The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.

〇：Creating Data Collection Techniques

Of the steps listed, the first step in a Business Impact Analysis (BIA) is to create a data collection technique. The BCP committee will use questionnaires, surveys, and interviews to collect key person information on how different tasks are accomplished within the organization, along with any relevant dependencies of processes, transactions, or services. Process flow diagrams should be created from this data and used throughout the BIA and planning and development phases.

×：Risk calculations for each different business function

This is incorrect because the risk for each business function is calculated after the business function has been identified. And before that happens, the BCP team needs to collect data from key personnel. To calculate the risk for each business function, qualitative and quantitative impact information must be collected, properly analyzed, and interpreted. Once the data analysis is complete, it should be reviewed with the most knowledgeable people in the company to ensure that the results are relevant and to explain the actual risks and impacts facing the organization. This will flush out any additional data points that were not captured initially and allow for a full understanding of all possible business impacts.

×：Identifying Critical Business Functions

Image B is incorrect because the identification of critical business functions is done after the BCP committee has learned about the business functions that exist by interviewing and surveying key individuals. Once the data collection phase is complete, the BCP committee conducts an analysis to determine which processes, devices, or business activities are critical. If a system stands on its own, does not affect other systems, and is less critical, it can be classified as a Tier 2 or Tier 3 recovery step. In other words, these resources are not processed in the recovery phase until the most critical (Tier 1) resources are up and running.

×：Vulnerability and Threat Identification to Business Functions

This is not the first step and is incorrect because it identifies vulnerabilities and threats to business functions toward the end of the business impact analysis. It is the last of the steps listed in the answer. Threats can be man-made, natural, or technical. It is important to identify all possible threats and estimate their likelihood of occurring. When developing these plans, some issues may not be immediately apparent. These issues are best addressed by groups conducting scenario-based exercises. This ensures that when the threat becomes reality, the plan will have an impact on all business tasks, departments, and critical operations. The more issues that are planned for, the better prepared you will be should these events occur.

〇：Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is a U.S. copyright law that makes it a crime, among other things, for technology to infringe upon the access control measures established to protect copyrighted material. Therefore, the correct answer is “Digital Millennium Copyright Act.

If you find a way to “unlock” a proprietary method of protecting an e-book, you can charge this act. Even if you do not share the actual copyrighted book with anyone, the specific law has been broken and you will be convicted.

×：COPPA

The Children’s Online Privacy Protection Act (COPPA) is a law that allows for the safe use of children’s sites on the Internet and prohibits children from being put at risk if they do not have any terms and conditions The law prohibits children from being endangered without any terms and conditions so that they can safely use the Internet for children.

×：Federal Privacy Act

There is no such law, but a close equivalent is the U.S. Federal Data Privacy Act. This would be a comprehensive privacy law at the federal level in the United States.

×：GDPR

The General Data Protection Regulation (GDPR) is a privacy law for EU citizens that is a stricter version of the Data Protection Directive.

To test the application, normal user behavior must be emulated. However, common loads of user activity are not available in the testing environment. Therefore, common user transaction scripts can be built to facilitate different forms of testing.

〇：SIEM

Many organizations have implemented security event management systems, called Security Information and Event Management (SIEM) systems. They attempt to correlate log data collected from various devices (servers, firewalls, routers, etc.) and provide analysis capabilities. They also have solutions with networks (IDS, IPS, anti-malware, proxies, etc.) that collect logs in various proprietary formats that require centralization, standardization, and normalization. Therefore, the correct answer is SIEM.

×：Intrusion Detection System

Intrusion Detection System (IDS, Intrusion Detection System) is a mechanism that monitors the system and leads to passive actions. It does not have the ability to collect and analyze logs.

×：SOAR

SOAR (Security Orchestration, Automation and Response) is a technology that enables efficient monitoring, understanding, decision-making and action on security incidents. It may be fulfilled by SOAR through intrinsic cause analysis, but it is not a solution used for the purpose of identifying if suspicious activity is taking place in the network.

×：Event correlation tools

The term “event correlation tool” does not exist, but may be a feature of a SIEM.

〇：CA signs certificates.

A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.

×：RA creates the certificate and CA signs it.

Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.

×：RA signs certificates.

The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.

×：The user signs the certificate.

Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.

〇：Approval of the attack to the target organization

Permission must be obtained from the target organization for the attack during the planning phase. Even though it is a test, it takes an action that is similar to an attack. During the implementation, the target system cannot be updated, so approval must be obtained. We also need to understand the system to be penetrated in great detail, so that the information itself is not leaked to the outside world. Also, a successful intrusion will indicate that the system has been compromised. It is necessary to make an arrangement such as not waiting until a report is generated to inform the company of the situation. Therefore, the correct answer is “Approval of attack on the target organization.

×：Share the target organization’s design documents.

This is done as necessary. Although there are various design documents, detailed design documents such as detailed design documents and program design documents are generally not presented, but only the usage of the service and basic server configuration are generally shared.

×：Confirmation of OS version

As a rule, this is not done. Penetration testing is generally conducted from the investigation of the attack. In particular, there are few cases where the OS version is informed to the penetration tester.

×：Deployment of the attack tools to be used

It is not uncommon for attack tools to be deployed from the organization that possesses the system that is the target of the penetration. This in itself is an act of limiting the attack methods, as it does not constitute a realistic test.

〇：Provisioning accounts, modifying accounts, auditing account usage, and deactivating accounts.

All phases of the authenticated access lifecycle should be considered. Access should not be granted without proper instructions, nor should access be granted or denied without expected authorization. Suspension of access must also be auditable.

×：Provisioning or adding accounts, changing accounts, and suspending accounts.

Incorrect because it does not include auditing of account usage.

×：Adding an account, deleting an account, or deleting a user’s data.

Incorrect because deletion of user data may conflict with data retention requirements.

×：Verifying account passwords, checking account usage, and deleting accounts.

Incorrect because it is merely an authentication step and not related to account management.

〇：Capability Maturity Model Integration

Capability Maturity Model Integration (CMMI) is a comprehensive set of integration guidelines for developing products and software. It addresses the various phases of the software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operation, maintenance, and what should happen at each stage. The model describes the procedures, principles, and practices underlying the maturation of the software development process. It was developed to help software vendors improve their development processes. It will improve software quality, shorten the development life cycle, create and meet milestones in a timely manner, and adopt a proactive approach rather than a reactive approach that is less effective.

×：Software Development Life Cycle

Incorrect because the Software Development Life Cycle (SDLC) describes how a system should be developed and maintained throughout its life cycle and does not involve process improvement.

×：ISO/IEC 27002

Incorrect because ISO/IEC 27002 is an international standard that outlines how the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) create and maintain an organizational information security management system (ISMS). ISO/IEC 27002 has a section dealing with the acquisition, development, and maintenance of information systems, but does not provide a process improvement model for software development.

×：Certification and Accreditation Process

This is incorrect because the certification and accreditation (C&A) process handles testing and evaluation of systems against predefined criteria. This has nothing to do with improving the software development process.

Service Organization Control (SOC) is a rule established by the American Institute of Certified Public Accountants (AICPA) to assure the internal control of the party contracted to perform services. Sometimes, work is contracted out to other firms. In order to guarantee the quality of its own work, the company that is contracted to perform the work must also have appropriate controls in place. For this reason, we check the internal control of the outsourcing company to which the work is outsourced.

• SOC-1 (Internal Control over Financial Reporting (ICFR)) Audits the accounting of the trustee company.
  SOC-2 (Trust Services Criteria): Checks security and other controls other than accounting for the fiduciary company. Usually takes six months to complete.
  SOC-3 (Trust Services Criteria for General Use Report) Confirms security and other controls other than accounting for unspecified persons (users).

Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.

The Health Insurance Interoperability and Accountability Act (HIPAA) has three rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. The rules mandate administrative, physical, and technical safeguards.

〇：Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is an access control that enforces access privileges by pre-classifying resources into levels. There are several types of access rights to data files. There are several types of access rights to data files: the user of the data file, the owner who creates the data file, and the administrator who decides which owner can create the data. SELinux, TOMOYO Linux, Trusted BSD, and Trusted Solaris are methods used by MACs.

×：Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is an access control method that allows the owner of an access target to change access privileges.

×：Role Access Control (RAC)

There is no such term. A close equivalent is role-based access control, which divides accounts by role and applies access control to those roles.

×：Voluntary Access Control (VAC)

There is no such term.

〇：To issue ethics-related statements on the use of the Internet.

