SSCP (ISC2) T1

Which of the following is not a type of attack used against access controls

-Dictionary Attack

-Brute Force Attack

- Teardrop

-Man in the middle attack

Teardrop

George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George's company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George's testimony?

A. Testimonial evidence rule

B. Parol evidence rule

C. Best evidence rule

D. Hearsay rule

Hearsay Rule

Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device?

A. Record the MAC address of each system.

B. Require users to fill out a form to register each system.

C. Scan each system using a port scanner.

D. Use device fingerprinting via a web-based registration system.

Use device fingerprinting via a web based registration system

Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?

A. Blacklisting

B. Graylisting

C. Whitelisting

D. Bluelisting

Whitelisting

Which pair of the following factors is key for user acceptance of biometric identification systems?

The throughput rate and time required to enroll

Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users?

A. Cat 5 and Cat 6

B. Cat 5e and Cat 6

C. Cat 4e and Cat 5e

D. Cat 6 and Cat 7

Cat 5e and Cat 6

Provisioning that occurs through an established workflow such as through an HR process is workflow based account provisiong. If alex had set up accounts for his new hire on the systems he manages he would have been using discretionary account provisioning. If the provisioning system allowed the new hire to sign up for an account on their own they would have used self service account provisioning and if there was a central software driven process, rather than HR forms, it would have been automated account provisioning.

JUST SO YOU KNOW MAJEEE

Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point of sale terminals to those packages on a preapproved list. What approach should vivian use?

Whitelist

What type of motion detector senses changes in the electromagnetic fields in monitored areas?

Capacitance

(Capacitance motion detectors monitor the electromagnetic field in a monitored area sensing disturbances that correspond to motion.)

Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls.

What type of cloud computing service is in use?

A. IaaS

B. PaaS

C. CaaS

D. SaaS

IaaS

In this scenario the vendor is providing object based storage a core infrastructure service. Therefore this is an example of infrastructure as a service.

What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles?

Annually

Which one of the following technologies is not normally a capability of a mobile device management solution?

Assuming control of a nonregistered BYOD mobile device

Alex is preparing to solicit bids for a penetration test of his companys network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process?

White Box

White-box penetration testing provides the tester with information about networks,

systems, and configurations, allowing highly effective testing. It doesn't simulate an

actual attack like black- and gray-box testing can and thus does not have the same

realism, and it can lead to attacks succeeding that would fail in a zero- or limitedknowledge

attack.

What RADIUS alternative is commonly used for Cisco network gear and supports two factor authentication?

TACACS +

B. TACACS+ is the most modern version of TACACS, the Terminal Access Controller

Access-Control System. It is a Cisco proprietary protocol with added features beyond

what RADIUS provides, meaning it is commonly used on Cisco networks. XTACACS

is an earlier version, Kerberos is a network authentication protocol rather than a remote

user authentication protocol, and RADIUS+ is a made-up term.

What type of fire extinguisher is useful against liquid-based fires?

Class B

Class B fire extinguishers use carbon dioxide, halon, or soda acid as their suppression

material and are useful against liquid-based fires. Water may not be used against liquidbased

fires because it may cause the burning liquid to splash, and many burning liquids,

such as oil, will float on water.

Which one of the following components should be included in an organizations emergency response guidelines?

Immediate Response Procedures

A. The emergency response guidelines should include the immediate steps an

organization should follow in response to an emergency situation. These include

immediate response procedures, a list of individuals who should be notified of the

emergency, and secondary response procedures for first responders. They do not include

long-term actions such as activating business continuity protocols, ordering equipment,

or activating DR sites.

Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility?

Parallel Test

C. During a parallel test, the team activates the disaster recovery site for testing,

but the primary site remains operational. A simulation test involves a roleplay of a

prepared scenario overseen by a moderator. Responses are assessed to help improve

the organization's response process. The checklist review is the least disruptive type of

disaster recovery test. During a checklist review, team members each review the contents

of their disaster recovery checklists on their own and suggest any necessary changes.

