Test 4 Sybex Flashcards
What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?
A. Preventive
B. Corrective
C. Detective
D. Directive
C. Detective access controls operate after the fact and are intended to detect or discover unwanted access or activity. Preventive access controls are designed to prevent the activity from occurring, whereas corrective controls return an environment to its original status after an issue occurs. Directive access controls limit or direct the actions of subjects to ensure compliance with policies.
Which one of the following presents the most complex decoy environment for an attacker to explore during an intrusion attempt?
A. Honeypot
B. Darknet
C. Honeynet
D. Pseudoflaw
C. A honeypot is a decoy computer system used to bait intruders into attacking. A honeynet is a network of multiple honeypots that creates a more sophisticated environment for intruders to explore. A pseudoflaw is a false vulnerability in a system that may attract an attacker. A darknet is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity.
Ben’s company is considering configuring their systems to work at the level shown by point A on the diagram. What level are they setting the sensitivity to?
A. The FRR crossover
B. The FAR point
C. The CER
D. The CFR
C. The CER is the point where FAR and FRR cross over, and it is a standard assessment used to compare the accuracy of biometric devices.
At point B, what problem is likely to occur?
A. False acceptance will be very high.
B. False rejection will be very high.
C. False rejection will be very low.
D. False acceptance will be very low.
A. At point B, the false acceptance rate (FAR) is quite high, whereas the false rejection rate (FRR) is relatively low. This may be acceptable in some circumstances, but in organizations where a false acceptance can cause a major problem, it is likely that they should instead choose a point to the right of point A.
What should Ben do if the FAR and FRR shown in this diagram do not provide an acceptable performance level for his organization’s needs?
A. Adjust the sensitivity of the biometric devices.
B. Assess other biometric systems to compare them.
C. Move the CER.
D. Adjust the FRR settings in software.
B. CER is a standard used to assess biometric devices. If the CER for this device does not fit the needs of the organization, Ben should assess other biometric systems to find one with a lower CER. Sensitivity is already accounted for in CER charts, and moving the CER isn’t something Ben can do. FRR is not a setting in software, so Ben can’t use that as an option either.
Ed is tasked with protecting information about his organization’s customers, including their name, Social Security number, birthdate, and place of birth, as well as a variety of other information. What is this information known as?
A. PHI
B. PII
C. Personal protected data
D. PID
B. Personally identifiable information (PII) can be used to distinguish a person’s identity. Personal health information (PHI) includes data such as medical history, lab results, insurance information, and other details about a patient. Personal protected data is a made-up term, and PID is an acronym for process ID, the number associated with a running program or process.
What software development lifecycle model is shown in the following illustration?
A. Spiral
B. Agile
C. Boehm
D. Waterfall
D. The figure shows the waterfall model, developed by Winston Royce. An important characteristic of this model is a series of sequential steps that include a feedback loop that allows the process to return one step prior to the current step when necessary.
Encapsulation is the core concept that enables what type of protocol?
A. Bridging
B. Multilayer
C. Hashing
D. Storage
B. Encapsulation creates both the benefits and potential issues with multilayer protocols. Bridging can use various protocols but does not rely on encapsulation. Hashing and storage protocols typically do not rely on encapsulation as a core part of their functionality.
Amanda wants to use contacts from the existing Gmail accounts that new users for her application already have. What protocol from the following options is used to provide secure delegated access for this type of use by many cloud providers?
A. Open ID
B. Kerberos
C. OAuth
D. SAML
C. OAuth is used to provide secure delegated access in scenarios exactly like this. OpenID is used to sign in using credentials from an identity provider to other services, such as when you log in with Google to other sites. SAML, or Security Assertion Markup Language, is used to make security assertions allowing authentication and authorizations between identity providers and service providers. Kerberos is mostly used inside of organizations instead of for federation, as this question focuses on.
Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster?
A. MTD
B. RTO
C. RPO
D. MTO
B. The recovery time objective (RTO) is the amount of time that it may take to restore a service after a disaster without unacceptable impact on the business. The RTO for each service is identified during a business impact assessment.
