〇：Review the schedule.

Unit testing is testing to confirm that the developed module works as a stand-alone unit. Acceptance testing is testing to make sure that the customer who ordered the development actually uses it and is satisfied with it. Acceptance testing cannot take the place of unit testing. It is not upward compatible as a test, and the perspectives are different. Therefore, the correct answer is “Review the schedule.” The correct answer is “Review the schedule.

×：Unit testing is not performed for the sake of work efficiency.

It does not mean that unit tests are not performed.

×：Increase the number of items in the acceptance test for the unit test that could not be done.

The items that should have been done in the actual unit test are simply accounted for as acceptance tests, and the unit test is not considered to have been completed. This is an action that is close to concealment.

×：Report to your supervisor.

You are in charge of project management.

〇：Creating Data Collection Techniques

Of the steps listed, the first step in a Business Impact Analysis (BIA) is to create a data collection technique. The BCP committee will use questionnaires, surveys, and interviews to collect key person information on how different tasks are accomplished within the organization, along with any relevant dependencies of processes, transactions, or services. Process flow diagrams should be created from this data and used throughout the BIA and planning and development phases.

×：Risk calculations for each different business function

This is incorrect because the risk for each business function is calculated after the business function has been identified. And before that happens, the BCP team needs to collect data from key personnel. To calculate the risk for each business function, qualitative and quantitative impact information must be collected, properly analyzed, and interpreted. Once the data analysis is complete, it should be reviewed with the most knowledgeable people in the company to ensure that the results are relevant and to explain the actual risks and impacts facing the organization. This will flush out any additional data points that were not captured initially and allow for a full understanding of all possible business impacts.

×：Identifying Critical Business Functions

Image B is incorrect because the identification of critical business functions is done after the BCP committee has learned about the business functions that exist by interviewing and surveying key individuals. Once the data collection phase is complete, the BCP committee conducts an analysis to determine which processes, devices, or business activities are critical. If a system stands on its own, does not affect other systems, and is less critical, it can be classified as a Tier 2 or Tier 3 recovery step. In other words, these resources are not processed in the recovery phase until the most critical (Tier 1) resources are up and running.

×：Vulnerability and Threat Identification to Business Functions

This is not the first step and is incorrect because it identifies vulnerabilities and threats to business functions toward the end of the business impact analysis. It is the last of the steps listed in the answer. Threats can be man-made, natural, or technical. It is important to identify all possible threats and estimate their likelihood of occurring. When developing these plans, some issues may not be immediately apparent. These issues are best addressed by groups conducting scenario-based exercises. This ensures that when the threat becomes reality, the plan will have an impact on all business tasks, departments, and critical operations. The more issues that are planned for, the better prepared you will be should these events occur.

〇：Keys will need to be distributed via a secure transmission channel.

For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.

×：Computation is more intensive than in asymmetric systems.

That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.

×：Much faster operation than asymmetric systems

Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.

×：Mathematically intensive tasks must be performed

Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.

〇：Test with reference to OSSTMM.

OSSTMM (Open Source Security Testing Methodology Manual) is an open source penetration testing standard. Open source is basically free and has many amazing features. Because it is free and anyone can use it, there is a view that trust is low. However, there is nothing like it if you properly understand the risks. That is why we are trying to create a testing standard for open source to ensure trust. Therefore, the correct answer is: “Test with reference to OSSTMM.” will be “OSSTMM”.

×：Since open source is fully tested at the point of development, the testing process can be omitted.

Even if it is open source, you need to test it according to your own organization.

×：Secure contact information for the developer and conduct testing with both developers.

If you contact the open source developer, these responses will probably not go through.

Most open source developers are doing this in good faith and may be brazen about further pursuit from the organization.

×：Ask other organizations to share completed tests.

The process of getting test results that may be confidential from other organizations is unreasonable.

〇：Conforms to the X.509 standard and assigns a namespace to each object accessed in the database by LDAP.

Most companies have directories that contain information about company network resources and users. Most directories use a hierarchical database format based on the X.500 standard (not X.509) and a type of protocol such as LDAP (Lightweight Directory Access Protocol) that allows subjects and applications to interact with the directory The application can then use LDAP to access the directory. Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a particular resource using a similar request. The directory service assigns an Distinguished Name (DN) to each object in the database based on the X.500 standard to be accessed. Each distinguished name represents a set of attributes about a particular object and is stored as an entry in the directory.

×：Namespaces are used to manage objects in the directory.

This is incorrect because objects in a hierarchical database are managed by a directory service. Directory services allow administrators to configure and manage identification, authentication, permissions, and access control for the network. Objects in the directory are labeled and identified by namespace, which is how the directory service keeps objects organized.

×：Enforce security policies by performing access control and identity management functions.

This is incorrect because directory services enforce the security policy set by performing access control and identity management functions. For example, when a user logs into a domain controller in a Windows environment, the directory service (Active Directory) determines which network resources are accessible and which are not.

×：Administrators can configure and manage how identification takes place within the network.