During a tabletop exercise, team members come together and walk through a scenario

without making any changes to information systems.

Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages?

The severity level

Implementations of syslog vary, but most provide a setting for severity level, allowing configuration of a value that determines what messages are sent. Typical severity levels include debug, informational, notice, warning, error, critical, alert, and emergency. The facility code is also supported by syslog but is associated with which services are being logged. Security level and log priority are not typical syslog settings

While Lauren is monitoring traffic on two ends of a network connection she sees traffic that is inbound to a public IP address show up inside the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border?

NAT

Network address translation (NAT) translates an internal address to an external address. VLANs are used to logically divide networks, BGP is a routing protocol, and S/ NAT is a made-up term

Michelle is in charge of her organizations mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen?

Full device encryption and mandatory passcodes.

While full device encryption doesn't guarantee that data cannot be accessed, it provides Michelle's best option for preventing data from being lost with a stolen device when paired with a passcode. Mandatory passcodes and application management can help prevent application-based attacks and unwanted access to devices but won't keep the data secure if the device is lost. Remote wipe and GPS location is useful if the thief allows the device to connect to a cellular or Wi-Fi network. Unfortunately, many modern thieves immediately take steps to ensure that the device will not be trackable or allowed to connect to a network before they capture data or wipe the device for resale

Dogs, guards, and fences are all common examples of what type of control?

Physical

In which cloud computing model does a customer share computing infrastructure with other customers of the cloud of the cloud vendor where one customer may not know the others identity?

Public Cloud

What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service?

An application level gateway firewall

An application-level gateway firewall uses proxies for each service it filters. Each proxy is designed to analyze traffic for its specific traffic type, allowing it to better understand valid traffic and to prevent attacks. Static packet filters and circuit-level gateways simply look at the source, destination, and ports in use, whereas a stateful packet inspection firewall can track the status of communication and allow or deny traffic based on that understanding

James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining?

RPO

The recovery point objective (RPO) identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. The recovery time objective (RTO) is the amount of time expected to return an IT service or component to operation after a failure. The maximum tolerable downtime (MTD) is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization. Service-level agreements (SLAs) are written contracts that document service expectations

Which of the following is not one of the canons of the ISC2 Code of Ethics?

Maintain competent records of all investigations and assesments.

. The four canons of the (ISC)2 code of ethics are to protect society, the common good, necessary public trust and confidence, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession

Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables.

Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?

A. Password expiration policies

B. Salting

C. User education

D. Password complexity policies

Salting

What is the process that occurs when the Session layer removes the header from data sent by the transport layer?

De-encapsulation

The process of removing a header (and possibly a footer) from the data received from a previous layer in the OSI model is known as de-encapsulation. Encapsulation occurs when the header and/or footer are added.

Which of the following types of firewalls does not have the ability to track connection status between different packets?

Packet filter

Static packet filtering firewalls are known as first-generation firewalls and do not track connection state. Stateful inspection, application proxying, and next-generation firewalls all add connection state tracking capability

Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve?

Integrity

Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue?

A SSH

B FTP

C TLS

D NTP

NTP

Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage.

What metric is Alan attempting to lower?

A. Likelihood

B. RTO

C. RPO

D. Impact

Impact

Which of the following technologies is designed to prevent a webserver going offline from becoming a single point of failure in a web application architecture?

Load Balancing

When an application or system allows a logged in user to perform specific actions it is an example of what?

Authorization

What is the minimum number of cryptographic keys necessary to achieve strong security when using 3DES algorithm?

2

Triple DES functions by using either two or three encryption keys. When used with

only one key, 3DES produces weakly encrypted ciphertext that is the insecure equivalent

of DES.

Gina recently took the SSCP certification exam and then wrote a blog post that included

the text of many of the exam questions that she experienced. What aspect of the (ISC)2

code of ethics is most directly violated in this situation?

Advance and protect the profession.

Gina's actions harm the SSCP certification and information security community

by undermining the integrity of the examination process. While Gina also is acting

dishonestly, the harm to the profession is more of a direct violation of the code of ethics.

