Test 3 Sybex Flashcards
Fred’s data role requires him to maintain system security plans and to ensure that system users and support staff get the training they need about security practices and acceptable use. What is the role that Fred is most likely to hold in the organization?
A. Data owner
B. System owner
C. User
D. Custodian
B. NIST SP800-18 describes system owner responsibilities that include helping to develop system security plans, maintaining the plan, ensuring training, and identifying, implementing, and assessing security controls. A data owner is more likely to delegate these tasks to the system owner. Custodians may be asked to enforce those controls, whereas a user will be directly affected by them.
Sally is using IPsec’s ESP component in transport mode. What important information should she be aware of about transport mode?
A. Transport mode provides full encryption of the entire IP packet.
B. Transport mode adds a new, unencrypted header to ensure that packets reach their destination.
C. Transport mode does not encrypt the header of the packet.
D. Transport mode provides no encryption; only tunnel mode provides encryption.
C. ESP’s Transport mode encrypts IP packet data but leaves the packet header unencrypted. Tunnel mode encrypts the entire packet and adds a new header to support transmission through the tunnel.
Which one of the following is not an essential process area for the Repeatable phase of the Software Capability Maturity Model (SW-CMM)?
A. Software Project Planning
B. Software Quality Management
C. Software Project Tracking
D. Software Subcontract Management
B. In level 2, the Repeatable level of the SW-CMM, an organization introduces basic lifecycle management processes. Reuse of code in an organized fashion begins, and repeatable results are expected from similar projects. The crucial process areas for this level include Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance, and Software Configuration Management. Software Quality Management is a process that occurs during level 4, the Managed stage of the SW-CMM.
Ben wants to provide predictive information about his organization’s risk exposure in an automated way as part of an ongoing organizational risk management plan. What should he use to do this?
A. KRIs
B. Quantitative risk assessments
C. KPIs
D. Penetration tests
A. Key risk indicators (KRIs) are often used to monitor risk for organizations that establish an ongoing risk management program. Using automated data gathering and tools that allow data to be digested and summarized can provide predictive information about how organizational risks are changing. KPIs are key performance indicators, which are used to assess how an organization is performing. Quantitative risk assessments are good for point-in-time views with detailed valuation and measurement-based risk assessments, whereas a penetration test would provide details of how well an organization’s security controls are working.
In the image shown here, what does system B send to system A at step 2 of the three-way TCP handshake?
A. SYN
B. ACK
C. FIN/ACK
D. SYN/ACK
D. The three-way handshake is SYN, SYN/ACK, ACK. System B should respond with “Synchronize and Acknowledge” to System A after it receives a SYN.
Chris is conducting reconnaissance on a remote target and discovers that pings are allowed through his target’s border firewall. What can he learn by using ping to probe the remote network?
A. Which systems respond to ping, a rough network topology, and potentially the location of additional firewalls
B. A list of all of the systems behind the target’s firewall
C. The hostnames and time to live (TTL) for each pingable system, and the ICMP types allowed through the firewall
D. Router advertisements, echo request responses, and potentially which hosts are tarpitted
A. Systems that respond to ping will show the time to live for packets that reach them. Since TTL is decremented at each hop, this can help build a rough network topology map. In addition, some firewalls respond differently to ping than a normal system, which means pinging a network can sometimes reveal the presence of firewalls that would otherwise be invisible. Hostnames are revealed by a DNS lookup, and ICMP types allowed through a firewall are not revealed by only performing a ping. ICMP can be used for router advertisements, but pinging won’t show them!
Jake is conducting a review of his organization’s identity and access management program. During his review, he is verifying the privileges assigned to each user and ensuring that they match with business requirements. What element of the program is he reviewing?
A. Identification
B. Accountability
C. Authorization
D. Authentication
C. Authorization defines what a subject can or can’t do. Identification occurs when a subject claims an identity, accountability is provided by the logs and audit trail that track what occurs on a system, and authentication occurs when that identity is validated.
Faith is looking at the /etc/passwd file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field?
A. Plaintext password
B. Hashed password
C. x
D. *
C. When a system uses shadowed passwords, the hashed password value is stored in /etc/shadow instead of /etc/passwd. The /etc/passwd file would not contain the password in plaintext or hashed form. Instead, it would contain an x to indicate that the password hash is in the shadow file. The * character is normally used to disable interactive logins to an account.