Directory service is incorrect because it allows the administrator to configure and manage identification within the network. It also allows for the configuration and management of authentication, authorization, and access control.

〇：Unified Threat Management

Unified Threat Management (UTM) appliance products have been developed to provide firewall, malware, spam, IDS / IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting in computer networks.

Since this question asks for a definition of Unified Threat Management that is unfamiliar or not even mentioned in the course material, it is inefficient to buy and study a new book just to get this score. To avoid ending up with “I don’t know = I can’t solve it,” be sure to develop the habit of choosing a “better answer.

If you think in terms of the classification Concepts/Standards > Solutions/Implementation Methods, ISCM (NIST SP800-137) and centralized access control systems are the former, while Unified Threat Management and cloud-based security solutions are the latter. Therefore, it is still better to bet on unified threat management and cloud-based security solutions.

×：ISCM (NIST SP800-137)

Because continuous monitoring in the security industry is most commonly Information Security Continuous Monitoring ISCM (NIST SP800-137), which enables companies to gain situational awareness, continuous awareness of information security, vulnerabilities, and threats to support business risk management decisions , is incorrect.

×：Centralized Access Control System

Wrong because a centralized access control system does not attempt to combine all of the security products and capabilities mentioned in the issue. A centralized access control system is used so that its access control can be enforced in a standardized manner across different systems in a network environment.

×：Cloud-based security solutions

Cloud-based security solutions include security managed services that allow an outsourced company to manage and maintain a company’s security devices and solutions, but this is not considered a cloud-based solution. The cloud-based solution provides the infrastructure environment, platform, or application to the customer so that the customer does not have to spend time and money maintaining these items themselves.

〇：OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

×：TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

×：Data link model

There is no such model.

×：Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

〇：Teardrop

Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.

×：Fraggle attack

Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.

×：CHARGEN attack

There is no attack with such a name.

×：War Driving

Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.

〇：Increasing database security controls and providing more granularity.

The best approach to protecting the database in this situation would be to increase controls and assign detailed permissions. These measures would ensure that users cannot abuse their permissions and that the confidentiality of the information is maintained. The granularity of permissions would give network administrators and security professionals additional control over the resources they are charged with protecting, and the granular level would allow them to give individuals just the exact level of access they need.

×：Implement an access control where each user’s privileges are displayed each time they access the database.

Implementing an access control that displays each user’s permissions is incorrect because they are an example of one control each time they access the database. This is not the overall way of dealing with user access to a database full of information. This may be an example of better database security control, but it needs to be limited to the right places.

×：Change the classification label of the database to a higher security status.

The classification level of the information in the database should previously be determined based on its level of confidentiality, integrity, and availability. This option implies that a higher level of authorization should be given, but there is no indication in the question text that the security level is inappropriate.

×：Reduce security. Allow all users to access information as needed.

The answer to reduce security is incorrect.

Overwrapping is done by writing zero or random characters to the data. Overwrapping on corrupted media is not possible.

〇：ACL

Access Control List (ACL) A map value from the Access Control Matrix to an object; ACLs are used in several operating system, application, and router configurations. They are lists of items that are authorized to access a particular object and they define the level of authorization to be granted. Authorization can be specified to an individual or to a group. Therefore, ACLs are bound to an object and indicate which subjects can access it, and feature tables are bound to a subject and indicate which objects the subject can access.

×：Function table

The function table is a row in the access control matrix.

×：Constraint Interface

Constraint interfaces are wrong because they limit the user’s access ability by not allowing them to request certain functions or information or have access to certain system resources.

×：Role-based values

The role-based access control (RBAC) model, called non-discretionary access control, is wrong because it uses a centralized set of controls to determine how subjects and objects interact.

Measures have been implemented to reduce the overall risk to an acceptable level. However, no system or environment is 100% safe, and risks remain with all countermeasures. The residual risk after countermeasures have been taken is called residual risk. Residual risk is different from total risk. Total risk is the risk of not implementing countermeasures. While total risk can be determined by calculating (threat x vulnerability x asset value = total risk), residual risk can be determined by calculating (threat x vulnerability x asset value) x control gap = residual risk. The control gap is the amount of protection that the control cannot provide.

〇：Because the information may be in the hands of someone outside the company after it has been placed in the dumpster.

Dumpster diving, or scavenging, is finding important information in the trash. Putting it in the trash can make you feel relieved that it has been removed. However, the trash can is nothing more than a shared space between internal and external parties, such as cleaning staff. Make sure to shred any text that contains confidential information to prevent leakage.

×：When restoring documents from the trash, they will be mixed with other documents.

They will not be destroyed for the purpose of restoring them.

×：Confidential documents do not need to be destroyed.

Even confidential documents must be destroyed if they are no longer needed.

×：There is no need to shred it.

No, of course they must be shredded.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

〇：Disk Redundancy

Information that is required to be available at all times must be mirrored or duplexed. In both mirroring (also called RAID 1) and duplexing, all data write operations are performed simultaneously or nearly simultaneously at multiple physical locations.