What type of access controls allow the owner of a file to grant other users access to it

using an access control list?

Discretionary

When the owner of a file makes the decisions about who has rights or access

privileges to it, they are using discretionary access control. Role-based access controls

would grant access based on a subject's role, while rule-based controls would base the

decision on a set of rules or requirements. Nondiscretionary access controls apply a

fixed set of rules to an environment to manage access. Nondiscretionary access controls

include rule-, role-, and lattice-based access controls.

Which one of the following components is used to assign classifications to objects in a

mandatory access control system?

Security Label

Administrators and processes may attach security labels to objects that provide

information on an object's attributes. Labels are commonly used to apply classifications

in a mandatory access control system.

Which one of the following is not a mode of operation for the Data Encryption Standard?

A. CBC

B. CFB

C. OFB

D. AES

AES

The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining

(CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The

Advanced Encryption Standard (AES) is a separate encryption algorithm.

Voice pattern recognition is what type of authentication factor?

Something you are

Which of the following is not a single sign-on implementation?

RADIUS

Kerberos, Active Directory Federation Services (ADFS), and Central Authentication

Services (CAS) are all SSO implementations. RADIUS is not a single sign-on

implementation, although some vendors use it behind the scenes to provide

authentication for proprietary SSO.

Chris is conducting a risk assessment for his organization and has determined the

amount of damage that a single flood could be expected to cause to his facilities. What

metric has Chris identified?

SLE

The single loss expectancy (SLE) is the amount of damage that a risk is expected to

cause each time that it occurs.

Susan has discovered that the smart card-based locks used to keep the facility she works

at secure are not effective because staff members are propping the doors open. She places

signs on the doors reminding staff that leaving the door open creates a security issue,

and she adds alarms that will sound if the doors are left open for more than five minutes.

What type of controls has she put into place?

Compensation

She has placed compensation controls in place. Compensation controls are used

when controls like the locks in this example are not sufficient. While the alarm

is a physical control, the signs she posted are not. Similarly, the alarms are not

administrative controls. These controls do not help to recover from an issue and are thus

not recovery controls.

During what phase of the electronic discovery reference model does an organization ensure

that potentially discoverable information is protected against alteration or deletion?

Preservation

During the preservation phase, the organization ensures that information related

to the matter at hand is protected against intentional or unintentional alteration or

deletion. The identification phase locates relevant information but does not preserve it.

The collection phase occurs after preservation and gathers responsive information. The

processing phase performs a rough cut of the collected information for relevance.

Marty discovers that the access restrictions in his organization allow any user to log into the

workstation assigned to any other user, even if they are from completely different departments.

This type of access most directly violates which information security principle?

Least Privilege

This broad access may indirectly violate all of the listed security principles, but it is

most directly a violation of least privilege because it grants users privileges that they do

not need for their job functions.

Which of the following tools is best suited to testing known exploits against a system?

Metasploit

Metasploit is a tool used to exploit known vulnerabilities. Nikto is a web application

and server vulnerability scanning tool, Ettercap is a man-in-the-middle attack tool, and

THC Hydra is a password brute-force tool.

Denise is preparing for a trial relating to a contract dispute between her company and

a software vendor. The vendor is claiming that Denise made a verbal agreement that

amended their written contract. What rule of evidence should Denise raise in her defense?

Parol Evidence Rule

The parol evidence rule states that when an agreement between two parties is put

into written form, it is assumed to be the entire agreement unless amended in writing.

The best evidence rule says that a copy of a document is not admissible if the original

document is available. Real evidence and testimonial evidence are evidence types, not

rules of evidence.

During which phase of the incident response process would an organization determine

whether it is required to notify law enforcement officials or other regulators of the incident?

Reporting

During the Reporting phase, incident responders assess their obligations under laws

and regulations to report the incident to government agencies and other regulators.

Gordon is conducting a risk assessment for his organization and determined the amount

of damage that flooding is expected to cause to his facilities each year. What metric has

Gordon identified?