Berta is analyzing the logs of the Windows Firewall on one of her servers and comes across the entries shown in this figure. What type of attack do these entries indicate?
A. SQL injection
B. Port scan
C. Teardrop
D. Land
B. The log entries show the characteristic pattern of a port scan. The attacking system sends connection attempts to the target system against a series of commonly used ports.
Danielle is testing tax software, and part of her testing process requires her to input a variety of actual tax forms to verify that the software produces the right answers. What type of testing is Danielle performing?
A. Use case testing
B. Dynamic testing
C. Fuzzing
D. Misuse testing
A. Testing for desired functionality is use case testing. Dynamic testing is used to determine how code handles variables that change over time. Misuse testing focuses on how code handles examples of misuse, and fuzzing feeds unexpected data as an input to see how the code responds.
After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?
A. An issue with least privilege
B. Privilege creep
C. Account creep
D. Account termination
B. Privilege creep is a common problem when employees change roles over time and their privileges and permissions are not properly modified to reflect their new roles. Least privilege issues are a design or implementation problem, and switching roles isn’t typically what causes them to occur. Account creep is not a common industry term, and account termination would imply that someone has removed her account instead of switching her to new groups or new roles.
IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address?
A. Public IP addresses
B. Prohibited IP addresses
C. Private IP addresses
D. Class B IP ranges
C. These are examples of private IP addresses. RFC1918 defines a set of private IP addresses for use in internal networks. These private addresses including 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 196.168.255.255 should never be routable on the public internet.
Ben is reviewing the password recovery mechanism used by his website and discovers that the approach uses cognitive authentication through the use of security questions. What is the major issue with this approach?
A. It prevents the use of tokens.
B. The question’s answer may be easy to find on the internet.
C. Cognitive passwords require users to think to answer the question, and not all users may be able to solve the problems presented.
D. Cognitive passwords don’t support long passwords.
B. A cognitive password authenticates users based on a series of facts or answers to questions that they know. Preset questions for cognitive passwords typically rely on common information about a user like their mother’s maiden name or the name of their pet, and that information can frequently be found on the internet. The best cognitive password systems let users make up their own questions.
Megan needs to create a forensic copy of a hard drive that will be used in an investigation. Which of the following tools is best suited to her work?
A. xcopy
B. dd
C. DBAN
D. ImageMagik
B. The Linux tool dd creates a bit-by-bit copy of the target drive that is well suited to forensic use, and special forensic versions of dd exist that can provide even more forensic features. Simply copying files using a tool like xcopy does not create a forensically sound copy. DBAN is a drive wiping tool and would cause Megan to lose the data she is seeking to copy. ImageMagik is a graphics manipulation and editing program.
Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use?
A. Antivirus
B. Whitelist
C. Blacklist
D. Heuristic
C. The blacklist approach to application control blocks certain prohibited packages but allows the installation of other software on systems. The whitelist approach uses the reverse philosophy and only allows approved software. Antivirus software would only detect the installation of malicious software after the fact. Heuristic detection is a variant of antivirus software.
Donna is a security administrator for a healthcare provider located in the United States and is reviewing their payment processing system. It contains data relating to the past, present, or future payment for the provision of healthcare to an individual. How would this information be classified under HIPAA?
A. PCI
B. Personal billing data
C. PHI
D. Personally identifiable information (PII)
C. Personal health information (PHI) is specifically defined by HIPAA to include information about an individual’s medical bills. PCI could refer to the payment card industry’s security standard but would only apply in relation to credit cards. PII is a broadly defined term for personally identifiable information, and personal billing data isn’t a broadly used industry term.
Harold’s company has a strong password policy that requires a minimum length of 12 characters and the use of both alphanumeric characters and symbols. What technique would be the most effective way for an attacker to compromise passwords in Harold’s organization?
A. Brute-force attack
B. Dictionary attack
C. Rainbow table attack
D. Social engineering attack
D. A social engineering attack may trick a user into revealing their password to the attacker. Other attacks that depend on guessing passwords, such as brute-force attacks, rainbow table attacks, and dictionary attacks, are unlikely to be successful in light of the organization’s strong password policy.
While traveling, James is held at knifepoint and forced to log into his laptop. What is this called?
A. Duress
B. Antisocial engineering
C. Distress
D. Knifepoint hacking
A. When someone is forced to perform an action under threat, it is known as duress.
Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and a SaaS email system. What term best describes the type of cloud environment this organization uses?