The Internet Architecture Board (IAB) is the coordinating committee for the design, engineering, and management of the Internet. It is responsible for monitoring and appealing Internet Engineering Task Force (IETF) activities, the Internet standards process, and the architecture of Request for Comments (RFC) editors. The IAB issues ethics-related statements on the use of the Internet. The Internet is a resource that depends on availability and accessibility and is considered useful to a wide range of people. Primarily, irresponsible behavior on the Internet may threaten its existence or adversely affect others.

×：Develop guidelines for criminal sentencing.

The IAB is incorrect because it has nothing to do with the Federal Court Guidelines, which are the rules judges use in determining the appropriate punitive sentence for certain felonies or misdemeanors committed by individuals or businesses. The Guidelines serve as the uniform sentencing policy for entities committing felonies and/or gross misdemeanors in the U.S. federal court system.

×：Edit RFC.

The Internet Architecture Board is responsible for editing RFCs (Request for Comments), which is incorrect because this task is not ethics-related. This answer is a distraction.

×：Maintain the Ten Commandments of Computer Ethics.

This is incorrect because the Institute for Computer Ethics, not the IAB, develops and maintains the Ten Commandments of Computer Ethics. The Institute for Computer Ethics is a non-profit organization that works to advance technology through ethical means.

〇：Test the restore procedure.

The ability to successfully restore from a backup must be tested periodically. Therefore, the correct answer is: “Test the restore procedure.” will be

×：Ensure that all user data is backed up.

Making copies of user data is important, but copies are useless unless it is ensured that the copies can be restored.

×：Back up the database management system (DBMS) to your own specifications.

While it is a good idea to use measures to meet the proprietary specifications of the DBMS to ensure that transactional copies are usable, those copies will not be trusted unless the restores are tested.

×：Ensure that the backup log files are complete.

Monitoring backup logs for completion is good operational practice, but it is wrong because it is no substitute for regular testing of the backups themselves and their ability to truly recover from data loss.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

〇：Subject

The functionality table identifies the access rights that a particular subject owns with respect to a particular object. Each subject is mapped for a function (capability) such as read or write perform. Therefore, the subject is the one that seems to fit in the choices.

×：Objects

Incorrect because the Object is bound to an Access Control List (ACL), not a functional component.

×：Product

Product is incorrect because it is just an example to implement a subject, object, or feature table.

×：Application

Application is incorrect because it is just a concrete example of an object.

CIA stands for Confidentiality, Integrity, and Availability.

〇：The format of the audit log is unknown and is not available to the intruder in the first place.

Audit tools are technical controls that track activity within a network, on a network device, or on a specific computer. Auditing is not activity that denies an entity access to a network or computer, but it tracks activity so that the security administrator can understand the type of access made, identify security violations, or alert the administrator of suspicious activity. This information points out weaknesses in other technical controls and helps the administrator understand where changes need to be made to maintain the required level of security within the environment. Intruders can also use this information to exploit these weaknesses. Therefore, audit logs should be protected by controls on privileges, permissions, and integrity, such as hashing algorithms. However, the format of system logs is generally standardized for all similar systems. Hiding the log format is not a normal measure and is not a reason to protect audit log files.

×：If not properly protected, audit logs may not be admissible during prosecution.

This is incorrect because great care must be taken to protect audit logs in order for them to be admissible in court. Audit trails can be used to provide alerts about suspicious activity that can be investigated later. In addition, it is useful in determining exactly how far away the attack took place and the extent of any damage that may have occurred. It is important to ensure that a proper chain of custody is maintained so that all data collected can be properly and accurately represented in case it needs to be used in later events such as criminal proceedings or investigations.

×：Because audit logs contain sensitive data, only a specific subset of users should have access to them.

This is incorrect because only administrators and security personnel need to be able to view, modify, and delete audit trail information. Others cannot see this data and can rarely change or delete it. The use of digital signatures, message digest tools, and strong access controls can help ensure the integrity of the data. Its confidentiality can be protected with encryption and access control as needed, and it can be stored on write-once media to prevent data loss or tampering. Unauthorized access attempts to audit logs should be captured and reported.

×：Intruders may attempt to scrub logs to hide their activities.

If an intruder breaks into your home, do your best to leave no fingerprints or clues that can be used to link them to criminal activity. The same is true for computer fraud and illegal activity. Attackers often delete audit logs that hold this identifying information. In the text, deleting is described as scrubbing. Deleting this information may alert administrators to an alert or perceived security breach and prevent valuable data from being destroyed. Therefore, audit logs should be protected by strict access controls.

The Clipper chip is a chipset developed by the National Security Agency (NSA) and implemented as an encryption device that protects “voice and data messages” as an embedded backdoor. It used SkipJack, a block cipher.

〇：The client generates a session key and encrypts it with a public key.

Transport Layer Security (TLS) uses public key cryptography to provide data encryption, server authentication, message integrity, and optionally client authentication. When a client accesses a cryptographically protected page, the web server initiates TLS and begins the process of securing subsequent communications. The server performs a three-handshake to establish a secure session. After that, client authentication with a digital certificate, as the case may be, comes in. The client then generates a session key, encrypts it with the server’s public key, and shares it. This session key is used as the symmetric key for encrypting the data to be transmitted thereafter. Thus, the correct answer is: “The client generates a session key and encrypts it with the public key.” will be

×：The server generates the session key and encrypts it with the public key.

The server does not encrypt with the public key.

×：The server generates a session key and encrypts it with the private key.

Even if encryption is performed from the server side, it can be decrypted with the public key, so it is not structurally possible.

×：The client generates a session key and encrypts it with its private key.

The client side does not have the private key.

〇：The security kernel implements and executes the reference monitor

The Trusted Computing Base (TCB) is a complete combination of protection mechanisms for a system. These are in the form of hardware, software, and firmware. These same components also comprise the security kernel. Reference monitors are access control concepts implemented and enforced by the security kernel via hardware, software, and firmware. In doing so, it ensures that the security kernel, the subject, has the proper permissions to access the object it is requesting. The subject, be it a program, user, or process, cannot access the requesting file, program, or resource until it is proven that it has the proper access rights.

×：The reference monitor is the core of the Trusted Computing Base (TCP), which is comprised of the security kernel.

This is incorrect because the reference monitor is not the core of the TCB. The core of the TCB is the security kernel, and the security kernel implements the concepts of the reference monitor. The reference monitor is a concept about access control. It is often referred to as an “abstract machine” because it is not a physical component.

×：The reference monitor implements and executes the security kernel.

The reference monitor does not implement and execute the security kernel, which is incorrect. On the contrary, the security kernel implements and executes the reference monitor. The reference monitor is an abstract concept, while the security kernel is a combination of hardware, software, and firmware in a trusted computing base.

×：The security kernel, i.e., the abstract machine, implements the concept of a reference monitor.

This is incorrect because abstract machine is not another name for security kernel. Abstract machine is another name for the reference monitor. This concept ensures that the abstract machine acts as an intermediary between the subject and the object, ensuring that the subject has the necessary rights to access the object it is requesting and protecting the subject from unauthorized access and modification. The security kernel functions to perform these activities.

〇：Considering an architecture that can handle health information.

Carol is a systems engineer and is expected to explore systemic realities. It is likely that she is deviating from her role to preemptively explain why it cannot be done systemically, to modify approvals other than the system configuration, or to initiate legal work. The correct answer, therefore, is, “Think about an architecture that can handle health information.” The correct answer would be

×：To address the dangers of handling health information in the system.

The basic stance of a system engineer is to obtain feasibility as a system. Although it is necessary to supplement the danger to the proposed idea, appealing the danger should not be the main purpose.

×：Obtaining permission to entrust health information from a medical institution.

A contract should be signed and the legal scope of responsibility should be clarified. This is outside the scope of the system engineer’s scope.

×：To prepare a written consent to use for handling health information.

It is necessary to obtain consent for end users before using the service, and the scope of legal responsibility needs to be clarified. This is outside the scope object of the system engineer’s scope.

Onion routing is characterized by multiple layers of encryption because encryption is applied each time it passes through a router. However, there is no security feature at the final router because all encryption is decrypted at the final point of the router and becomes plaintext.

〇：DOM-based

Mary exploits a cross-site scripting (XSS) vulnerability called Document Object Model (DOM) Local Cross-Site Scripting.The DOM is a standard structural layout for representing HTML and XML documents in a browser. In such attacks, components of the document such as form fields and cookies can be referenced via JavaScript. The attacker uses the DOM environment to modify the client-side JavaScript. The result is to cause the victim’s browser to execute malicious JavaScript code. The most effective way to prevent these attacks is to disable scripting support in the browser.