Jill is working to procure new network hardware for her organization. She finds a gray market supplier that is importing the hardware from outside the country at a much lower price. What security concern is the most significant for hardware acquired this way?
A. The security of the hardware and firmware
B. Availability of support for the hardware and software
C. Whether the hardware is a legitimate product of the actual vendor
D. The age of the hardware
A. Each of these answers may be a concern, but the overriding security concern is if the hardware and firmware can be trusted or may have been modified. Original equipment manufacturers (OEMs) have business reasons to ensure the security of their product, but third parties in the supply chain may not feel the same pressure. Both availability of support and whether the hardware is legitimate are also concerns, but less immediate security concerns. Finally, hardware may be older than expected, or may be used, refurbished, or otherwise not new.
What process is typically used to ensure data security for workstations that are being removed from service but that will be resold or otherwise reused?
A. Destruction
B. Erasing
C. Sanitization
D. Clearing
C. When done properly, a sanitization process fully ensures that data is not remnant on the system before it is reused. Clearing and erasing can both be failure prone, and of course, destruction wouldn’t leave a machine or device to reuse.
Colleen is conducting a software test that is evaluating code for both security flaws and usability issues. She is working with the application from an end-user perspective and referencing the source code as she works her way through the product. What type of testing is Colleen conducting?
A. White box
B. Blue box
C. Gray box
D. Black box
C. In a gray-box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted. White-box tests also have access to the source code but perform testing from a developer’s perspective. Black-box tests work from a user’s perspective but do not have access to source code. Blue boxes are a telephone hacking tool and not a software testing technique. Note: as language changes, new terms like zero knowledge, partial knowledge, and full knowledge are starting to replace white-, gray-, and black-box testing terms.
Harold is looking for a software development methodology that will help with a major issue he is seeing in his organization. Currently, developers and operations staff do not work together and are often seen as taking problems and “throwing them over the fence” to the other team. What technology management approach is designed to alleviate this problem?
A. ITIL
B. Lean
C. ITSM
D. DevOps
D. The DevOps approach to technology management seeks to integrate software development, operations, and quality assurance in a cohesive effort. It specifically attempts to eliminate the issue of “throwing problems over the fence” by building collaborative relationships between members of the IT team.
NIST Special Publication 800-92, the Guide to Computer Security Log Management, describes four types of common challenges to log management:
- Many log sources
- Inconsistent log content
- Inconsistent timestamps
- Inconsistent log formats
Which of the following solutions is best suited to solving these issues?
A. Implement SNMP for all logging devices.
B. Implement a SIEM.
C. Standardize on the Windows event log format for all devices and use NTP.
D. Ensure that logging is enabled on all endpoints using their native logging formats and set their local time correctly.
B. A security information and event management (SIEM) tool is designed to centralize logs from many locations in many formats and to ensure that logs are read and analyzed despite differences between different systems and devices. The Simple Network Management Protocol (SNMP) is used for some log messaging but is not a solution that solves all of these problems. Most non-Windows devices, including network devices among others, are not designed to use the Windows event log format, although using NTP for time synchronization is a good idea. Finally, local logging is useful, but setting clocks individually will result in drift over time and won’t solve the issue with many log sources.
Mike has a flash memory card that he would like to reuse. The card contains sensitive information. What technique can he use to securely remove data from the card and allow its reuse?
A. Degaussing
B. Physical destruction
C. Cryptoshredding
D. Reformatting
C. Mike should use cryptoshredding, a secure data destruction process to protect this device. While degaussing is a valid secure data removal technique, it would not be effective in this case, since degaussing works only on magnetic media. Physical destruction would prevent the reuse of the device. Reformatting is not a valid secure data removal technique.
Carlos is investigating the compromise of sensitive information in his organization. He believes that attackers managed to retrieve personnel information on all employees from the database and finds the following user-supplied input in a log entry for a web-based personnel management system:
Collins’&1=1;–
What type of attack took place, and how could it be prevented?