A. Public cloud
B. Dedicated cloud
C. Private cloud
D. Hybrid cloud
D. The scenario describes a mix of public cloud and private cloud services. This is an example of a hybrid cloud environment.
Cameron is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and incremental backups on other days of the week at that same time. How many files will be copied in Wednesday’s backup?
A. 1
B. 2
C. 5
D. 6
B. In this scenario, all of the files on the server will be backed up on Monday evening during the full backup. Tuesday’s incremental backup will include all files changed since Monday’s full backup: files 1, 2, and 5. Wednesday’s incremental backup will then include all files modified since Tuesday’s incremental backup: files 3 and 6. Therefore, only two files are included in Wednesday’s incremental backup.
Susan uses a span port to monitor traffic to her production website and uses a monitoring tool to identify performance issues in real time. What type of monitoring is she conducting?
A. Passive monitoring
B. Active monitoring
C. Synthetic monitoring
D. Signature-based monitoring
A. Susan is performing passive monitoring, which uses a network tap or span port to capture traffic to analyze it without impacting the network or devices that it is used to monitor. Synthetic, or active, monitoring uses recorded or generated traffic to test for performance and other issues. Signature-based technologies include IDS, IPS, and antimalware systems.
In what type of attack do attackers manage to insert themselves into a connection between a user and a legitimate website?
A. Man-in-the-middle attack
B. Fraggle attack
C. Wardriving attack
D. Meet-in-the-middle attack
A. In a man-in-the-middle attack, attackers manage to insert themselves into a connection between a user and a legitimate website, relaying traffic between the two parties while eavesdropping on the connection. Although similarly named, the meet-in-the-middle attack is a cryptographic attack that does not necessarily involve connection tampering. Fraggle is a network-based denial-of-service attack using UDP packets. Wardriving is a reconnaissance technique for discovering open or weakly secured wireless networks.
Which one of the following would be considered an example of infrastructure as a service cloud computing?
A. Payroll system managed by a vendor and delivered over the web
B. Application platform managed by a vendor that runs customer code
C. Servers provisioned by customers on a vendor-managed virtualization platform
D. Web-based email service provided by a vendor
C. One of the core capabilities of infrastructure as a service is providing servers on a vendor-managed virtualization platform. Web-based payroll and email systems are examples of software as a service. An application platform managed by a vendor that runs customer code is an example of platform as a service.
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.
After consulting with actuaries, data center managers, and fire subject-matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.
Based on the information in this scenario, what is the exposure factor for the effect of a fire on the Roscommon Agricultural Products data center?
A. 7.5 percent
B. 15.0 percent
C. 27.5 percent
D. 37.5 percent
D. The exposure factor is the percentage of the facility that risk managers expect will be damaged if a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case, that is $750,000 in damage divided by the $2million facility value, or 37.5 percent.
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.
After consulting with actuaries, data center managers, and fire subject-matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.
Based on the information in this scenario, what is the annualized rate of occurrence for a fire at the Roscommon Agricultural Products data center?
A. 0.002
B. 0.005
C. 0.02
D. 0.05
C. The annualized rate of occurrence is the number of times each year that risk analysts expect a risk to happen. In this case, the analysts expect fires will occur once every 50 years, or 0.02 times per year.
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.
After consulting with actuaries, data center managers, and fire subject-matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.
Based on the information in this scenario, what is the annualized loss expectancy for a fire at the Roscommon Agricultural Products data center?
A. $15,000
B. $25,000
C. $75,000
D. $750,000
A. The annualized loss expectancy is calculated by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence (ARO). In this case, the SLE is $750,000, and the ARO is 0.02. Multiplying these numbers together gives you the ALE of $15,000.
Which one of the following techniques uses statistical methods to select a small number of log records from a large pool for further analysis with the goal of choosing a set of records that is representative of the entire pool?
A. Clipping
B. Randomization
C. Sampling
D. Selection
C. The two main methods of choosing records from a large pool for further analysis are sampling and clipping. Sampling uses statistical techniques to choose a sample that is representative of the entire pool, while clipping uses threshold values to select those records that exceed a predefined threshold because they may be of most interest to analysts.
Mike wants to ensure that third-party users of his service’s API can be tracked to prevent abuse of the API. What should he implement to help with this?