×：Direct Access Storage

Direct access storage is incorrect because it is a general term for magnetic disk storage devices traditionally used in mainframe and minicomputer (midrange computer) environments. RAID is a type of direct access storage device (DASD).

×：Striping

Incorrect because the technique of striping is used when data is written to all drives. This activity splits the data and writes it to multiple drives. Write performance is not affected, but read performance is greatly improved because multiple heads are getting data at the same time. Parity information is used to reconstruct lost or corrupted data. Striping simply means data; parity information may be written to multiple disks.

×：Parallel Processing

Parallel processing is incorrect because a computer has multiple processing units built into it to execute multiple streams of instructions simultaneously. While mirroring may be used to implement this type of processing, it is not a requirement.

Users can logically guess the URL or path to access resources they should not. If an organization’s network has access to a report name ending in “financials_2017.pdf”, it is possible to guess other file names that should not be accessed, such as “financials_2018.pdf” or “financials.pdf”.

〇：Data Encryption

The Advanced Encryption Standard (AES) is a data encryption standard developed to improve upon the previous de facto standard, Data Encryption Standard (DES). As a symmetric algorithm, AES is used to encrypt data. Therefore, the correct answer is “data encryption.

There are other situations where AES is used in the other choices, but encrypting data is the most focused or better answer. Thus, there are cases where all of the choices are correct.

×：Data integrity

This is a characteristic of digital signatures.

×：Key recovery

It is a property of decryption and key escrow.

×：Symmetric key distribution

Using symmetric keys for AES distribution lowers the key delivery problem.

〇：Statistically predictable

The two main types of symmetric algorithms are block ciphers and stream ciphers. Block ciphers perform a mathematical function on a block of bits at a time. Stream ciphers do not divide the message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs the mathematical function on each bit individually. If it were statistically predictable, it would not be a practical encryption technique in the first place.

×：Statistically Fair Keystreams

Statistically fair keystreams are an element of good stream ciphers. Therefore, it is incorrect. Another way to say a statistically unbiased keystream is that it is a highly random keystream that is difficult to predict.

×：The repetitive pattern of bit strings treated in a keystream is long.

Another way to say the randomness of a keystream is that it is highly random, with long repetitions = rarely repeated = highly random.

×：The keystream is irrelevant to the key.

A keystream that is not related to a key is an element of a good stream cipher. Therefore, it is incorrect. This is important because the key provides the randomness of the encryption process.

The Clipper chip is a chipset developed by the National Security Agency (NSA) and implemented as an encryption device that protects “voice and data messages” as an embedded backdoor. It used SkipJack, a block cipher.

Ethernet is a way of communication used for local area networks; LANs and such communicate over Ethernet. In other words, most communication is now done over Ethernet.

Defense-in-Depth is the concept that protection should not be monolithic, but should be multi-layered in all aspects. The term “defense-in-depth” comes close to the alternative, as multiple layers of protection are required to protect against a single vulnerability.

〇：IGRP

The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.

×：RIP  

Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.

×：BGP

Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.

×：OSPF  

OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.

Distributed Denial of Service (DDoS) attacks usually do not provide financial gain to the attacker. Often, the motivation is revenge, disagreement with the organization’s policy decisions, or the attacker proving the extent of his or her animosity toward the organization. Certainly, it can be used to bloat the cost of a pay-as-you-go cloud service by causing it to consume more resources than expected by accessing it in large volumes, but it is a mistake in that it is not the financial objective of the parties involved.

〇：Crime Prevention by Environmental Design (CPTED)

Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.

×：Multi-layered defense model  

The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.

×：Hiding by Ambiguity

Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.

×：Access Control

Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.

〇：Vulnerability assessments can help prioritize weaknesses that need to be addressed.

The most important aspect of an internal or third-party vulnerability assessment is that it can enumerate all potential vulnerabilities a company has and prioritize corrective actions.

×：Third-party security audits are only required if regulations require it.

Even if some organizations do not require an independent review, it can often help find minor weaknesses that might have been overlooked.

×：Vulnerability assessments and penetration tests are essentially the same.

A vulnerability assessment is wrong because it enumerates all weaknesses and ensures that countermeasures are properly prioritized. Penetration testing aims to examine the likelihood that a real-world attacker will exploit a given weakness to achieve a goal.

×：Internal assessments are of little value.

Internal audits of enterprise security are usually not sufficient and can be very beneficial when conducted in conjunction with third-party reviews. However, it can often help find minor weaknesses that may have been overlooked.

〇：Converts bytecode to machine-level code.

Java is an object-oriented, platform-independent programming language. It is used as a full-fledged programming language to write programs called applets that run in the user’s browser. java is platform independent because it creates intermediate code that is not processor-specific bytecode. java virtual machine (JVM) converts bytecode into machine-level code that can be understood by processors on a particular system.

×：Converts source code to bytecode and blocks the sandbox.