A. SQL injection, use of stored procedures
B. Buffer overflow, automatic buffer expansion
C. Cross-site scripting, turning on XSS prevention on the web server
D. Cross-site request forgery, requiring signed requests
A. The single quotation mark in the input field is a telltale sign that this is a SQL injection attack. The quotation mark is used to escape outside the SQL code’s input field, and the text that follows is used to directly manipulate the SQL command sent from the web application to the database.
Which one of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete?
A. Policy
B. Standard
C. Guideline
D. Procedure
D. Procedures are formal, mandatory documents that provide detailed, step-by-step actions required from individuals performing a task.
What purpose are the CIS benchmarks frequently used for in organizations?
A. Secure coding standards
B. Performance testing
C. Baselining
D. Monitoring metrics
C. The CIS benchmarks are configuration baselines that are frequently used to assess the security settings or configuration for devices and software. Baselining is the process of configuring and validating that a system meets security configuration guidelines or standards.
Bryan has a set of sensitive documents that he would like to protect from public disclosure. He would like to use a control that, if the documents appear in a public forum, may be used to trace the leak back to the person who was originally given the document copy. What security control would best fulfill this purpose?
A . Digital signature
B. Document staining
C. Hashing
D. Watermarking
D. Watermarking alters a digital object to embed information about the source, in either a visible or hidden form. Digital signatures may identify the source of a document, but they are easily removed. Hashing would not provide any indication of the document source, since anyone could compute a hash value. Document staining is not a security control.
Carlos is planning a design for a data center that will be constructed within a new four-story corporate headquarters. The building consists of a basement and three above-ground floors. What is the best location for the data center?
A. Basement
B. First floor
C. Second floor
D. Third floor
C. Data centers should be located in the core of a building. Locating it on lower floors makes it susceptible to flooding and physical break-ins. Locating it on the top floor makes it vulnerable to wind and roof damage.
Chris is an information security professional for a major corporation, and as he is walking into the building, he notices that the door to a secure area has been left ajar. Physical security does not fall under his responsibility, but he takes immediate action by closing the door and informing the physical security team of his action. What principle is Chris demonstrating?
A. Due care
B. Crime prevention through environmental design
C. Separation of duties
D. Informed consent
A. The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard. Crime prevention through environmental design is a design concept that focuses on making environments less conducive to illicit or unwanted actions. Separation of duties splits duties to ensure that a malicious actor cannot perform actions on their own like making a purchase and approving it. Informed consent is a term used in the medical industry that requires that a person’s permission is required and that they must be aware of what the consequences of their actions could be.
Which one of the following investigation types always uses the beyond-a-reasonable-doubt standard of proof?
A. Civil investigation
B. Criminal investigation
C. Operational investigation
D. Regulatory investigation
B. Criminal investigations have high stakes with severe punishment for the offender that may include incarceration. Therefore, they use the strictest standard of evidence of all investigations: beyond a reasonable doubt. Civil investigations use a preponderance-of-the-evidence standard. Regulatory investigations may use whatever standard is appropriate for the venue where the evidence will be heard. This may include the beyond-a-reasonable-doubt standard, but it is not always used in regulatory investigations in the United States. Operational investigations do not use a standard of evidence.
Kristen wants to use multiple processing sites for her data, but does not want to pay for a full data center. Which of the following options would you recommend as her best option if she wants to be able to quickly migrate portions of her custom application environment to facilities in multiple countries without having to wait to ship or acquire hardware?
A. A cloud PaaS vendor
B. A hosted data center provider
C. A cloud IaaS vendor
D. A data center vendor that provides rack, power, and remote hands services
C. A cloud IaaS vendor will allow Kristen to set up infrastructure as quickly as she can deploy and pay for it. A PaaS vendor provides a platform that would require her to migrate her custom application to it, likely taking longer than a hosted data center provider. A data center vendor that provides rack, power, and remote hands assistance fails the test based on Kristen’s desire to not have to acquire or ship hardware.
What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data?
A. Hot site
B. Warm site
C. Cold site
D. Mobile site
B. Warm sites contain the hardware necessary to restore operations but do not have a current copy of data.
Which one of the following terms describes a period of momentary high voltage?
A. Sag
B. Brownout
C. Spike
D. Surge
C. A power spike is a momentary period of high voltage. A surge is a prolonged period of high voltage. Sags and brownouts are periods of low voltage.