ALE

The annualized loss expectancy is the amount of damage that the organization

expects to occur each year as the result of a given risk.

Data is sent as bits at what layer of the OSI model?

Physical

Angie is configuring egress monitoring on her network to provide added security. Which

one of the following packet types should Angie allow to leave the network headed for the

Internet?

Packets with a source address from Angie's public IP address block

All packets leaving Angie's network should have a source address from her public

IP address block. Packets with a destination address from Angie's network should not

be leaving the network. Packets with source addresses from other networks are likely

spoofed and should be blocked by egress filters. Packets with private IP addresses as

sources or destinations should never be routed onto the Internet.

Harry would like to access a document owned by Sally stored on a file server. Applying the

subject/object model to this scenario, who or what is the object of the resource request?

Document

In the subject/object model, the object is the resource being requested by a subject. In

this example, Harry would like access to the document, making the document the object

of the request.

Information about an individual like their name, Social Security number, date and

place of birth, or their mother's maiden name is an example of what type of protected

information?

PII

Greg is building a disaster recovery plan for his organization and would like to determine

the amount of time that it should take to restore a particular IT service after an outage.

What variable is Greg calculating?

RTO (Recovery Time Objective)

The recovery time objective (RTO) is the amount of time expected to return an IT

service or component to operation after a failure. The maximum tolerable downtime

(MTD) is the longest amount of time that an IT service or component may be unavailable

without causing serious damage to the organization. The recovery point objective (RPO)

identifies the maximum amount of data, measured in time, that may be lost during a

recovery effort. Service-level agreements (SLAs) are written contracts that document

service expectations.

What type of access control is intended to discover unwanted or unauthorized activity by

providing information after the event has occurred?

Detective

What business process typically requires sign-off from a manager before modifications

are made to a system?

Change Management

Gordon is developing a business continuity plan for a manufacturing company's IT

operations. The company is located in North Dakota and currently evaluating the risk

of earthquake. They choose to pursue a risk acceptance strategy. Which one of the

following actions is consistent with that strategy?

Documenting the decision making process

In a risk acceptance strategy, the organization chooses to take no action other than

documenting the risk. Purchasing insurance would be an example of risk transference.

Relocating the data center would be risk avoidance. Reengineering the facility is an

example of a risk mitigation strategy.

What type of motion detector uses high microwave frequency signal transmissions to

identify potential intruders?

Wave Pattern

Bert is considering the use of an infrastructure as a service cloud computing partner to

provide virtual servers. Which one of the following would be a vendor responsibility in

this scenario?

Maintaining the hypervisor

In an IaaS server environment, the customer retains responsibility for most server

security operations under the shared responsibility model. This includes managing OS

security settings, maintaining host firewalls, and configuring server access control.

The vendor would be responsible for all security mechanisms at the hypervisor layer

and below.

Callback to a landline phone number is an example of what type of factor?

Somewhere you are

A callback to a landline phone number is an example of a "somewhere you are" factor

because of the fixed physical location of a wired phone. A callback to a mobile phone

would be a "something you have" factor.

Renee is using encryption to safeguard sensitive business secrets when in transit over the

Internet. What risk metric is she attempting to lower?

Likelihood

Using encryption reduces risk by lowering the likelihood that an eavesdropper will be

able to gain access to sensitive information.

Kim is the system administrator for a small business network that is experiencing security

problems. She is in the office in the evening working on the problem, and nobody

else is there. As she is watching, she can see that systems on the other side of the office

that were previously behaving normally are now exhibiting signs of infection. What type

of malware is Kim likely dealing with?

Worm

Worms have built-in propagation mechanisms that do not require user interaction,

such as scanning for systems containing known vulnerabilities and then exploiting those

vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction

to spread. Logic bombs do not spread from system to system but lie in wait until certain

conditions are met, triggering the delivery of their payload.

What two logical network topologies can be physically implemented as a star topology?

A bus and a ring

Jim has worked in human relations, payroll, and customer service roles in his company

over the past few years. What type of process should his company perform to ensure that

he has appropriate rights?