Incorrect because the Java Virtual Machine converts bytecode to machine-level code. The Java compiler does not convert source code to bytecode. The JVM also creates a virtual machine in an environment called the sandbox. This virtual machine is the enclosed environment in which the applet executes its activities. The applet is typically sent via HTTP within the requested web page and is executed as soon as the applet arrives. If the applet developer fails to function properly, it may intentionally or accidentally perform a malicious act. Therefore, the sandbox strictly limits the applet’s access to system resources. The JVM mediates access to system resources to ensure that applet code runs and works within its own sandbox.

×：It runs only on specific processors within a specific operating system.

This is incorrect because Java is an object-oriented, platform-independent programming language. Other languages are compiled into object code for specific operating systems and processors. Thus, a particular application can run on Windows, but not on the Mac OS. Intel processors do not necessarily understand machine code compiled for Alpha processors. Java is platform independent because it creates intermediate code bytecode. It is not processor-specific code bytecode.

×：Develop an applet that runs in the user’s browser.

This is incorrect because the Java Virtual Machine does not create applets. Java is adopted as a full-fledged programming language and is used to write complete and short programs called applets that run in the user’s browser. Programmers create Java applets and run them through a compiler. The Java compiler converts the source code into byte code. The user then downloads the Java applet. The bytecode is converted to machine-level code by the JVM. Finally, the applet is executed when invoked.

〇：PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a framework to avoid personal information leakage when making electronic payments. Therefore, the correct answer is “PCI DSS.

By the way, if you were to ask, “Which of the following are possible?” I am tempted to argue that other frameworks may be used as well. However, in the CISSP exam, you may have to choose “the most plausible” option in some cases. Therefore, we have used this phrase.

×：HITECH

The Health Information Technology for Economic and Clinical Health Act (HITECH) is an enhanced version of HIPPA that applies not only to data management but also to health care business associates.

×：OCTAVE

OCTAVE is one of the risk assessment frameworks introduced in CERT.

×：COBIT

COBIT is a framework for measuring the maturity of a company’s IT governance. It was proposed by the Information Systems Control Association of America (ISACA) and the IT Governance Institute (ITGI).

Unfortunately, security components usually affect system performance but go unnoticed by the user. If system performance is significantly slower, security controls may be enforced. The reason controls must be transparent is so that users and intruders do not know enough to disable or bypass them.

While it is important to understand the term “transparent” in the realm of security, there is another way to answer the question in terms of solving it. If there is only one answer to a four-answer question, then answers that mean the same thing cannot be correct. Therefore, by grouping, the only answer that is correct is the one that does not belong to a group.

And the key point in this question is whether the user knows. The other choices indicate that the situation is communicated on the server side as an outsider, whether a legitimate user or an attacker, whereas only one is acknowledged on the server administrator’s side.

The expected annual loss amount is the value of losses that could occur in the future, equalized on an annual basis based on the frequency of occurrence. Therefore, it is the Single Loss Expectancy (SLE) multiplied by the annual frequency of occurrence (ALO).

〇：Intercept anti-malware calls to the operating system for file system information.

This is a “no” question. Polymorphic viruses attempt to fool anti-malware scanners. In particular, they use methods to generate operational copies. Even if the anti-malware software detects and disables one or two copies, the other copies remain active in the system.

This problem must be solved by process of elimination. What definitions are polymorphic viruses? If you remember the word list “what is a polymorphic virus,” you may not understand what makes a polymorphic virus unique. The most striking feature of polymorphic viruses is that they repeatedly change entities.

×：Using noise, mutation engines, or random number generators to change the sequence of instructions.

Polymorphic-type viruses may change the sequence of instructions by including noise or false instructions along with other useful instructions. They can also use mutation engines and random number generators to alter the sequence of instructions in the hope that they will not be detected. The original functionality remains intact, but the code is altered, making it nearly impossible to identify all versions of the virus using a fixed signature.

×：Different encryption schemes that require different decryption routines can be used.

Polymorphic-type viruses can use different encryption schemes that require different decryption routines. This requires an anti-malware scan to identify all copies of this type of virus, one for each possible decryption method. Polymorphic virus creators hide the encrypted virus payload and add decryption methods to the code. Once encrypted, the code becomes meaningless, but that does not necessarily mean that the encrypted virus is a polymorphic virus and thus escapes detection.

×：Create multiple and various copies.

Polymorphic viruses generate multiple, varied copies in order to avoid detection by anti-malware software.

〇：TOC/TOU

Certain attacks can take advantage of the way a system processes requests and performs tasks. A TOC/TOU attack handles a series of steps that the system uses to complete a task. This type of attack takes advantage of the reliance on the timing of events occurring in a multitasking operating system; TOC/TOU is a software vulnerability that allows the use of condition checking (i.e., credential verification) and the results from that condition checking function. In the scenario in this question, the fact that the web application is likely correctly configured indicates that the programming code of this application has this type of vulnerability embedded in the code itself.

×：Buffer overflow

When too much data is accepted as input to a particular process, a buffer overflow occurs. This is incorrect because it does not match the event in the problem statement. A buffer is an allocated segment of memory. A buffer can overflow arbitrarily with too much data, but to be used by an attacker, the code inserted into the buffer must be of a specific length and require a command to be executed by the attacker. These types of attacks are usually exceptional in that the fault is segmented, or sensitive data is provided to the attacker.