Greg needs to label drives used for his company’s medical insurance claims database. What data label from the following list best matches the type of data he is dealing with?
A. PII
B. Secret
C. Business confidential
D. PHI
D. Medical insurance claims will contain private health information, or PHI. Greg should label the drives as containing PHI and then ensure that they are handled according to his organization’s handling standards for that type of data.
The Open Shortest Path First (OSPF) protocol is a routing protocol that keeps a map of all connected remote networks and uses that map to select the shortest path to a remote destination. What type of routing protocol is OSPF?
A. Link state
B. Shortest path first
C. Link mapping
D. Distance vector
A. OSPF is a link state protocol. Link state protocols maintain a topographical map of all connected networks and preferentially select the shortest path to remote networks for traffic. A distance vector protocol would map the direction and distance in hops to a remote network, whereas shortest path first and link mapping are not types of routing protocols.
Selah wants to ensure that vehicles cannot crash through into her company’s entryway and front lobby while still remaining accessible to pedestrians and wheelchairs or other mobility devices. What physical security control is best suited to this purpose?
A. Fences
B. Bollards
C. Walls
D. Stairs
B. Bollards are physical security solutions that are short and strong posts or similar solutions intended to stop vehicles from crashing through or passing an area. Bollards can be used to allow pedestrians and mobility devices to pass while stopping vehicles. Fences and walls will prevent individuals from passing through them, while stairs are challenging for most mobility devices.
Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.
Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.
Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants
What backup should Tara apply to the server first?
A. Sunday’s full backup
B. Monday’s differential backup
C. Tuesday’s differential backup
D. Wednesday’s differential backup
A. Tara first must achieve a system baseline. She does this by applying the most recent full backup to the new system. This is Sunday’s full backup. Once Tara establishes this baseline, she may then proceed to apply differential backups to bring the system back to a more recent state.
Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.
Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.
Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants
How many backups in total must Tara apply to the system to make the data it contains as current as possible?
A. 1
B. 2
C. 3
D. 4
B. To restore the system to as current a state as possible, Tara must first apply Sunday’s full backup. She may then apply the most recent differential backup, from Wednesday at noon. Differential backups include all files that have changed since the most recent full backup, so the contents of Wednesday’s backup contain all of the data that would be contained in Monday and Tuesday’s backups, making the Monday and Tuesday backups irrelevant for this scenario.
Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.
Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.
Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants
In this backup approach, some data may be irretrievably lost. How long is the time period where any changes made will have been lost?
A. 3 hours.
B. 5 hours.
C. 8 hours.
D. No data will be lost.
A. In this scenario, the differential backup was made at noon, and the server failed at 3 p.m. Therefore, any data modified or created between noon and 3 p.m. on Wednesday will not be contained on any backup and will be irretrievably lost.
Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.
Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.
Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants
If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible?
A. 1
B. 2
C. 3
D. 4
D. By switching from differential to incremental backups, Tara’s weekday backups will only contain the information changed since the previous day. Therefore, she must apply all of the available incremental backups. She would begin by restoring the Sunday full backup and then apply the Monday, Tuesday, and Wednesday incremental backups.
Concho Controls is a midsize business focusing on building automation systems. It hosts a set of local file servers in its on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.
Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.
Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants
If Tara made the change from differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest?
A. Monday’s incremental backup.
B. Tuesday’s incremental backup.
C. Wednesday’s incremental backup.
D. All three will be the same size.
D. Each incremental backup contains only the information changed since the most recent full or incremental backup. If we assume that the same amount of information changes every day, each of the incremental backups would be roughly the same size.
The following figure shows an example of an attack where Mal, the attacker, has redirected traffic from a user’s system to their own, allowing them to read TLS encrypted traffic. Which of the following terms best describes this attack?