A. Session IDs
B. An API firewall
C. API keys
D. An API buffer
C. API keys, or application programming interface keys, are passed to services and identify the program, developer, or user. With this information, Mike can programmatically control API usage per user. Of course, if the keys are inadvertently exposed, the API keys themselves could be abused. Session IDs are typically used to identify users of an application, not an API. API firewalls and API buffers were made up for this question.
Fran is a web developer who works for an online retailer. Her boss asked her to create a way that customers can easily integrate themselves with Fran’s company’s site. They need to be able to check inventory in real time, place orders, and check order status programmatically without having to access the web page. What can Fran create to most directly facilitate this interaction?
A. API
B. Web scraper
C. Data dictionary
D. Call center
A. An application programming interface (API) allows external users to directly call routines within Fran’s code. They can embed API calls within scripts and other programs to automate interactions with Fran’s company. A web scraper or call center might facilitate the same tasks, but they do not do so in a direct integration. Data dictionaries might provide useful information, but they also do not allow direct integration.
Todd’s data center facility recently experienced a series of events that involved the momentary loss of power. What term best describes these events?
A. Fault
B. Blackout
C. Sag
D. Brownout
A. A fault is a momentary loss of power. Blackouts are sustained complete losses of power. Sags and brownouts are not complete power disruptions but rather periods of low-voltage conditions.
Lauren’s team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features like logging and password rotation occur?
A. A credential management system
B. A strong password policy
C. Separation of duties
D. Single sign-on
A. Lauren’s team would benefit from a credential management system. Credential management systems offer features like password management, multifactor authentication to retrieve passwords, logging, audit, and password rotation capabilities. A strong password policy would only make maintenance of passwords for many systems a more difficult task if done manually. Single sign-on would help if all the systems had the same sensitivity levels, but different credentials are normally required for higher-sensitivity systems.
What has occurred on the system?
A. The system has been assigned an invalid IP address by its DHCP server.
B. The system has a manually assigned IP address.
C. The system has failed to get a DHCP address and has assigned itself an address.
D. The subnet mask is set incorrectly, and the system cannot communicate with the gateway.
C. Windows systems will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254 if they cannot contact a DHCP server.
Gina is performing the initial creation of user accounts for a batch of new employees. What phase of the provisioning process is she conducting?
A. Enrollment
B. Clearance verification
C. Background checks
D. Initialization
A. Enrollment, or registration, is the initial creation of a user account in the provisioning process. Clearance verification and background checks are sometimes part of the process that ensures that the identity of the person being enrolled matches who they claim to be. Initialization is not used to describe the provisioning process.
Ravi is developing procedures for forensic investigations conducted by his organization and would like to differentiate based upon the evidentiary standards commonly used for each type of investigation. What type of forensic investigation typically has the highest evidentiary standards?
A. Administrative
B. Criminal
C. Civil
D. Industry
B. Criminal forensic investigations typically have the highest standards for evidence, as they must be able to help prove the case beyond a reasonable doubt. Administrative investigations merely need to meet the standards of the organization and to be able to be defended in court, while civil investigations operate on a preponderance of evidence. There is not a category of forensic investigation referred to as “industry” in the CISSP exam’s breakdown of forensic types.
What U.S. legal protection prevents law enforcement agencies from searching an American facility or electronic system without either probable cause or consent?
A. First Amendment
B. Fourth Amendment
C. Fifth Amendment
D. Fifteenth Amendment
B. The Fourth Amendment states, in part, that “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The First Amendment contains protections related to freedom of speech. The Fifth Amendment ensures that no person will be required to serve as a witness against themselves. The Fifteenth Amendment protects the voting rights of citizens.
Tom believes that a customer of his internet service provider has been exploiting a vulnerability in his system to read the email messages of other customers. If true, what law did the customer most likely violate?
A. ECPA
B. CALEA
C. HITECH
D. Privacy Act
A. The Electronic Communications Privacy Act (ECPA) makes it a crime to invade the electronic privacy of an individual. It prohibits the unauthorized monitoring of email and voicemail communications.
In the ring protection model shown here, what ring contains user programs and applications?
A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 3
D. The kernel lies within the central ring, Ring 0. Ring 1 contains other operating system components. Ring 2 is used for drivers and protocols. User-level programs and applications run at Ring 3. Rings 0–2 run in privileged mode, whereas Ring 3 runs in user mode.
In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources?
A. Guest machine
B. SDN
C. Kernel
D. Hypervisor
D. The hypervisor runs within the virtualization platform and serves as the moderator between virtual resources and physical resources.