×：Blind SQL Injection

Blind SQL injection attacks are wrong because they are a type of SQL injection attack that sends true or false questions to the database. In a basic SQL injection, the attacker sends specific instructions in SQL format to query the associated database. In a blind SQL attack, the attacker is limited to sending a series of true-false questions to the database in order to analyze the database responses and gather sensitive information.

×：Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) is incorrect because it is an attack type that attempts to trick the victim into loading a web page containing malicious requests or operations. The attack operation is performed within the context of the victim’s access rights. The request inherits the victim’s identity and performs undesirable functions for the victim. In this type of attack, the attacker can cause the victim’s system to perform unintended actions such as changing account information, retrieving account data, or logging out. This type of attack could be related to the scenario described in this question, but focuses on how the user can bypass the locking mechanism built into the web application. The logic in the programming code is incorrectly developed and the locking function is bypassed because a rigorous series of checks and usage sequences are not performed correctly.

〇：Control of the processing and distribution process

An important part of the digital forensic process is to maintain a proper chain of custody of evidence.

The question structure assumes Chain of Custody (Chain of Custody) from “the purpose of securing all evidence and notating it as information to be presented to those who verify it” and selects the one that comes closest to the definition.

×：Reasonable care

Wrong because reasonable care implies performing an activity that a reasonable person would be expected to perform under similar circumstances.

×：Investigation

Incorrect because investigation involves the proper collection of relevant data during the incident response process and includes analysis, interpretation, reaction, and recovery.

×：Motive, Opportunity, Means

Motive, Opportunity, and Means (MOM) is incorrect because it is a strategy used to understand why certain crimes were committed and by whom.

〇：Capability Maturity Model Integration

Capability Maturity Model Integration (CMMI) is a comprehensive set of integration guidelines for developing products and software. It addresses the various phases of the software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operation, maintenance, and what should happen at each stage. The model describes the procedures, principles, and practices underlying the maturation of the software development process. It was developed to help software vendors improve their development processes. It will improve software quality, shorten the development life cycle, create and meet milestones in a timely manner, and adopt a proactive approach rather than a reactive approach that is less effective.

×：Software Development Life Cycle

Incorrect because the Software Development Life Cycle (SDLC) describes how a system should be developed and maintained throughout its life cycle and does not involve process improvement.

×：ISO/IEC 27002

Incorrect because ISO/IEC 27002 is an international standard that outlines how the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) create and maintain an organizational information security management system (ISMS). ISO/IEC 27002 has a section dealing with the acquisition, development, and maintenance of information systems, but does not provide a process improvement model for software development.

×：Certification and Accreditation Process

This is incorrect because the certification and accreditation (C&A) process handles testing and evaluation of systems against predefined criteria. This has nothing to do with improving the software development process.

〇：SIEM

Many organizations have implemented security event management systems, called Security Information and Event Management (SIEM) systems. They attempt to correlate log data collected from various devices (servers, firewalls, routers, etc.) and provide analysis capabilities. They also have solutions with networks (IDS, IPS, anti-malware, proxies, etc.) that collect logs in various proprietary formats that require centralization, standardization, and normalization. Therefore, the correct answer is SIEM.

×：Intrusion Detection System

Intrusion Detection System (IDS, Intrusion Detection System) is a mechanism that monitors the system and leads to passive actions. It does not have the ability to collect and analyze logs.

×：SOAR

SOAR (Security Orchestration, Automation and Response) is a technology that enables efficient monitoring, understanding, decision-making and action on security incidents. It may be fulfilled by SOAR through intrinsic cause analysis, but it is not a solution used for the purpose of identifying if suspicious activity is taking place in the network.

×：Event correlation tools

The term “event correlation tool” does not exist, but may be a feature of a SIEM.

〇：Conflict condition

A race condition is present when a process performs a task on a shared resource and the sequence could be in the wrong order. 2 or more processes can have a race condition if they use a shared resource, like data in a variable. It is important that processes perform their functions in the correct sequence.

×：Backdoors

Backdoors are incorrect because they are “listening” services on certain ports. Backdoors are implemented by attackers to allow easy access to the system without authenticating as a normal system user.

×：Maintenance Hooks

Maintenance hooks are specific software codes that allow easy and unauthorized access to sensitive parts of a software product. Software programmers use maintenance hooks to allow them to get quick access to the code so that they can make fixes in immediate, but this is dangerous.

×：Data validation errors

Data validation errors are wrong because an attacker cannot operate on the process execution sequence.

The Health Insurance Interoperability and Accountability Act (HIPAA) has three rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. The rules mandate administrative, physical, and technical safeguards.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

〇：To create an overview of business functions and systems

Outlining business functions and systems is not a reason to create and execute a disaster recovery plan. While these tasks are likely to be accomplished as a result of the disaster recovery plan, they are not a valid reason to implement the plan compared to other answers to the question. Usually occurring during the planning process, simply outlining business functions and systems is not enough to develop and implement a disaster recovery plan.