A. A DNS hijacking attack
B. An ARP spoofing attack
C. A man-in-the-middle attack
D. A SQL injection attack
C. A man-in-the-middle (increasingly often referred to as a person-in-the-middle, or on-path) attack allows an attacker to redirect traffic and thus read or modify it. This can be completely transparent to the end user, making it a dangerous attack if the malicious actor is successful. DNS hijacking would change a system’s domain name information, and there is no direct indication of that here. Similarly, ARP spoofing is one way to conduct a man-in-the-middle attack, but that detail is not here either. SQL injection is normally done via web applications to execute commands against a database server.
Bob has been tasked with writing a policy that describes how long data should be kept and when it should be purged. What concept does this policy deal with?
A. Data remanence
B. Record retention
C. Data redaction
D. Audit logging
B. Record retention ensures that data is kept and maintained as long as it is needed and that it is purged when it is no longer necessary. Data remanence occurs when data is left behind after an attempt is made to remove it, whereas data redaction is not a technical term used to describe this effort. Finally, audit logging may be part of the records retained but doesn’t describe the lifecycle of data.
Which component of IPsec provides authentication, integrity, and nonrepudiation?
A. L2TP
B. Encapsulating Security Payload
C. Encryption Security Header
D. Authentication Header
D. The Authentication Header provides authentication, integrity, and nonrepudiation for IPsec connections. The Encapsulating Security Payload provides encryption and thus provides confidentiality. It can also provide limited authentication. L2TP is an independent VPN protocol, and Encryption Security Header is a made-up term.
Renee notices that a system on her network recently received connection attempts on all 65,536 TCP ports from a single system during a short period of time. What type of attack did Renee most likely experience?
A. Denial-of-service
B. Reconnaissance
C. Malicious insider
D. Compromise
B. The attack described in the scenario is a classic example of TCP scanning, a network reconnaissance technique that may precede other attacks. There is no evidence that the attack disrupted system availability, which would characterize a denial-of-service attack; that it was waged by a malicious insider; or that the attack resulted in the compromise of a system.
What type of Windows audit record describes events like an OS shutdown or a service being stopped?
A. An application log
B. A security log
C. A system log
D. A setup log
C. Windows system logs include reboots, shutdowns, and service state changes. Application logs record events generated by programs, security logs track events like logins and uses of rights, and setup logs track application setup.
Melissa is in charge of her organization’s security compliance efforts and has been told that the organization does not install Windows patches until a month has passed since the patch has been released unless there is a zero-day exploit that is being actively exploited. Why would the company delay patching like this?
A. To minimize business impact of the installation
B. To allow any flaws with the patch to be identified
C. To prevent malware in the patches from being installed before it is identified
D. To allow the patch to be distributed to all systems
B. Many organizations delay patches for a period of time to ensure that any previously unidentified flaws are found before the patches are installed throughout their organization. Melissa needs to balance business impact against security in her role and may choose to support this or to push for more aggressive installation practices depending on the organization’s risk tolerance and security needs.
What level of RAID is also known as disk striping?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
A. RAID level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
Jacob executes an attack against a system using a valid but low-privilege user account by accessing a file pointer that the account has access to. After the access check, but before the file is opened, he quickly switches the file pointer to point to a file that the user account does not have access to. What type of attack is this?
A. TOCTOU
B. Permissions creep
C. Impersonation
D. Link swap
A. This is an example of a time of check/time of use, or TOC/TOU, attack. It exploits the difference between the times when a system checks for permission to perform an action and when the action is actually performed. Permissions creep would occur if the account had gained additional rights over time as the other’s role or job changed. Impersonation occurs when an attacker pretends to be a valid user, and link swap is not a type of attack.
What is the minimum number of disks required to implement RAID level 0?
A. 1
B. 2
C. 3
D. 5
B. RAID 0, or disk striping, requires at least two disks to implement. It improves performance of the storage system but does not provide fault tolerance.
Fred’s company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest?
A. Digitally sign and encrypt all messages to ensure integrity.
B. Digitally sign but don’t encrypt all messages.
C. Use TLS to protect messages, ensuring their integrity.
D. Use a hashing algorithm to provide a hash in each message to prove that it hasn’t changed.
B. Fred’s company needs to protect integrity, which can be accomplished by digitally signing messages. Any change will cause the signature to be invalid. Encrypting isn’t necessary because the company does not want to protect confidentiality. TLS can provide in-transit protection but won’t protect integrity of the messages, and of course a hash used without a way to verify that the hash wasn’t changed won’t ensure integrity either.