×：Secondary

Secondary, or persistent XSS vulnerabilities are incorrect because they target websites that populate databases or data stored elsewhere, such as forums or message boards.

×：Persistent

Persistent XSS vulnerability is incorrect because it is simply another name for a secondary vulnerability.

×：Non-Persistent

A non-persistent XSS vulnerability, called a reflection vulnerability, is incorrect because it uses a malicious script to open a programmed URL in order to steal sensitive information from someone who holds cookies, etc. The principle behind this attack lies in the lack of proper input or output validation on dynamic websites.

〇：PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a framework to avoid personal information leakage when making electronic payments. Therefore, the correct answer is “PCI DSS.

By the way, if you were to ask, “Which of the following are possible?” I am tempted to argue that other frameworks may be used as well. However, in the CISSP exam, you may have to choose “the most plausible” option in some cases. Therefore, we have used this phrase.

×：HITECH

The Health Information Technology for Economic and Clinical Health Act (HITECH) is an enhanced version of HIPPA that applies not only to data management but also to health care business associates.

×：OCTAVE

OCTAVE is one of the risk assessment frameworks introduced in CERT.

×：COBIT

COBIT is a framework for measuring the maturity of a company’s IT governance. It was proposed by the Information Systems Control Association of America (ISACA) and the IT Governance Institute (ITGI).

〇：Multiple major and used usages should be screened to make sure they work on the target browsers.

If the service is for BtoC, it is considered that more target users should be supported.

×：It should be checked if it works on a particular browser.

User cases that do not work on certain browsers may occur after release.

×：Confirm that it works on the most secure browser.

If it is secure, it is expected to work in the most restricted of browsers.

In reality, however, browser specifications also vary, including browser backs and terminals.

×：Make sure it works on OS-standard browsers.

Browsers are not just OS standard. In reality, end users also download and use their favorite browsers from app stores.

A structured change management process must be established to direct staff to make appropriate configuration changes. Standard procedures keep the process under control and ensure that it can be implemented in a predictable manner. Change management policies should include procedures for requesting changes, approving changes, documenting, testing and viewing changes, implementing, and reporting changes to management. The configuration management change control process is not typically associated with service level agreement approvals.

〇：Check for errors caused by principal code modifications.

Regression testing finds defects after code changes have occurred. It looks for reduced or lost functionality, including old bugs. Therefore, the correct answer is: “Check for errors due to changes in the main code.” will be.

×：Install the developed software on the customer’s hardware.

This is not a test, but part of the release.

×：Checking the detection and processing when faced with a failure.

This is so-called troubleshooting and is accomplished by handing over the operational plan and procedures to the operations team.

×：Checking the interfaces of software components.

This is testing against the interface and is performed as part of the test items for internal and external coupling tests.

〇：Make the mail relay server available to everyone.

This is a question of choosing the “ineffective” one. An open mail relay server is not an effective countermeasure against spam. In fact, spammers often use spammers to distribute spam, because the attackers can hide their identities. An open mail relay server is an SMTP server configured to allow inbound SMTP connections from anyone on the Internet, and many relays are properly configured to prevent attackers from distributing spam and pornography. Thus, the correct answer is “have an email relay server available to everyone.” will be.

×：Build a properly configured mail relay server.

A properly configured mail relay server can also suppress spam mail.

×：Perform filtering at the e-mail gateway.

Filtering emails that are considered spam mail at the gateway will help to prevent spam mail.

×：Filtering at the client.

Filtering spam mail at the client, i.e., in a mailing application such as Outlook, is considered to be a countermeasure against spam mail.

〇：OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

×：TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

×：Data link model

There is no such model.

×：Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

〇：Review the schedule.

Unit testing is testing to confirm that the developed module works as a stand-alone unit. Acceptance testing is testing to make sure that the customer who ordered the development actually uses it and is satisfied with it. Acceptance testing cannot take the place of unit testing. It is not upward compatible as a test, and the perspectives are different. Therefore, the correct answer is “Review the schedule.” The correct answer is “Review the schedule.

×：Unit testing is not performed for the sake of work efficiency.

It does not mean that unit tests are not performed.

×：Increase the number of items in the acceptance test for the unit test that could not be done.

The items that should have been done in the actual unit test are simply accounted for as acceptance tests, and the unit test is not considered to have been completed. This is an action that is close to concealment.

×：Report to your supervisor.

You are in charge of project management.

〇：Risk Mitigation

Risk can be addressed in four basic ways: transfer, avoidance, mitigation, and acceptance. Sue reduces the risk posed by her e-mail system by implementing security controls such as antivirus and anti-spam software. This is also referred to as risk mitigation, where risk is reduced to a level considered acceptable. Risk can be mitigated by improving procedures, changing the environment, erecting barriers to threats, and implementing early detection techniques to stop threats when they occur and reduce damage.

×：Risk Acceptance

This is inappropriate because risk acceptance does not involve spending on protection or countermeasures such as anti-virus software. When accepting a risk, one should be aware of the level of risk faced and the potential damage costs and decide to keep it without implementing countermeasures. If the cost/benefit ratio indicates that the cost of countermeasures exceeds the potential losses, many companies will accept the risk.

×：Risk Avoidance

Wrong because it would mean discontinuing the activity that is causing the risk. In this case, Sue’s firm decides to continue using e-mail. A company may choose to terminate an activity that introduces risk if the risk outweighs the business needs of the activity. For example, a company may choose to block social media websites in some departments because of the risk to employee productivity.

×：Risk Transfer

This is incorrect because it involves sharing risk with other entities, as in the purchase of insurance to transfer some of the risk to the insurance company. Many types of insurance are available to firms to protect their assets. If a company determines that its total or excess risk is too high to gamble, it can purchase insurance.

〇：To create an overview of business functions and systems

Outlining business functions and systems is not a reason to create and execute a disaster recovery plan. While these tasks are likely to be accomplished as a result of the disaster recovery plan, they are not a valid reason to implement the plan compared to other answers to the question. Usually occurring during the planning process, simply outlining business functions and systems is not enough to develop and implement a disaster recovery plan.

×：To create post-disaster recovery procedures

It is not correct to develop and implement a disaster recovery plan because providing post-disaster recovery procedures is a good reason to do so. In fact, this is exactly what a disaster recovery plan provides. The goal of disaster recovery is to take the necessary steps to minimize the impact of a disaster and ensure that resources, personnel, and business processes can resume operations in a timely manner. The goal of a disaster recovery plan is to handle the disaster and its consequences in the immediate aftermath.

×：To back up data and create backup operating procedures

Inappropriate, because not only backing up data but also extending backup operations is a good way to develop and implement a disaster recovery plan. When considering a disaster recovery plan, some companies focus primarily on backing up data and providing redundant hardware. While these items are very important, they are only a small part of a company’s overall operations. Hardware and computers need people to configure and operate them, and data is usually not useful unless it can be accessed by other systems or outside entities. All of these may require backups as well as data.

×：To establish emergency response procedures

This is incorrect because there are good reasons to establish and implement a disaster recovery plan, and providing emergency response procedures is a valid reason. Disaster recovery plans are implemented when everything is in emergency mode and everyone is scrambling to get all critical systems back online. Carefully written procedures will make this entire process much more effective.

Translated with www.DeepL.com/Translator (free version)

〇：Zero Knowledge Proof

Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.

×：Key Clustering

Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.

×：Avoiding Birthday Attacks

An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.

×：Provides data confidentiality

Provided via encryption when data is encrypted with a key, which is incorrect.

Carrier Sense Multiple Access Collision Detection (CSMA / CD) is used for systems that can transmit and receive simultaneously, such as Ethernet. If two clients listen at the same time and make sure the line is clear, both may transmit at the same time, causing a collision. Collision Detection (CD) is added to solve this scenario. The client checks to see if the line is idle and transmits if it is idle. If in use, they wait for a random time (milliseconds). During transmission, they monitor the network and if more input is received than transmitted, another client is also transmitting and sends a jam signal instructing other nodes to stop transmitting, wait a random time and then start transmitting again.

〇：Extraction of data shared with unauthorized entities

This is a problem of selecting unrelated items. Extraction of data shared with unauthorized entities is a confidentiality issue. Although it is complicatedly worded, the operations on the data are unauthorized and extraction, and none of them include the destruction of data, which is the primary focus of integrity. Therefore, the correct answer is “extraction of data shared with unauthorized entities.

In solving this problem, it is not necessary to know what an entity is. The focus is on whether any modification or destruction has taken place.