×：To create post-disaster recovery procedures

It is not correct to develop and implement a disaster recovery plan because providing post-disaster recovery procedures is a good reason to do so. In fact, this is exactly what a disaster recovery plan provides. The goal of disaster recovery is to take the necessary steps to minimize the impact of a disaster and ensure that resources, personnel, and business processes can resume operations in a timely manner. The goal of a disaster recovery plan is to handle the disaster and its consequences in the immediate aftermath.

×：To back up data and create backup operating procedures

Inappropriate, because not only backing up data but also extending backup operations is a good way to develop and implement a disaster recovery plan. When considering a disaster recovery plan, some companies focus primarily on backing up data and providing redundant hardware. While these items are very important, they are only a small part of a company’s overall operations. Hardware and computers need people to configure and operate them, and data is usually not useful unless it can be accessed by other systems or outside entities. All of these may require backups as well as data.

×：To establish emergency response procedures

This is incorrect because there are good reasons to establish and implement a disaster recovery plan, and providing emergency response procedures is a valid reason. Disaster recovery plans are implemented when everything is in emergency mode and everyone is scrambling to get all critical systems back online. Carefully written procedures will make this entire process much more effective.

Translated with www.DeepL.com/Translator (free version)

Service Organization Control (SOC) is a rule established by the American Institute of Certified Public Accountants (AICPA) to assure the internal control of the party contracted to perform services. Sometimes, work is contracted out to other firms. In order to guarantee the quality of its own work, the company that is contracted to perform the work must also have appropriate controls in place. For this reason, we check the internal control of the outsourcing company to which the work is outsourced.

• SOC-1 (Internal Control over Financial Reporting (ICFR)) Audits the accounting of the trustee company.
  SOC-2 (Trust Services Criteria): Checks security and other controls other than accounting for the fiduciary company. Usually takes six months to complete.
  SOC-3 (Trust Services Criteria for General Use Report) Confirms security and other controls other than accounting for unspecified persons (users).

Disk mirroring means writing the same data to multiple hard disks; a RAID (Redundant Array of Independent Disks) controller must write all data twice, requiring at least two disks. Disk striping can also be provided when parity is used, but disk striping alone cannot provide redundancy.

〇：Review labeling and treat as critical confidential information.

Labeling is the process of sorting data according to its level of confidentiality. Labeling helps clarify the confidentiality level of data management. If the labeling is incorrect, it should be corrected at any time to manage the data in accordance with the confidentiality level. Therefore, “Review the labeling and treat it as critical confidential information.” is the correct answer.

×：The entire sentence should be treated as confidential information because the business should be flexible.

This is not an appropriate operation because the text containing critical confidential information is treated as confidential information.

×：As supplemental information to the document, state that “a part of the text contains material confidential information.

This is not a fundamental solution because stating this as supplementary information is in effect treating the information as different confidential levels.

×：Destroy the document because it is impossible for different confidential information to be crossed.

Destroying the document is not an appropriate operation because it is a damage to one’s own assets.

Translated with www.DeepL.com/Translator (free version)

〇：Unit Testing

Unit testing involves testing individual components in a controlled environment to verify data structures, logic, and boundary conditions. After the programmer develops a component, it is tested with several different input values and in a variety of situations. Unit testing can begin early in the development process and usually continues throughout the development phase. One of the benefits of unit testing is that it identifies problems early in the development cycle. It is easier and less expensive to make changes to individual units.

×：Acceptance Testing

This is incorrect because acceptance testing is done to verify that the code meets the customer’s requirements. This test is applied to some or all of the application, but usually not individual components.

×：Regression Testing

Regression testing is incorrect because it implies retesting a system after changes have been made to ensure its functionality, performance, and protection. Essentially, regression testing is done to identify bugs where functionality no longer works as intended as a result of a program change. It is not uncommon for developers to fix one problem, accidentally create a new problem, or fix a new problem and solve an old one. Regression testing involves checking for previously fixed bugs to ensure that they have not reappeared and re-running previous tests.

×：Integration Testing

Integration testing is incorrect because it verifies that components work together as outlined in the design specification. After unit testing, individual components or units are tested in combination to verify that they meet functional, performance, and reliability requirements.

A key escrow system is one in which a third-party organization holds a copy of the public/private key pair. If the private key is stolen, all ciphers can be decrypted. Conversely, if it is lost, all ciphers cannot be decrypted. Therefore, you want to have a copy. However, if you have it yourself, it may be stolen if a break-in occurs, so you leave it with a third-party organization.

MAC (mandatory access control) is often used when confidentiality is of utmost importance. Access to objects is determined by labels and clearances. It is often used in organizations where confidentiality is very important, such as the military.

War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.

〇：Extraction of data shared with unauthorized entities

This is a problem of selecting unrelated items. Extraction of data shared with unauthorized entities is a confidentiality issue. Although it is complicatedly worded, the operations on the data are unauthorized and extraction, and none of them include the destruction of data, which is the primary focus of integrity. Therefore, the correct answer is “extraction of data shared with unauthorized entities.