Account Review

As an employee's role changes, they often experience privilege creep, which is the

accumulation of old rights and roles. Account review is the process of reviewing accounts

and ensuring that their rights match their owners' role and job requirements. Account

revocation removes accounts, while reprovisioning might occur if an employee was

terminated and returned or took a leave of absence and returned.

What type of inbound packet is characteristic of a ping flood attack?

ICMP echo request

The ping flood attack sends echo requests at a targeted system. These pings use

inbound ICMP echo request packets, causing the system to respond with an outbound

ICMP echo reply.

What penetration testing technique can best help assess training and awareness issues?

Social Engineering

GAD Systems is concerned about the risk of hackers stealing sensitive information

stored on a file server. They choose to pursue a risk mitigation strategy. Which one of

the following actions would support that strategy?

Encrypting the files

Sally's organization needs to be able to prove that certain staff members sent emails, and

she wants to adopt a technology that will provide that capability without changing their

existing email system. What is the technical term for the capability Sally needs to implement

as the owner of the email system, and what tool could she use to do it?

Nonrepudiation; digital signatures

What type of virus is characterized by the use of two or more different propagation

mechanisms to improve its likelihood of spreading between systems?

Multipartite virus

Multipartite viruses use multiple propagation mechanisms to spread between systems.

This improves their likelihood of successfully infecting a system because it provides

alternative infection mechanisms that may be successful against systems that are not

vulnerable to the primary infection mechanism.

Which one of the following provides an authentication mechanism that would be appropriate

for pairing with a password to achieve multifactor authentication?

Fingerprint scan

Colleen is conducting a business impact assessment for her organization. What metric

provides important information about the amount of time that the organization may be

without a service before causing irreparable harm?

MTD ( Maximum Tolerable Downtime)

The maximum tolerable downtime (MTD) is the amount of time that a business may

be without a service before irreparable harm occurs. This measure is sometimes also

called maximum tolerable outage (MTO).

The separation of network infrastructure from the control layer, combined with the ability

to centrally program a network design in a vendor-neutral, standards-based implementation,

is an example of what important concept?

SDN, a converged protocol that allows network virtualization

Software-defined networking (SDN) is a converged protocol that allows virtualization

concepts and practices to be applied to networks. MPLS handles a wide range of protocols

like ATM, DSL, and others, but isn't intended to provide the centralization capabilities

that SDN does. Content distribution network (CDN) is not a converged protocol, and

FCoE is Fibre Channel over Ethernet, a converged protocol for storage.

Ben is selecting an encryption algorithm for use in an organization with 10,000 employees.

He must facilitate communication between any two employees within the organization.

Which one of the following algorithms would allow him to meet this goal with the

least time dedicated to key management?

RSA

Which of the following is used only to encrypt data in transit over a network and cannot

be used to encrypt data at rest?

TKIP

TKIP is used only as a means to encrypt transmissions and is not used for data at

rest. RSA, AES, and 3DES are all used on data at rest as well as data in transit.

Which one of the following tools may be used to achieve the goal of nonrepudiation?

Digital signature

When should an organization conduct a review of the privileged access that a user has to

sensitive systems?

A. On a periodic basis

B. When a user leaves the organization

C. When a user changes roles

D. All of the above

All of the above

Nessus, OpenVAS, and SAINT are all examples of what type of tool?

Vulnerability scanners

Kolin is searching for a network security solution that will allow him to help reduce

zero-day attacks while using identities to enforce a security policy on systems before they

connect to the network. What type of solution should Kolin implement?

A NAC system

Network access control (NAC) systems can be used to authenticate users and

then validate their system's compliance with a security standard before they are

allowed to connect to the network. Enforcing security profiles can help reduce zeroday

attacks, making NAC a useful solution. A firewall can't enforce system security

policies, whereas an IDS can only monitor for attacks and alarm when they happen.

Thus, neither a firewall nor an IDS meets Kolin's needs. Finally, port security is a MAC

address-based security feature that can restrict only which systems or devices can

connect to a given port.