×：Unauthorized manipulation or alteration of data

Mistake. Because integrity is associated with unauthorized manipulation or alteration of data. Integrity is maintained when unauthorized modification is prevented. Hardware, software, and communication mechanisms must work together to correctly maintain and process data and move data to its intended destination without unexpected changes. Systems and networks must be protected from outside interference and contamination.

×：Unauthorized data modification

Unauthorized data modification is a mistake as it relates to integrity. Integrity is about protecting data, not changing it by users or other systems without authorization.

×：Intentional or accidental data substitution

Incorrect because intentional or accidental data substitution is associated with integrity. Integrity is maintained when assurances of the accuracy and reliability of information and systems are provided along with assurances that data will not be tampered with by unauthorized entities. An environment that enforces integrity prevents attacks, for example, the insertion of viruses, logic bombs, or backdoors into the system that could corrupt or replace data. Users typically incorrectly affect the integrity of the system and its data (internal users may also perform malicious acts). For example, a user may insert incorrect values into a data processing application and charge a customer $3,000 instead of $300.

War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.

Within the U.S. military complex and national security apparatus, the most common names for data classification become unclassified and classified. “Classified” information includes classified, critical secret, and top secret (Top Secret). Classified data is data that, if improperly disclosed, could harm national security. Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security. Finally, Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security.

Gates and fences are used as physical deterrents and preventative measures. Fences as small as 3 feet can be a deterrent, but as tall as 8 feet can be a deterrent and prevention mechanism. The purpose of the fence is to limit the routes in and out of the facility so that they occur only through doors, gates, and turnstiles.

Stored data is data that is stored on a disk or other media. Transmitted data is data flowing over a network. Used data is data that is in memory, cache, etc. and in use. Just because it is being transported by truck does not make it data that is being transferred. Therefore, “stored data” is the correct answer.

The expected annual loss amount is the value of losses that could occur in the future, equalized on an annual basis based on the frequency of occurrence. Therefore, it is the Single Loss Expectancy (SLE) multiplied by the annual frequency of occurrence (ALO).

〇：Vulnerability assessments can help prioritize weaknesses that need to be addressed.

The most important aspect of an internal or third-party vulnerability assessment is that it can enumerate all potential vulnerabilities a company has and prioritize corrective actions.

×：Third-party security audits are only required if regulations require it.

Even if some organizations do not require an independent review, it can often help find minor weaknesses that might have been overlooked.

×：Vulnerability assessments and penetration tests are essentially the same.

A vulnerability assessment is wrong because it enumerates all weaknesses and ensures that countermeasures are properly prioritized. Penetration testing aims to examine the likelihood that a real-world attacker will exploit a given weakness to achieve a goal.

×：Internal assessments are of little value.

Internal audits of enterprise security are usually not sufficient and can be very beneficial when conducted in conjunction with third-party reviews. However, it can often help find minor weaknesses that may have been overlooked.

〇：Brewer-Nash Model

The Chinese Wall Model is a security model that focuses on the flow of information within an organization, such as insider trading. Insider trading occurs when inside information leaks to the outside world. In reality, information can spread to unexpected places as it is passed on orally to unrelated parties. In order to take such information flow into account, access privileges are determined in a simulation-like manner. Therefore, the correct answer is the “Chinese Wall Model (Brewer-Nash Model).

×：Lattice-based Access Control

Lattice-based access control is to assume that a single entity can have multiple access rights and to consider access control as all possible relationships under a certain condition.

×：Biba Model

The Biba model is a security model that indicates that data cannot be changed without permission.

×：Harrison-Ruzzo-Ullman Model

The Harrison-Ruzzo-Ullman model is a model that aggregates the eight rules of the Graham-Denning model into six rules using an access control matrix.

Awareness is to inform the organization’s members of the information they already have in order to make them more vigilant again. Tranning is the input of information that is unknown to the members of the organization. Therefore, the difference between awareness-raising and tranning is whether the target audience is already aware of the information.

〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

〇：Can be the cheapest of the off-site options, but can create many security problems due to mixed operations.

Reciprocal agreements, also called mutual aid, mean that Company A agrees to allow Company B to use its facilities if Company B suffers a disaster, and vice versa. While this is a less expensive way to move than other off-site alternatives, it is not always the best choice. In most environments, the facility has reached its limits regarding the use of space, resources, and computing power. To allow different firms to come in and operate out of the same store could be detrimental to both firms. The stress of both companies working in the same environment can cause tremendous levels of tension. If that did not work out, it would provide the only short-term solution. Configuration management could be a nightmare, and mixing operations could result in many security problems. Reciprocal agreements have been known to work well for certain companies, such as newsprint. These firms require very specific technology and equipment that is not available through any subscription service. For most other organizations, reciprocity agreements are, at best, generally a secondary option for disaster protection.

×：Fully set up and ready to operate within a few hours is the most expensive of the off-site options.

This is a description of a hot site.

×：Inexpensive option, but takes the most time and effort to get up and running after a disaster.

Explanation for cold sites.

×：A good alternative for companies that rely on proprietary software, but regular annual testing is usually not available.

This is incorrect as it describes with respect to companies that depend on proprietary software. Having proprietary software in a shared space with other vendors is basically undesirable from the standpoint of license agreements involved.

〇：Used in structured languages, it decreases development time but is somewhat resource intensive.

Third generation programming languages are easier to deal with than their predecessors. They reduce program development time and allow for simplified and quick debugging. However, these languages are more resource intensive when compared to second generation programming languages.

×：Intuitive manipulation of programming reduces effort, but the amount of manual coding for specific tasks tends to be greater than in previous generations.

The advantages and disadvantages of 4th generation programming are explained below. It is true that the use of heuristics in fourth generation programming languages has greatly reduced programming effort and errors in the code. However, there is something untrue about the fact that the amount of manual coding is more than required of 3rd generation languages.

×：The use of binaries for coding is very time consuming, but the potential for errors is reduced.

This is incorrect because it is a description of a machine language and implies the advantages and disadvantages of a first generation programming language.

×：It contributes to decreasing programming processing time, but knowledge of machine structures is essential.

Incorrect because it describes second generation programming languages. These languages require extensive knowledge of machine architecture and the programs written in them are only for specific hardware.

〇：Differential Backup

Backups can be taken in full, differential, or incremental. Most files are not changed daily to save very much time and resources, and it is better to develop a backup plan that does not back up for data that is not continually changing. In backup software, when a file is modified or created, the file system sets the archive bit and the backup software determines if that file should be backed up. A differential backup backs up files that have changed since the last full backup.

×：Incremental Backup

An incremental backup backs up all data that has changed since the last backup.

×：Full Backup

A full backup backs up the entire database or the entire system.

×：Partial Backup

Not in the backup category.

〇：Trojan Horse

A Trojan horse is a seemingly harmless piece of malware that is contagious. Have you ever downloaded a nasty image and suddenly your computer stopped working?

×：Spyware

Spyware is malware that looks harmless when it does its evil. It secretly takes information from your computer to the outside.

×：Virus

Viruses are malware that can spread without user intervention and attach itself to other programs. It looks harmless but does not match in that it downloads applications.

×：Data diddlers

A data diddler is malware that gradually changes data over time.

〇：Unified Threat Management

Unified Threat Management (UTM) appliance products have been developed to provide firewall, malware, spam, IDS / IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting in computer networks.

Since this question asks for a definition of Unified Threat Management that is unfamiliar or not even mentioned in the course material, it is inefficient to buy and study a new book just to get this score. To avoid ending up with “I don’t know = I can’t solve it,” be sure to develop the habit of choosing a “better answer.

If you think in terms of the classification Concepts/Standards > Solutions/Implementation Methods, ISCM (NIST SP800-137) and centralized access control systems are the former, while Unified Threat Management and cloud-based security solutions are the latter. Therefore, it is still better to bet on unified threat management and cloud-based security solutions.

×：ISCM (NIST SP800-137)

Because continuous monitoring in the security industry is most commonly Information Security Continuous Monitoring ISCM (NIST SP800-137), which enables companies to gain situational awareness, continuous awareness of information security, vulnerabilities, and threats to support business risk management decisions , is incorrect.

×：Centralized Access Control System

Wrong because a centralized access control system does not attempt to combine all of the security products and capabilities mentioned in the issue. A centralized access control system is used so that its access control can be enforced in a standardized manner across different systems in a network environment.

×：Cloud-based security solutions

Cloud-based security solutions include security managed services that allow an outsourced company to manage and maintain a company’s security devices and solutions, but this is not considered a cloud-based solution. The cloud-based solution provides the infrastructure environment, platform, or application to the customer so that the customer does not have to spend time and money maintaining these items themselves.