In solving this problem, it is not necessary to know what an entity is. The focus is on whether any modification or destruction has taken place.

×：Unauthorized manipulation or alteration of data

Mistake. Because integrity is associated with unauthorized manipulation or alteration of data. Integrity is maintained when unauthorized modification is prevented. Hardware, software, and communication mechanisms must work together to correctly maintain and process data and move data to its intended destination without unexpected changes. Systems and networks must be protected from outside interference and contamination.

×：Unauthorized data modification

Unauthorized data modification is a mistake as it relates to integrity. Integrity is about protecting data, not changing it by users or other systems without authorization.

×：Intentional or accidental data substitution

Incorrect because intentional or accidental data substitution is associated with integrity. Integrity is maintained when assurances of the accuracy and reliability of information and systems are provided along with assurances that data will not be tampered with by unauthorized entities. An environment that enforces integrity prevents attacks, for example, the insertion of viruses, logic bombs, or backdoors into the system that could corrupt or replace data. Users typically incorrectly affect the integrity of the system and its data (internal users may also perform malicious acts). For example, a user may insert incorrect values into a data processing application and charge a customer $3,000 instead of $300.

〇：Database Migration

The movement of accessible data from one repository to another may be required over its lifetime, but is generally not as important as the other phases provided in response to this question.

×：Data specification and classification

This is incorrect because the determination of what the data is and its classification is the first essential phase that can provide the appropriate level of protection.

×：Continuous monitoring and auditing of data access

Incorrect because without continuous monitoring and auditing of access to sensitive data, breaches cannot be identified and security cannot be guaranteed.

×：Data Archiving

Incorrect as even the most sensitive data is subject to retention requirements. This means that it must be archived for an appropriate period of time and with the same level of security as during actual use.

〇：Entity integrity

Entity integrity ensures that a tuple is uniquely identified by its primary key value. A tuple is a row in a two-dimensional database. The primary key is the corresponding column value that makes each row unique. For entity integrity, every tuple must contain one primary key. If a tuple does not have a primary key, the tuple will not be referenced by the database.

×：Concurrent Maintainability

Concurrent integrity is not a formal term in database software and is therefore incorrect. There are three main types of integrity services: semantic, reference, and entity. Concurrency is software that is accessed by multiple users or applications simultaneously. Without controls in place, two users can access and modify the same data at the same time.

×：Referential Integrity

Referential integrity is incorrect because it references all foreign keys that refer to an existing primary key. There must be a mechanism to ensure that foreign keys do not contain references to non-existent records or null-valued primary keys. This type of integrity control allows relationships between different tables to work properly and communicate properly with each other.

×：Semantic Integrity

The semantic integrity mechanism is incorrect because it ensures that the structural and semantic rules of the database are in place. These rules concern data types, boolean values, uniqueness constraints, and operations that may adversely affect the structure of the database.

〇：TOGAF

The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.

×：Department of Defense Architecture Framework (DoDAF)

In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.

×：Capability Maturity Model Integration (CMMI) during software development.

It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.

×：ISO/IEC 42010

Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.

〇：Encryption and decryption are more efficient.

Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. Elliptic curve cryptography (ECC) differs from other asymmetric algorithms because of its efficiency; ECC is efficient because it is computationally less expensive than other asymmetric algorithms. In most cases, the longer the key, the more bloated the computation to secure it, but ECC can provide the same level of protection with a shorter key size than RSA requires.

×：Provides digital signatures, secure key distribution, and encryption.

ECC is wrong because it is not the only asymmetric algorithm that provides digital signatures, secure key distribution, and encryption provided by other asymmetric algorithms such as RSA.

×：Calculated in finite discrete logarithms.

Wrong because Diffie-Hellman and El-Gamal compute with finite discrete logarithms.

×：Uses a large percentage of resources to perform the encryption.

Incorrect because ECC when compared to other asymmetric algorithms uses much less resources. Some devices, such as wireless devices and cell phones, have limited processing power, storage, power, and bandwidth. Resource utilization efficiency is very important for the encryption methods used in this type.

This is a “non-ethics item” question.

A statement is made by the Internet Activities Board (IAB) to those who use the Internet about the correct use of Internet resources.

• Attempting to obtain unauthorized access to Internet resources.
• Disrupting the intended use of the Internet.
• Wasting resources (people, capabilities, and computers) through such activities.
• Destroying the integrity of computer-based information.
• Violating the privacy of users.

There are many different types of distributed denial of service (DDoS) attacks; there is no IPSec flood; UDP flood, SYN flood, and MAC flood are all distributed denial of service (DDoS) attacks.

〇：Representatives from each department meet and undergo validation.

Structured walk-through testing allows functional personnel to review the plan as it is fulfilled to ensure its accuracy and validity.

×：Ensures that some systems will run at alternate sites.

This is incorrect because it describes parallel testing.

×：Send a copy of the disaster recovery plan to all departments to verify its completeness.

This is incorrect because it describes a checklist test.

×：Take down the normal operation system.