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity?
A. Public cloud
B. Private cloud
C. Community cloud
D. Shared cloud
A. In the public cloud computing model, the vendor builds a single platform that is shared among many different customers. This is also known as the shared tenancy model.
Justin recently participated in a disaster recovery plan test where the team sat together and discussed the response to a scenario but did not actually activate any disaster recovery controls. What type of test did he participate in?
A. Checklist review
B. Full interruption test
C. Parallel test
D. Tabletop exercise
D. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a parallel test, the team actually activates the disaster recovery site for testing, but the primary site remains operational. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive.
Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?
A. Kerberos
B. LDAP
C. OpenID
D. SESAME
C. OpenID is a widely supported standard that allows a user to use a single account to log in to multiple sites, and Google accounts are frequently used with OpenID.
Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?
A. Risk mitigation
B. Risk transference
C. Risk avoidance
D. Risk acceptance
D. Risk acceptance occurs when an organization determines that the costs involved in pursuing other risk management strategies are not justified and they choose not to pursue any action.
Paul is reviewing the contents of an audit report and discovers a finding that a manager in the accounting department has full access to perform every function in the financial system. What security principles have most likely been violated? (Select all that apply.)
A. Separation of duties
B. Job rotation
C. Management review
D. Least privilege
A, D. Accounting departments are normally required to separate sensitive duties, such as the ability to add a new vendor and issue a check. Allowing the manager to perform both of these actions would, therefore, violate the principle of separation of duties. Also, it is quite likely that the manager does not need all of these privileges to carry out their work, violating the principle of least privilege. There is no indication that the situation does not follow job rotation assignments or that the access was not properly granted and subject to a management review.
Jack’s organization is a multinational nonprofit that has small offices in many developing countries throughout the world. They need to implement an access control system that allows flexibility and that can work despite poor internet connectivity at their locations. What is the best type of access control design for Jack’s organization?
A. Centralized access control
B. Mandatory access control
C. Decentralized access control
D. Rule-based access control
C. Decentralized access control makes sense because it allows local control over access. When network connectivity to a central control point is a problem or if rules and regulations may vary significantly from location to location, centralized control can be less desirable than decentralized control despite its challenges with consistency. Since the problem does not describe specific control needs, mandatory access control and rule-based access controls could fit the need but aren’t the best answer.
What U.S. government classification label is applied to information that, if disclosed, could cause serious damage to national security and also requires that the damage that would be caused is able to be described or identified by the classification authority?
A. Classified
B. Secret
C. Confidential
D. Top Secret
B. The U.S. government classifies data that could reasonably be expected to cause damage to national security if disclosed, and for which the damage can be identified or described, as Secret. The U.S. government does not use Classified in its formal four levels of classification. Top Secret data could cause exceptionally grave damage, whereas Confidential data could be expected to cause damage.
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate?
A. Renee’s public key
B. Renee’s private key
C. CA’s public key
D. CA’s private key
A. The purpose of a digital certificate is to provide the general public with an authenticated copy of the certificate subject’s public key.
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
When the certificate authority created Renee’s digital certificate, what key did it use to digitally sign the completed certificate?
A. Renee’s public key
B. Renee’s private key
C. CA’s public key
D. CA’s private key
D. The last step of the certificate creation process is the digital signature. During this step, the certificate authority signs the certificate using its own private key.
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the certificate?
A. Renee’s public key
B. Renee’s private key
C. CA’s public key
D. CA’s private key
C. When an individual receives a copy of a digital certificate, the person verifies the authenticity of that certificate by using the CA’s public key to validate the digital signature contained on the certificate.
Mike would like to send Renee a private message using the information gained during this exchange. What key should he use to encrypt the message?
A. Renee’s public key
B. Renee’s private key
C. CA’s public key
D. CA’s private key
A. Mike uses the public key that he extracted from Renee’s digital certificate to encrypt the message that he would like to send to Renee.
Which one of the following tools may be used to directly violate the confidentiality of communications on an unencrypted VoIP network?
A. Nmap
B. Nessus
C. Wireshark
D. Nikto
C. Wireshark is a network monitoring tool that can capture and replay communications sent over a data network, including Voice over IP (VoIP) communications. Nmap, Nessus, and Nikto are all security tools that may identify security flaws in the network, but they do not directly undermine confidentiality because they do not have the ability to capture communications.