How many possible keys exist when using a cryptographic algorithm that has an 8-bit

binary encryption key?

256

In what cloud computing model does the customer build a cloud computing environment

in his or her own data center or build an environment in another data center that is for

the customer's exclusive use?

Private cloud

What major issue often results from decentralized access control?

Control is not consistent.

In what model of cloud computing do two or more organizations collaborate to build a

shared cloud computing environment that is for their own use?

Community Cloud

Susan's organization is updating its password policy and wants to use the strongest possible

passwords. What password requirement will have the highest impact in preventing

brute-force attacks?

Increase the minimum password length from 8 characters to 16 characters.

Which of the following statements is true about heuristic-based anti-malware software?

It has a higher likelihood of detecting zero-day exploits than signature detection.

Which one of the following malware types uses built-in propagation mechanisms that

exploit system vulnerabilities to spread?

Worm

When Chris verifies an individual's identity and adds a unique identifier like a user ID to

an identity system, what process has occurred?

Registration

Fred needs to deploy a network device that can connect his network to other networks

while controlling traffic on his network. What type of device is Fred's best choice?

router

1. Black box: C. No prior knowledge of the system

2. White box: A. Full knowledge of the system

3. Gray box: B. Partial or incomplete knowledge

so you know pues orale homes

Cloud computing uses a shared responsibility model for security, where the vendor

and customer each bears some responsibility for security. The division of responsibility

depends upon the type of service used. Place the cloud service offerings listed here in

order from the case where the customer bears the least responsibility to where the customer

bears the most responsibility.

The cloud service offerings in order from the case where the customer bears the least

responsibility to where the customer bears the most responsibility are:

B. SaaS

C. PaaS

A. IaaS

Bill implemented RAID level 5 on a server that he operates using a total of three disks.

How many disks may fail without the loss of data?

1

RAID level 5 is also known as disk striping with parity. It uses three or more disks,

with one disk containing parity information used to restore data to another disk in the

event of failure. When used with three disks, RAID 5 is able to withstand the loss of a

single disk.

Which one of the following is normally used as an authorization tool?

ACL

Access control lists (ACLs) are used for determining a user's authorization level.

Usernames are identification tools. Passwords and tokens are authentication tools.

Ben is concerned about password cracking attacks against his system. He would like to

implement controls that prevent an attacker who has obtained those hashes from easily

cracking them. What two controls would best meet this objective?

Longer passwords and salting

Mark is planning a disaster recovery test for his organization. He would like to perform

a live test of the disaster recovery facility but does not want to disrupt operations at the

primary facility. What type of test should Mark choose?

Parallel test

Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read

the contents of the message while in transit. What goal of cryptography is Alice attempting

to achieve?

Confidentiality

The company Chris works for has notifications posted at each door reminding employees

to be careful to not allow people to enter when they do. Which type of controls best

describes this?

Directive

Notifications and procedures like the signs posted at the company Chris works for

are examples of directive access controls. Detective controls are designed to operate after

the fact. The doors and the locks on them are examples of physical controls. Preventive

controls are designed to stop an event and could also include the locks that are present on

the doors.

Jim is implementing an IDaaS solution for his organization. What type of technology is

he putting in place?

Identity as a service

How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption

keys?

64

When an attacker calls an organization's help desk and persuades them to reset a password

for them because of the help desk employee's trust and willingness to help, what

type of attack succeeded?

Social Engineering

Which one of the following is typically considered a business continuity task?

Business impact assessment

Developing a business impact assessment is an integral part of the business continuity

planning effort. The selection of alternate facilities, activation of those facilities, and

restoration of data from backup are all disaster recovery tasks.

Kathleen needs to set up an Active Directory trust to allow authentication with an existing

Kerberos K5 domain. What type of trust does she need to create?

A realm trust

During a system audit casey notices that the private key for her organizations web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do?

Request a new certificate using a new key

The first thing casey should do is notify her management but after that replacing the certificate and using proper key management practices with the new certificates key should be at the top of her list.