〇：That the identity of the public official has been properly verified.

FIPS 201-2 establishes U.S. government standards for personal identity verification (PIV) and gives various requirements for assurance. Access to restricted information by government employees and contracting agents depends on their level of clearance and need to know it, but first the government must assure the individual that they are who they say they are.

×：That government employees are properly cleared for the work to which they are assigned.

Government employees must be properly cleared for the information to which they have been granted access, and therefore true identification must be available for review and verification prior to such access.

×：Government employees are only allowed access to data at their clearance level.

This is wrong because government employees only need to get acquainted and have access to the information they need to access. But again, this must be based on a clear level of assurance that the clearance they possess is valid.

×：That the data to which public officials have access is properly classified.

This is incorrect because the classification of data is not directly related to the validation of personal information.

There are many different types of distributed denial of service (DDoS) attacks; there is no IPSec flood; UDP flood, SYN flood, and MAC flood are all distributed denial of service (DDoS) attacks.

〇：Diameter

Diameter is an authentication, authorization, and audit (AAA) protocol that not only provides the same kind of functionality as RADIUS and TACACS, but also offers more flexibility and capabilities to meet the emerging demands of today’s complex and diverse networks. Once all remote communication is done via Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) connections, users can authenticate themselves via Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) to authenticated. The technology has become much more complex and there are multiple devices and protocols to choose from over the ever increasing Diameter protocol, Mobile IP, PPP, Voice over IP (VoIP), and other over Ethernet, wireless devices, smart phones, and other devices can authenticate themselves to the network using roaming protocols.

×：Watchdog

Watchdog timers are wrong because such processes are generally used to detect software failures such as abnormal termination or hangs. The watchdog function sends out “heartbeat” packets to determine if the service is responding. If not, the process can be terminated or reset. These packets help prevent software deadlocks, infinite loops, and process prioritization problems. This feature can be used in the AAA protocol to determine if a packet needs to be retransmitted and if a problem occurs and the connection should be closed and reopened, but it is not in the access control protocol itself.

×：RADIUS

Remote Authentication Dial-In User Service (RADIUS) is wrong because it is a network protocol and provides client/server authentication, authorization, and auditing for remote users.

×：TACACS

Terminal Access Controller Access Control System Plus (TACACS ) is incorrect because it provides essentially the same functionality as RADIUS.

〇：Social Engineering

Social engineering is an attack that invites human error rather than system. It occurs regardless of system architecture and installed software.

×：DDoS Attacks

A DDoS attack is a mass DoS attack against a target website or server from multiple computers.

×：Ransomware

Ransomware is malware that freezes data by encrypting it and demands a ransom from the owner.

×：Zero-day attacks

A zero-day attack is an attack on a vulnerability that was disclosed before it was fixed.

〇：Trademarks

Intellectual property can be protected by several different laws, depending on the type of resource. Trademarks are used to protect words, names, symbols, sounds, shapes, colors, or combinations of these, such as logos. The reason a company registers one of these trademarks, or a combination of these trademarks, is to represent their company (brand identity) to the world. Therefore, the correct answer is “trademark”.

×：Patent

A patent is a monopoly right to use a technology for something that is very difficult to invent, such as a medicine.

×：Copyright

A copyright is a right to something that is not technical, such as music or a book, but something that is thought up and created.

×：Trade Secrets

Trade secrets are information that is useful and confidential as a business activity, such as customer information, product technology and manufacturing methods.

〇：Council of Europe Convention on Cybercrime

The Council of Europe (CoE) Convention on Cybercrime is an example of an attempt to create a standard international response to cybercrime. It is the first international treaty to address computer crime by coordinating national laws and improving investigative techniques and international cooperation. The treaty’s objectives include creating a framework to bind the jurisdiction of the accused and the perpetrators of the crimes. For example, extradition is possible only if the case is a crime in both countries.

×：World Congress Council on Cybercrime

The World Congress Council on Cybercrime is misleading and therefore wrong. The official name of the Convention is the Council of Europe’s Convention on Cybercrime. It establishes comprehensive legislation against cybercrime and serves as a framework for international cooperation among the signatories to the Convention to guide all countries.

×：Organization for Economic Cooperation and Development (OECD)

Image C is wrong because the Organization for Economic Cooperation and Development (OECD) is an international organization that brings together different governments to help address the economic, social, and governance challenges of a globalized economy. For this reason, the OECD has developed national guidelines to ensure that data is properly protected and that everyone adheres to the same kinds of rules.

×：Organization for Cooperation and Development in Cybercrime

Organization for Cooperation and Development of Cybercrime is the wrong answer. There is no formal entity of this name.

Disk mirroring means writing the same data to multiple hard disks; a RAID (Redundant Array of Independent Disks) controller must write all data twice, requiring at least two disks. Disk striping can also be provided when parity is used, but disk striping alone cannot provide redundancy.

HIPAA covered entities and the organizations and individuals who assist them in their business are treated in the same manner as HIPAA covered entities. Health care providers, health information clearinghouses, and health insurance plans are covered entities. Developers of health apps are responsible as programmers rather than holders or plan holders of bodily information. They may not be covered by HITECH, which focuses on how body information is managed. Therefore, the correct answer is “health app developer”.

It is not necessary to know the detailed HITECH requirements. You can classify them based on whether or not you are dealing with information and answer the questions by process of elimination.

〇：VLAN

Virtual LANs (VLANs) allow logical isolation and grouping of computers based on resource requirements, security, or business needs, despite the standard physical location of the system. Computers in the same department configured on the same VLAN network can all receive the same broadcast messages, allowing all users to access the same types of resources regardless of their physical location.

×：Open Network Architecture  

Open network architecture is wrong because it describes the technology that can configure a network; the OSI model provides a framework for developing products that operate within an open network architecture.

×：Intranet

Incorrect because an intranet is a private network used by a company when it wants to use Internet and Web-based technologies in its internal network.

×：VAN  

Incorrect because a Value Added Network (VAN) is an electronic data interchange (EDI) infrastructure developed and maintained by a service bureau.

〇：Organization for Economic Cooperation and Development

Almost every country has its own set of rules regarding what constitutes private data and how it should be protected. With the advent of the digital and information age, these different laws have begun to adversely affect business and international trade. Thus, the Organization for Economic Cooperation and Development (OECD) created guidelines for different countries to ensure that data is properly protected and that everyone follows the same rules.

×：COSO

An organization that studies fraudulent financial reporting and which elements lead to them is fraudulent because the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was established in 1985. The acronym COSO refers to a model of corporate governance that addresses IT at the strategic level, corporate culture, and financial accounting principles.

×：COBIT (Control Objectives for Information and Related Technology)

Incorrect, as this framework defines control objectives to ensure that IT is properly managed and that IT is responsive to business needs. It is an international open standard that provides control and security requirements for sensitive data and reference frameworks.

×：International Organization for Standardization (ISO)

Incorrect because it is an international standards organization composed of representatives of national standards bodies. Its purpose is to establish global standardization. But its standardization goes beyond the privacy of data moving across international borders. For example, some standards address quality control; others address assurance and security.

〇：Striping

RAID redundant arrays is a technology used for redundancy and performance. It combines multiple physical disks and aggregates them into a logical array; RAID appears as a single drive to applications and other devices. With striping, data is written to all drives. With this activity, data is split and written to multiple drives. Since multiple heads are reading and writing data at the same time, write and read performance is greatly improved.

×：Parity

Parity is used to reconstruct corrupted data.

×：Mirroring

Writing data to two drives at once is called mirroring.

×：Hot Swap

Hot swap refers to a type of disk found on most RAID systems. A RAID system with hot-swap disks allows the drives to be swapped out while the system is running. When a drive is swapped out or added, parity data is used to rebuild the data on the new disk that was just added.

〇：Increased Processing Power

The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.

×：Increased circuitry, cache memory, and multiprogramming

This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.

×：Dual-mode computation

The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.

×：Direct Memory Access I/O

Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.

Clustering is designed for fault tolerance. It is often combined with load balancing, but they are essentially separate. Clustering can make an operation active/active. On top of that, the load balancing feature handles traffic from multiple servers. Active/passive, on the other hand, has a designated primary active server and a secondary passive server, with the passive sending keep-alives or heartbeats every few seconds.

〇：The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.

Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.

There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer

×：The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.

IaaS Description.

×：The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.

This is a description of the operational benefits of cloud computing. It is not a definition.

×：The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.

SaaS Description.

〇：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.

Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.

A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.

