logged.

Answer 444

A

C. The audit finding indicates that the backup administrator may not be monitoring backup logs and taking appropriate action based on what they report, thus resulting in potentially unusable backups. Issues with review, logging, or being aware of the success or failure of backups are less important than not having usable backups.#考英文

Answer 445

A

D. Susan is conducting interface testing. Interface testing involves testing system or application components to ensure that they work properly together. Misuse case testing focuses on how an attacker might misuse the application and would not test normal cases. Fuzzing attempts to send unexpected input and might be involved in interface testing, but it won’t cover the full set of concerns. Regression testing is conducted when testing changes and is used to ensure that the application or system functions as it did before the update or change.

Answer 446

A

C. Misuse case diagrams use language beyond typical use case diagrams, including threatensand mitigates. Threat trees are used to map threats but don’t use specialized language like threatensand mitigates. STRIDE is a mnemonic and model used in threat modeling, and DREAD is a risk assessment model.

Answer 447

A

The terms match with the definitions as follows:

Hot site: B. A site with dedicated storage and real-time data replication, often with shared equipment that allows restoration of service in a very short time.
Cold site: D. A rented space with power, cooling, and connectivity that can accept equipment as part of a recovery effort.
Warm site: C. A site that relies on shared storage and backups for recovery.
Service bureau: A. An organization that can provide onsite or offsite IT services in the event of a disaster.

Answer 448

A

B. Hilda’s design follows the principle of separation of duties. Giving one user the ability to both create new accounts and grant administrative privileges combines two actions that would result in a significant security change that should be divided among two users.

Answer 449

A

C. Gordon may conduct his investigation as he wishes and use any information that is legally available to him, including information and systems belonging to his employer. There is no obligation to contact law enforcement. However, Gordon may not perform “hack back” activities because those may constitute violations of the law and/or (ISC) 2 Code of Ethics.

Answer 450

A

C. Most security professionals recommend at least one, and preferably two, weeks of vacation to deter fraud. The idea is that fraudulent schemes will be uncovered during the time that the employee is away and does not have the access required to perpetuate a cover-up.

Answer 451

A

C. The ping of death attack placed more data than allowed by the specification in the payload of an ICMP echo request packet. This is similar to the modern-day buffer overflow attack where attackers attempt to place more data in a targeted system’s memory that consumes more space than is allocated for that data.

Answer 452

A

#對事件進行事後審查後，通常準備什麼文件
A. A lessons learned document is often created and distributed to involved parties after a postmortem review to ensure that those who were involved in the incident and others who may benefit from the knowledge are aware of what they can do to prevent future issues and to improve response in the event that one occurs.

Answer 453

A

D. A social engineering attack may trick a user into revealing their password to the attacker. Other attacks that depend on guessing passwords, such as brute-force attacks, rainbow table attacks, and dictionary attacks, are unlikely to be successful in light of the organization’s strong password policy.

Answer 454

A

D. Functional requirements specify the inputs, behavior, and outputs of software. Derived requirements are requirements developed from other requirement definitions. Structural and behavioral requirements focus on the overall structure of a system and the behaviors it displays.
#功能需求指定軟件的輸入，行為和輸出。 派生需求是從其他需求定義中開發的需求。 結構和行為要求集中在系統的整體結構及其顯示的行為上。

Answer 455

A

A. This code is an example of parameterization, which can help avoid SQL injection. Note that each parameter has a placeholder, which is then passed to the query.

Answer 456

A

A. Limiting request rates can prevent abuse of APIs like this one. The other suggestions are all poor recommendations. In general, requests should require HTTPS, tokens are used for security using tools like JSON web tokens (JWT), and HTTP methods may be restricted, but GET, POST, and PUT are some of the most common methods used for API access and are far more typically whitelisted.

Answer 457

A

D.Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.

Brainscape's Knowledge GenomeTM

OPT Flashcards

Brainscape's Knowledge Genome^TM