natural events. Which of the following represent natural events that can pose a threat or risk to an organization?EarthquakeFloodTornadoAll of the above32 What kind of recovery facility enables an organization to resume operations as quickly as possible, if not immediately, upon failure of the primary facility?Hot siteWarm siteCold siteAll of the above
33 During an account review, an auditor provided the following report:UserLast Login LengthLass Password ChangeBob4 hours87 daysSue3 hours38 daysJohn1 hour935 daysKesha3 hours49 daysThe security manager reviews the account policies of the organization and takes note of the following requirements:Passwords must be at least 12 characters long.Passwords must include at least one example of three different character types.Passwords must be changed every 180 days.Passwords cannot be reused.Which of the following security controls should be corrected to enforce the password policy?Minimum password lengthAccount lockoutPassword history and minimum agePassword maximum age
34 Any evidence to be used in a court proceeding must abide by the Rules of Evidence to be admissible. What type of evidence refers to written documents that are brought into court to prove a fact?Best evidenceParol evidenceDocumentary evidenceTestimonial evidence
35 DevOps manager John is concerned with the CEO's plan to minimize his department and outsource code development to a foreign programming group. John has a meeting scheduled with the board of directors to encourage them to retain code development in house due to several concerns. Which of the following should John include in his presentation? (Choose all that apply.)Code from third parties will need to be manually reviewed for function and security.If the third party goes out of business, existing code may need to be abandoned.Third-party code development is always more expensive.A software escrow agreement should be established.
36 When TLS is being used to secure web communications, what URL prefix appears in the web browser address bar to signal this fact?SHTTP://TLS://FTPS://HTTPS://
37 A new update has been released by the vendor of an important software product that is an essential element of a critical business task. The chief security officer (CSO) indicates that the new software version needs to be tested and evaluated in a virtual lab, which has a cloned simulation of many of the company's production systems. Furthermore, the results of this evaluation must be reviewed before a decision is made as to whether the software update should be installed and, if so, when to install it. What security principle is the CSO demonstrating?Business continuity planning (BCP)OnboardingChange managementStatic analysis
38 What type of token device produces new time-derived passwords on a specific time interval that can be used only a single time when attempting to authenticate?HOTPHMACSAMLTOTP
39 Your organization is moving a significant portion of their data processing from an on-premises solution to the cloud. When evaluating a cloud service provider (CSP), which of the following is the most important security concern?Data retention policyNumber of customersHardware used to support VMsWhether they offer MaaS, IDaaS, and SaaS
40 Most software vulnerabilities exist because of a lack of secure or defensive coding practices used by the developers. Which of the following is not considered a secure coding technique? (Choose all that apply.)Using immutable systemsUsing stored proceduresUsing code signingUsing server-side validationOptimizing file sizesUsing third-party software libraries
Answers to Assessment Test
1 C. Detective access controls are used to discover (and document) unwanted or unauthorized activity. Preventive access controls block the ability to perform unwanted activity. Deterrent access controls attempt to persuade the perpetrator not to perform unwanted activity. Corrective access controls restore a system to normal function in the event of a failure or system interruption.
2 D. Strong password choices are difficult to guess, unpredictable, and of specified minimum lengths to ensure that password entries cannot be computationally determined. They may be randomly generated and use all the alphabetic, numeric, and punctuation characters; they should never be written down or shared; they should not be stored in publicly accessible or generally readable locations; and they shouldn't be transmitted in the clear.
3 B. Network-based IDSs are usually able to detect the initiation of an attack or the ongoing attempts to perpetrate an attack (including denial of service, or DoS). They are, however, unable to provide information about whether an attack was successful or which specific systems, user accounts, files, or applications were affected. Host-based IDSs have some difficulty with detecting and tracking down DoS attacks. Vulnerability scanners don't detect DoS attacks; they test for possible vulnerabilities. Penetration testing may cause a DoS or test for DoS vulnerabilities, but it is not a detection tool.
4 B. Not all instances of DoS are the result of a malicious attack. Errors in coding OSs, services, and applications have resulted in DoS conditions. Some examples of this include a process failing to release control of the CPU or a service consuming system resources out of proportion to the service requests it is handling. Social engineering (i.e., pretending to be a technical manager) and sniffing (i.e., intercepting network traffic) are typically not considered DoS attacks. Sending message packets to a recipient who did not request them simply to be annoying may be a type of social engineering and it is definitely spam, but unless the volume of the messages is significant, it does not warrant the label of DoS.
5 A. Network hardware devices, including routers, function at layer 3, the Network layer. Layer 1, the Physical layer, is where repeaters and hubs operate, not routers. The Transport layer, layer 4, is where circuit level firewalls and proxies operate, not routers. Layer 5, the Session layer, does not actually exist in a modern TCP/IP network, and thus no hardware directly operates at this layer, but its functions are performed by TCP in the Transport layer, layer 4, when sessions are in use.
6 D. Stateful inspection firewalls (aka dynamic packet-filtering firewall) enable the real-time modification of the filtering rules based on traffic content and context. The other firewalls listed as options—static packet filtering, application level, and circuit level—are all stateless and thus do not consider the context when applying filtering rules.
7 D. A virtual private network (VPN) link can be established over any network communication connection. This could be a typical LAN cable connection, a wireless LAN connection, a remote access dial-up connection, a WAN link, or even an internet connection used by a client for access to the office LAN.
8 C. A Trojan horse is a form of malware that uses social engineering tactics to trick a victim into installing it—the trick is to make the victim believe that the only thing they have downloaded or obtained is the host file, when in fact it has a malicious hidden payload. Viruses and logic bombs do not typically use social engineering as an element in their means of infecting a system. A worm sometimes is designed to take advantage of social engineering, such as when the worm is an executable email attachment and the message tricks the victim into opening it. However, not all worms are designed this way—this is a core design concept of a Trojan horse.
9 D. The components of the CIA Triad are confidentiality, availability, and integrity. The other options are not the terms that define the CIA Triad, although they are security concepts that need to be evaluated when establishing a security infrastructure.
10 B. Privacy is not necessary to provide accountability. The required elements of accountability, as defined in AAA services, are as follows: identification (which is sometimes considered an element of authentication, a silent first step of AAA services, or represented by IAAA), authentication (i.e., identification verification), authorization (i.e., access control), auditing (i.e., logging and monitoring), and accounting.
11 C. Group user accounts allow for multiple people to log in under a single user account. This allows collusion because it prevents individual accountability. Separation of duties, restricted