〇：Disk Redundancy

Information that is required to be available at all times must be mirrored or duplexed. In both mirroring (also called RAID 1) and duplexing, all data write operations are performed simultaneously or nearly simultaneously at multiple physical locations.

×：Direct Access Storage

Direct access storage is incorrect because it is a general term for magnetic disk storage devices traditionally used in mainframe and minicomputer (midrange computer) environments. RAID is a type of direct access storage device (DASD).

×：Striping

Incorrect because the technique of striping is used when data is written to all drives. This activity splits the data and writes it to multiple drives. Write performance is not affected, but read performance is greatly improved because multiple heads are getting data at the same time. Parity information is used to reconstruct lost or corrupted data. Striping simply means data; parity information may be written to multiple disks.

×：Parallel Processing

Parallel processing is incorrect because a computer has multiple processing units built into it to execute multiple streams of instructions simultaneously. While mirroring may be used to implement this type of processing, it is not a requirement.

〇：IGRP

The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.

×：RIP  

Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.

×：BGP

Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.

×：OSPF  

OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.

〇：Security Management Committee

Steve serves on the Security Steering Committee, which is responsible for making decisions on tactical and strategic security issues within the company. The committee consists of individuals from across the organization and should meet at least quarterly. In addition to the responsibilities outlined in this question, the Security Steering Committee is responsible for establishing a clearly defined vision statement that supports it in cooperation with the organizational intent of the business. It should provide support for the goals of confidentiality, integrity, and availability as they relate to the business goals of the organization. This vision statement should be supported by a mission statement that provides support and definition to the processes that apply to the organization and enable it to reach its business goals.

Each organization may call it by a different name, or they may be entrusted with a series of definition-to-approval processes for security. In this case, the term “operations” is the closest that comes to mind.

×：Security Policy Committee

This is incorrect because senior management is the committee that develops the security policy. Usually, senior management has this responsibility unless they delegate it to an officer or committee. The security policy determines the role that security plays within the organization. It can be organizational, issue specific, or system specific. The Governing Board does not directly create the policy, but reviews and approves it if acceptable.

×：Audit Committee

Incorrect because it provides independent and open communication between the Board of Directors, management, internal auditors, and external auditors. Its responsibilities include the system of internal controls, the engagement and performance of the independent auditors, and the performance of the internal audit function. The Audit Committee reports its findings to the Governing Board, but does not fail to oversee and approve the security program.

×：Risk Management Committee

Incorrect as it is to understand the risks facing the organization and work with senior management to bring the risks down to acceptable levels. This committee does not oversee the security program. The Security Steering Committee typically reports its findings to the Risk Management Committee on information security. The risk management committee should consider the entire business risk, not just the IT security risk.

A security document documents the security to be achieved.” To achieve “strong security” a clear definition is needed. Since the definition varies from organization to organization, it is necessary to put it in writing. There are five documents, with policy at the top, each of which is mandatory or optional.

MTD represents the time it takes to signify severe and irreparable damage to the reputation and bottom line of an organization; RTO values are smaller than MTD values; RTO assumes that there is a period of acceptable downtime.

〇：AS / NZS 4360

AS / NZS 4360 can be used for security risk analysis, but it was not created for that purpose. It takes a much broader approach to risk management than other risk assessment methods, such as NIST or OCTAVE, which focus on IT threats and information security risks. AS / NZS 4360 can be used to understand a firm’s financial, capital, personnel safety, and business decision-making risks.

×：FAP

Incorrect as there is no formal FAP risk analysis methodology.

×：OCTAVE

Image B is incorrect because it focuses on IT threats and information security risks. OCTAVE is intended for use in situations that manage and direct information security risk assessments within an organization. Employees of an organization are empowered to determine the best way to assess security.

×：NIST SP 800-30

Wrong because it is specific to IT threats and how they relate to information threats. Focus is primarily on systems. Data is collected from network and security practices assessments and from people within the organization. Data is used as input values for the risk analysis steps outlined in the 800-30 document.

〇：Software Escrow

If you do not have access to the software, but the developer may be out of business, you should plan for what to do after that out-of-business event. Software escrow means that the third party retains the source and compiled code, backup manuals, and other support materials. The agreement between the software vendor, the customer, and the third party would typically be that the customer would only have access to the source code when the vendor goes out of business and in the event of the vendor’s inability to fulfill its stated responsibilities or breach of the original agreement. The customer is protected because they can gain access to the source code and other materials through a third-party escrow agent.

×：Reciprocal Treatment Agreement

Although the term “reciprocal treatment agreement” does not exist, a close concept is mutual assistance agreements. A Mutual Assistance Agreement (MAA) is a promise to support each other in the event of a disaster by sharing facilities. There are times when you want to do something about a disaster, but you don’t have the funds to do it. In such a case, you can find a similar organization and agree to cooperate with each other in the event of a disaster.

×：Electronic Data Vault

Electronic data vaulting (e-vaulting) is the use of a remote backup service to electronically transmit backups off-site at regular intervals or when files are changed.

×：Business interruption insurance

Although the term business interruption insurance does not exist, it can be interpreted as a concept similar to insurance in the event of business interruption. Insurance is typically applied against financial risk. In this issue, software escrow is more appropriate because we want to continue access to the software.

〇：Shoulder Surfing Attacks

Shoulder surfing is a type of browsing attack in which an attacker looks over the shoulder of another person to see what is being typed on that person’s monitor items or keyboard. Of the attacks listed, this is the easiest to perform in that it requires no knowledge of the computer system. Therefore, the correct answer is a shoulder surfing attack.

×：Dictionary attack

A dictionary attack is an unauthorized login that targets users who use words as passwords.

×：Side-channel attack

A side-channel attack is an attack that eavesdrops on system data from physical information.

×：Timing Attacks

A timing attack is an attack in which various input information is given to a device that processes ciphers, and the cipher key or other information is deduced from the difference in processing time. If processing time is taken, it can be inferred as a rough indication that the process is proceeding normally as a process, and so on.

〇：Unit Testing

Unit testing involves testing individual components in a controlled environment to verify data structures, logic, and boundary conditions. After the programmer develops a component, it is tested with several different input values and in a variety of situations. Unit testing can begin early in the development process and usually continues throughout the development phase. One of the benefits of unit testing is that it identifies problems early in the development cycle. It is easier and less expensive to make changes to individual units.

×：Acceptance Testing

This is incorrect because acceptance testing is done to verify that the code meets the customer’s requirements. This test is applied to some or all of the application, but usually not individual components.

×：Regression Testing

Regression testing is incorrect because it implies retesting a system after changes have been made to ensure its functionality, performance, and protection. Essentially, regression testing is done to identify bugs where functionality no longer works as intended as a result of a program change. It is not uncommon for developers to fix one problem, accidentally create a new problem, or fix a new problem and solve an old one. Regression testing involves checking for previously fixed bugs to ensure that they have not reappeared and re-running previous tests.

×：Integration Testing

Integration testing is incorrect because it verifies that components work together as outlined in the design specification. After unit testing, individual components or units are tested in combination to verify that they meet functional, performance, and reliability requirements.

Archive bits are those that have been updated since the previous backup point in time. Full backups are full backups, so there is no need to be aware of where changes have occurred. Incremental backups also do not require awareness of change points because the backup portion is predetermined. Therefore, both clear the archive bit. However, differential backups do not clear the archive bit because only the changed part is known to be backed up.

〇：Multiple processes are using the same resources.

The system uses hard drive space (called swap space) that is reserved to expand RAM memory space. When the system fills up volatile memory space, data is written from memory to the hard drive. When a program requests access to this data, it is returned from the hard drive to memory in specific units called page frames. Accessing data stored on hard drive pages takes longer than accessing data stored in memory because it requires read/write access to the physical disk. A security issue with using virtual swap space is that two or more processes can use the same resources and corrupt or damage data.

×：Allowing cookies to remain persistent in memory

This is incorrect because virtual storage is not associated with cookies. Virtual storage uses hard drive space to extend RAM memory space. Cookies are small text files used primarily by web browsers. Cookies can contain credentials for web sites, site preferences, and shopping history. Cookies are also commonly used to maintain web server-based sessions.

×：Side-channel attacks are possible.

Side-channel attacks are incorrect because they are physical attacks. This type of attack gathers information about how a mechanism (e.g., smart card or encryption processor) works from abandoned radiation, time spent processing, power consumed to perform a task, etc. Using the information, reverse engineer the mechanism to reveal how it performs its security task. This is not related to virtual storage.

×：Two processes can perform a denial of service attack.