The leadership at Susan’s company has asked her to implement an access control system that can support rule declarations like “Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m.” What type of access control system would be Susan’s best choice?
A. ABAC
B. RBAC
C. DAC
D. MAC
A. An attribute-based access control (ABAC) system will allow Susan to specify details about subjects, objects, and access, allowing granular control. Although a rule-based access control system (RBAC) might allow this, the attribute-based access control system can be more specific and thus is more flexible. Discretionary access control (DAC) would allow object owners to make decisions, and mandatory access controls (MACs) would use classifications; neither of these capabilities was described in the requirements.
Nora’s company operates servers on a five-year lifecycle. When they reach their end of life according to that process, the servers are sent to an e-waste recycler. Which of the following is the most effective control that Nora could implement to ensure that a data breach does not occur due to remanent data?
A. Zero wipe the drives before the servers leave the organization.
B. Remove the drives and shred them.
C. Reformat the drives before the servers are sent to the e-waste company.
D. Require certificates of disposal from the e-waste company.
B. The most effective control is to remove the drives and shred them, removing any chance for the servers to leave with data remaining on them. A trustworthy company that can provide a certificate of disposal with appropriate contractual controls may be a reasonable and cost-efficient alternative, but the company may also then want to zero wipe drives before the systems leave to reduce the risk if a system makes it out of the recycler’s control. The worst answer here is reformatting, which will not remove data.
Chris is deploying a gigabit Ethernet network using Category 6 cable between two buildings. What is the maximum distance he can run the cable according to the Category 6 standard?
A. 50 meters
B. 100 meters
C. 200 meters
D. 300 meters
B. The maximum allowed length of a Cat 6 cable is 100 meters, or 328 feet. Long distances are typically handled by a fiber run or by using network devices like switches or repeaters—not only because of the distance, but also because outdoor runs can experience lightning strikes, which won’t affect fiber. Knowing that copper twisted pair has distance limitations can be important in many network designs and influences where switches and other devices are placed.
Howard is a security analyst working with an experienced computer forensics investigator. The investigator asks him to retrieve a forensic drive controller, but Howard cannot locate a device in the storage room with this name. What is another name for a forensic drive controller?
A. RAID controller
B. Write blocker
C. SCSI terminator
D. Forensic device analyzer
B. One of the main functions of a forensic drive controller is preventing any command sent to a device from modifying data stored on the device. For this reason, forensic drive controllers are also often referred to as write blockers.
The web application that Saria’s development team is working on needs to provide secure session management that can prevent hijacking of sessions using the cookies that the application relies on. Which of the following techniques would be the best for her to recommend to prevent this?
A. Set the Secure attribute for the cookies, thus forcing TLS.
B. Set the Domain cookie attribute to example.com to limit cookie access to servers in the same domain.
C. Set the Expires cookie attribute to less than a week.
D. Set the HTTPOnly attribute to require only unencrypted sessions.
A. Setting the Secure cookie will only allow cookies to be sent via HTTPS TLS or SSL sessions, preventing man-in-the-middle attacks that target cookies. The rest of the settings are problematic. For example, cookies are vulnerable to DNS spoofing. Domain cookies should usually have the narrowest possible scope, which is actually accomplished by not setting the Domain cookie. This allows only the originating server to access the cookie. Cookies without the Expires or Max-age attributes are ephemeral and will only be kept for the session, making them less vulnerable than stored cookies. Normally, the HTTPOnly attribute is a good idea, but it prevents scripting rather than requiring unencrypted HTTP sessions.
Ben’s company has recently retired its fleet of multifunction printers. The information security team has expressed concerns that the printers contain hard drives and that they may still have data from scans and print jobs. What is the technical term for this issue?
A. Data pooling
B. Failed clearing
C. Data permanence
D. Data remanence
D. Data remanence describes data that is still on media after an attempt has been made to remove it. Failed clearing and data pooling are not technical terms, and data permanence describes how long data lasts.