The biggest threat within a system where resources are shared between processes is that one process can adversely affect the resources of another process, since the operating system requires memory to be shared among all resources. This is especially true in the case of memory. It is possible for two processes to work together to perform a denial of service attack, but this is only one of the attacks that can be performed with or without the use of virtual storage.

〇：Normalization

Normalization is the process of efficiently organizing data by eliminating redundancy, reducing the potential for anomalies during data manipulation, and improving data consistency within a database. It is a systematic method of ensuring that database structures are correctly designed so that undesirable characteristics (insert, update, and delete anomalies) do not occur and data integrity is lost.

×：Polymorphism

Polymorphism is incorrect because different objects are given the same input and react differently.

×：Database View Implementation

A database view is a logical access control, implemented so that one group or specific user can see certain information and another group is restricted from seeing it completely, which is incorrect. For example, a database view could be implemented so that middle management can see the profits and expenses of a department without seeing the profits of the entire enterprise. Database views do not minimize duplicate data. Rather, it manipulates how the data is displayed by a particular user/group.

×：Schema Construction

Schemas in database systems are incorrect because they are structures described in a formal language. In a relational database, a schema defines tables, fields, relationships, views, indexes, procedures, queues, database links, directories, etc. A schema describes the database and its structure, but not the data that exists in the database itself.

〇：Dictionary attack

There is a limit to the complexity that humans can remember. Consciously, we treat words and character strings we already know as passwords. To address such vulnerabilities, the act of cracking passwords by guessing passwords based on existing words or character strings is called a dictionary attack.

×：Typical Sentence attack

There is no such attack named as such yet.

×：Brute force attack

Brute force is an unauthorized login in which the user tries to guess a password at random.

×：Birthday attack

A birthday attack is an efficient method of unauthorized login by taking advantage of encryption collisions heightened by at least one overlapping probability theory.

Scoping determines which parts of a standard will be deployed to the organization. It selects the standards that apply to the request or industry and determines which are within the organizational scope and which are outside of it.

Risk is the multiplication of threats and vulnerabilities. If the threat is at least as great as the vulnerability is fatal, it is a significant impact, or risk. Therefore, the best illustration of the relationship between the four rules is the multiplier.

〇：Service Strategy

The basic approach of ITIL is to create a service strategy that focuses on the overall planning of the intended IT services. Once the initial planning is complete, it provides guidelines for the design of validated IT services and overall implementation policies. The service transition phase is then initiated, providing guidelines for the assessment, testing, and validation of the IT services. This enables the transition from the business environment to the technical service. Service Operations ensures that all determined services have achieved their objectives. Finally, Continuous Service Improvement points out areas for improvement throughout the service lifecycle. Service strategy is considered the core of ITIL. It consists of a set of guidelines that include best practices for planning, design, and alignment of IT and business approaches, market analysis, service assets, setting goals to provide quality service to customers, and the strategy and value of implementing the service strategy.

×：Service Operations

Service operations is a critical component of the lifecycle when services are actually delivered, and something like ITIL that provides guidance is not at the core of actual operations. Lifecycle operations define a set of guidelines that ensure that an agreed level of service is delivered to the customer. The different genres incorporated by service operations include event management, problem management, access management, incident management, application management, technology management, and operations management. Service Operations balances between conflicting goals such as technology and business requirements, stability and responsiveness, cost and quality of service, and competing proactive activities.

×：Service Design

Inadequate because it involves a set of best practices for the design of IT services, including processes, architecture, policies, and documentation to meet current and future business requirements. The goal of service design is to design services according to agreed business objectives. Design processes that can support lifecycle and risk identification and management. Involves improving IT service quality as a whole.

×：Service Migration

Service Migration is incorrect because it focuses on delivering the services proposed by the business strategy for operational use. It also includes guidelines to enable a smooth transition of the business model to technical services. If service requirements change after design, Service Migration ensures that those requirements are delivered in accordance with the changed design. Areas of focus for these guidelines include the responsibilities of personnel involved in the migration transition plan and support, change management, knowledge management, release and deployment management, service verification and testing, and evaluation.

〇：Lock out the account for a certain period of time after reaching the clipping level.

Brute force attack is an attack that continuously tries different inputs to achieve a predefined goal that can then be used to qualify for unauthorized access. A brute force attack to discover the password means that the intruder is trying all possible sequences of characters to reveal the correct password. This proves to be a good countermeasure if the account will be disabled (or locked out) after this type of attack attempt is made.

×：Increase the clipping level.

Clipping levels are wrong because they need to be implemented to establish a baseline of user activity and acceptable error. Entities attempting to log into an account after the clipping level is met should be locked out. A high clipping level gives the attacker more attempts during a warning or lockout. Lowering the clipping level is a good countermeasure.

×：After the threshold for failed login attempts is met, the administrator should physically lock out the account.

This is incorrect because it is impractical to have an administrator physically lock out an account. This type of activity can easily be taken care of through automated software mechanisms. Accounts should be automatically locked out for a certain amount of time after a threshold of failed login attempts is met.

×：Encrypt password files and choose a weaker algorithm.

Encrypting passwords and/or password files and using a weaker algorithm is incorrect as it increases the likelihood of a successful brute force attack.

〇：Meetings should be conducted with a fixed number of members and should be as small as possible.

The BCP committee should be large enough to represent each department within the organization. It should consist of people who are familiar with the different departments within the company, as each department has unique functions and unique risks and threats. All issues and threats will be formulated when they are brought in and discussed. This cannot be done effectively with a few divisions or a few people. The committee must consist of at least business unit, senior management, IT, security, communications, and legal personnel.

Conducting meetings with a fixed number of members and as few as possible is certainly not a misinterpretation of “elite few. However, one must know what is the “best” answer and answer it.

×：Committee members should be involved in the planning, testing, and implementation phases.

The answer is incorrect because it is correct that committee members need to be involved in the planning, testing, and implementation phases. If Matthew, the coordinator of the BCP, is a good business leader, he will consider that it is best to make team members feel ownership over their duties and roles. The people who develop the BCP must also be the ones who implement it. If some critical tasks are expected to be performed during a time of crisis, additional attention should be given during the planning and testing phase.

×：The business continuity coordinator should work with management to appoint committee members.

This is incorrect because the BCP coordinator should work with management to appoint committee members. However, management’s involvement does not end there. The BCP team should work with management to finalize the goals of the plan, identify the critical parts of the business that must be handled first in the event of a disaster, and identify department and task priorities. Management also needs to help direct the team on the scope and specific goals of the project.

×：The team should consist of people from different departments within the company.

This is incorrect because the team should consist of people from different departments within the company. This will be the only way for the team to consider the risks and threats that each department faces according to the organization.

Point-to-Point Tunneling Protocol (PPTP) is a way to implement a virtual private network (VPN). It is Microsoft’s proprietary VPN protocol that operates at the data link layer of the OSI model; PPTP can only provide a single connection and can operate over a PPP connection.

〇：Business Continuity Processes Integrate Change Management Processes

Unfortunately, business continuity plans can quickly become outdated. An outdated BCP can give a company a false sense of security, which can be fatal if a disaster actually occurs. One of the simplest, most cost-effective, and process-efficient ways to keep your plan current is to incorporate it into your organization’s change management process. Are new applications, equipment, and services documented? Are updates and patches documented? The change management process should be updated to incorporate fields and triggers that alert the BCP team when significant changes occur and provide a means to update recovery documentation. Ensure that the BCP is kept up-to-date, and other measures include maintaining personnel evaluations of the plan and conducting regular training on using the plan, such as making business continuity part of all business decisions.

×：Update hardware, software, and application changes

Wrong because hardware, software, and application changes occur frequently; unless the BCP is part of a change management process, these changes are not included in the BCP. The BCP should be updated when changes to the environment occur. If it is not updated after a change, it is out of date.

×：Infrastructure and Environment Change Updates

Incorrect because infrastructure and environment changes occur frequently. Unless the BCP is part of a change management process, as with software, hardware, and application changes, infrastructure and environment changes are unlikely to result in a transition to the BCP.

×：Personnel changes

Incorrect, as the plan may become obsolete. It is not uncommon for BCPs to be abandoned when the person or persons responsible for maintenance leave the company. These responsibilities must be reassigned. To ensure this, maintenance responsibilities must be built into job descriptions and properly monitored.

〇：Ensure the security of customer, company, and employee data.

The Chief Privacy Officer (CPO) is responsible for ensuring the security of customer, company, and employee data; the CPO is directly involved in setting policies regarding how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports reports and findings to the Chief Security Officer (CSO). Thus, the correct answer is “Ensure that customer, company, and employee data is protected.” The answer is “Yes.

Perhaps you did not know what a CPO is. The point of this question is to see if you can conceive of the protection of personal information from the word privacy. When you see some words you don’t know in the actual exam, don’t throw them away because you don’t know what they mean. There are always hints.

×：Ensure the protection of partner data.

CPOs are responsible for ensuring the security of customer, company, and employee data.

There can be protection of partner data, but not in the sense of a primary role.

×：Ensuring the accuracy and protection of company financial information.

This is not considered to be a protection of privacy.

×：Ensuring that security policies are defined and implemented.

This is a common objective for all personnel/responsible parties and is not focused in the context of your role as Chief Privacy Officer (CPO).

〇：Representatives from each department meet and undergo validation.

Structured walk-through testing allows functional personnel to review the plan as it is fulfilled to ensure its accuracy and validity.

×：Ensures that some systems will run at alternate sites.

This is incorrect because it describes parallel testing.

×：Send a copy of the disaster recovery plan to all departments to verify its completeness.

This is incorrect because it describes a checklist test.

×：Take down the normal operation system.

This is incorrect because it describes a full interruption test.

Disposable passwords and one-time pads are passwords but generated from something you own, not something you know. In other words, possession.

〇：The sender encrypts the message digest with his/her private key.

A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.

×：The sender encrypts the message digest with his/her public key.

The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.

×：The receiver encrypts the message digest with his/her private key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

×：The receiver encrypts the message digest with his/her public key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

〇：One-time pad

Stream ciphers refer to one-time pad technology. In practice, stream ciphers cannot provide the level of protection that one-time pads do, but are practical.

×：AES

AES is incorrect because it is a symmetric block cipher. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits.

×：Block ciphers

Block ciphers are used for encryption and decryption purposes. The message is wrong because it is divided into blocks of bits.

×：RSA

RSA is incorrect because it is an asymmetric algorithm.

〇：Regular training to change employee attitudes

Behavior-directed controls are intended to direct the behavior required of employees as part of organizational management. Regular training that changes employee awareness falls under the action-directed type. Therefore, the correct answer is “Regular training to change employee attitudes”.

×：Remotely directed defenses using drone audits

This falls under reinforcing (compensating) defensive measures.

×：Defensive measures to be behavioral psychological barriers due to physical barriers

This is a physical (physically) defensive measure.

×：Developing recurrence prevention measures to review certain actions

This is a corrective measure.

Deleting a file is physically recoverable. Shredding, demagnetizing, and overwriting are all methods that render the file physically unrecoverable.

〇：Crime Prevention by Environmental Design (CPTED)

Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.

×：Multi-layered defense model  

The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.

×：Hiding by Ambiguity

Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.

×：Access Control

Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.

〇：Due Care

Confidentiality means that the company does everything it could reasonably have done to prevent a security breach under the circumstances and takes appropriate control and action in the event of a security breach. In short, it means that the company is acting responsibly by practicing common sense and prudent management. If a company has a facility that is not fire-immune, its arsonist will be only a small part of this tragedy. The company is responsible for providing fire-resistant building materials, alarms, exits, fire extinguishers, and backup fire detection and suppression systems, all critical information specific areas that could be affected by a fire. If a fire were to burn the company’s building and all records (customer data, inventory records, and information needed to rebuild the business) were to disappear, the company would not take precautions to ensure that it is protected against that loss. For example, it would be possible to back up to an off-site location. In this case, employees, shareholders, customers, and anyone else affected could potentially sue the company. However, if the company has done all that is expected of it in terms of the points mentioned so far, it is difficult to sue without success if proper care (dee care) is not taken.

×：Downstream Liability

Is wrong because one firm’s activities (or lack thereof) may have a negative impact on other firms. If either company fails to provide the required level of protection and its negligence affects the partners with whom it cooperates, the affected company can sue the upstream company. For example, suppose Company A and Company B have built an extranet. Company A has not implemented controls to detect and address viruses. Company A is infected with a harmful virus, which infects Company B through the extranet. The virus destroys critical data and causes a major disruption to Company B’s production. Company B can therefore sue Company A for negligence. This is an example of downstream liability.

×：Liability

Incorrect, as it generally refers to the obligation and expected behavior or actions of a particular party. Obligations can have a defined set of specific actions required, which is a more general and open approach that allows parties to determine how to fulfill specific obligations.

×：Due diligence

A better answer to this question. Liability is not considered a legal term as with the other answers. Due diligence is because the firm has properly investigated all of its possible weaknesses and vulnerabilities. Before you can understand how to properly protect yourself, you need to know that you are protecting yourself. To understand the real level of risk, investigate and assess the real level of vulnerability. Even after these steps and assessments have been made, effective controls and protective measures can be identified and implemented. Due diligence means identifying all potential risks, but an appropriate response is one that actually mitigates the risk.

〇：Restore the virus unpatched file version from the backup media.

The best practice is to install an unpatched, uninfected version of the file from the backup media. It is important to restore files that are known to be clean, as attempts to remove the files may corrupt them. The most important thing is not to spread the impact, but attempting to unilaterally delete files may make them unavailable for later investigation.

×：Replace the file with the file saved the previous day.

The file saved the previous day may also contain the virus.

×：Delete the file and contact the vendor.

This is an incorrect answer because the condition of this question is that if the file is deleted, the normal file content itself may be damaged.

×：Back up the data and delete the file.

This is an incorrect answer because backing up the data that contains the virus and deleting the file does not result in a clean situation.

〇：Primary entry doors should have controlled access via swipe card or cryptographic locks. Secondary doors should not be secured from the inside and allowed entry. 

Data centers, server rooms, and wiring closets should be located in the core areas of the facility, near wiring distribution centers. Strict access control mechanisms and procedures should be implemented for these areas. Access control mechanisms can lock smart card readers, biometric readers, or a combination of these. These restricted areas should have only one access door, but fire code requirements typically dictate that there must be at least two doors in most data centers and server rooms. Only one door should be used for daily entry and exit and the other door should be used only in case of an emergency, i.e., if a fire breaks out in a data center or server room, the door should be locked. This second door should not be an access door, meaning people should not be able to come through this door. It should be locked, but should have a panic bar that will release the lock if it is used as an exit, pushed from the inside.

×：The primary and secondary entry doors must have control access via swipe cards or cryptographic locks.  

This is incorrect because even two entry doors should not be allowed to pass through with the identification, authentication, and authorization process. There should only be one entry point into the server room. No other door should provide an entry point, but can be used for an emergency exit. Therefore, secondary doors should be protected from the inside to prevent intrusion.

×：The primary entry door should have controlled access via a guard. Two doors should not be secured from the inside and allowed entry.

The main entry door to the server room is incorrect as it requires an identification, authentication, and authorization process to be performed. Swipe cards and cryptographic locks perform these functions. Server rooms should ideally not be directly accessible from public areas such as stairways, hallways, loading docks, elevators, and restrooms. This helps prevent foot traffic from casual passersby. Those who are by the door to the area to be secured should have a legitimate reason for being there, as opposed to those on the way to the meeting room, for example.

×：The main entry door must have controlled access via swipe card or crypto lock. Two doors must have security guards.  

Two doors should not have security guards, because it is wrong. The door should be protected from the inside simply so it cannot be used as an entry. Two-door must function as an emergency exit.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

〇：A process that is running concurrently. If not properly controlled, the integrity of the database can be adversely affected.

Databases are used simultaneously by many different applications and many users interact with them at once. Concurrency means that different processes (applications and users) are accessing the database at the same time. If this is not properly controlled, processes can overwrite each other’s data or cause deadlock situations. The worst consequence of concurrency problems is poor integrity of the data held in the database. Database integrity is provided by concurrency protection mechanisms; one concurrency control is locking, which prevents users from accessing or modifying data being used by other users.

×：Processes running at different levels. If not properly controlled, they can adversely affect the integrity of the database.

Concurrency is incorrect because it refers to processes running at the same time, not at different levels. Concurrency problems occur when the database can be accessed simultaneously by different users or applications. If controls are not in place, two users can access and modify the same data at the same time, which can be detrimental to a dynamic environment.

×：The process of inferring new information from a review of accessible data. Inference attacks may occur.

The ability to infer new information from reviewing accessible data occurs when subjects at lower security levels indirectly infer data at higher levels. This can lead to an inference attack, but is not related to concurrency.

×：Storing data in multiple locations in the database. If not properly controlled, it can negatively impact database integrity.

Storing data in multiple locations is incorrect because there is no concurrency issue. Concurrency becomes an issue when two subjects or applications are trying to modify the same data at the same time.