This is incorrect because it describes a full interruption test.

〇：Diameter

Diameter is an authentication, authorization, and audit (AAA) protocol that not only provides the same kind of functionality as RADIUS and TACACS, but also offers more flexibility and capabilities to meet the emerging demands of today’s complex and diverse networks. Once all remote communication is done via Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) connections, users can authenticate themselves via Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) to authenticated. The technology has become much more complex and there are multiple devices and protocols to choose from over the ever increasing Diameter protocol, Mobile IP, PPP, Voice over IP (VoIP), and other over Ethernet, wireless devices, smart phones, and other devices can authenticate themselves to the network using roaming protocols.

×：Watchdog

Watchdog timers are wrong because such processes are generally used to detect software failures such as abnormal termination or hangs. The watchdog function sends out “heartbeat” packets to determine if the service is responding. If not, the process can be terminated or reset. These packets help prevent software deadlocks, infinite loops, and process prioritization problems. This feature can be used in the AAA protocol to determine if a packet needs to be retransmitted and if a problem occurs and the connection should be closed and reopened, but it is not in the access control protocol itself.

×：RADIUS

Remote Authentication Dial-In User Service (RADIUS) is wrong because it is a network protocol and provides client/server authentication, authorization, and auditing for remote users.

×：TACACS

Terminal Access Controller Access Control System Plus (TACACS ) is incorrect because it provides essentially the same functionality as RADIUS.

〇：Only during code development.

Maintenance hoc refers to functions and tools that are temporarily used by the developer for testing purposes. In fact, in system development, tools are provided to assist in confirming that individual functions are working properly. However, if maintenance hocks are left in the production environment, they may be used by attackers and must be removed.

×：Maintenance hooks should not be used.

The use of maintenance hooks can make the work more efficient.

×：When you want to make the software available to administrators in a simplified manner.

In some cases, attackers can exploit tools that were supposed to be available only to administrators.

×：When you want users to be able to use the software in a simplified manner.

After the actual release of the software, maintenance hooks are not made available to users.

The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.

〇：A Comprehensive Executive Summary

No matter how technically comprehensive a report to management may be, it is not always desirable to be too informative; IT security professionals must understand that the risk to the enterprise from a data breach is only one of many concerns that senior management must understand and prioritize. C-level executives must be attentive to many risks and may have difficulty properly categorizing the often unfamiliar, highly technical threats. In short, the IT security professional’s primary job is to summarize the risks in as short a time as possible in a way that suits the management.

×：List of Threats, Vulnerabilities, and Likelihood of Occurrence

This is incorrect because it is not the most important element to report to management. Such a list is essential to a comprehensive security report, but providing it to senior management is unlikely to result in effective action without a skillful executive summary.

×：A comprehensive list of the probability and impact of expected adverse events

This is incorrect because it is not the most important element of the report to management. Such lists are important in technical reports, but summaries are critical to achieving risk mitigation goals.

×：A comprehensive list of threats, vulnerabilities, and likelihood of occurrence, a comprehensive list of the probability and impact of expected adverse events, and a written summary thereof to meet technical comprehensiveness

incorrect because it describes the most common and significant obstacles to reporting to management.

〇：Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.

This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.

In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.

There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.

×：If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.

If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.

×：Restrict processes to interact only with the memory segments allocated to them.

The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.

×：Swap contents from RAM to hard drive as needed.

This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.

〇：Time-Based Synchronous Dynamic Token

A synchronous token device synchronizes with the authentication service using time or a counter as a core part of the authentication process. When synchronization is time-based, the token device and authentication service must maintain the same time within their internal clocks. The time values of the token device and private key are used to generate a one-time password that is displayed to the user. The user then passes this value and user ID to the server running the authentication service and enters this value and user ID into the computer. The authentication service decrypts this value and compares it to the expected value. If both match, the user is authenticated and allowed to use the computer and resources.

×：Counter-Based Synchronous Dynamic Token

If the token device and authentication service use counter synchronization, it is incorrect because it is not based on time. When using a counter-synchronized token device, the user must initiate the creation of a one-time password by pressing a button on the token device. This causes the token device and authentication service to proceed to the next authentication value. This value, the base secret, is hashed and displayed to the user. The user enters this resulting value along with the user ID to be authenticated. For either time or counter-based synchronization, the token device and authentication service must share the same secret base key used for encryption and decryption.

×：Asynchronous Tokens

Asynchronous token generation methods are incorrect because they use a challenge/response method for the token device to authenticate the user. Instead of using synchronization, this technique does not use separate steps in the authentication process.

×：Mandatory Tokens

Wrong because there is no such thing as a mandatory token. This is an incorrect answer.

〇：The expiration date should be set short.

Key management is critical for proper protection. Part of key management is to determine the key’s period of validity, which would be determined by the sensitivity of the data being protected. For sensitive data, periodic key changes are required and the key’s expiration date will be shortened. On the other hand, for less secure data, a key with a longer expiration date is not a problem.

×：Keys should be deposited in case of backup or emergency.

This is incorrect because it is true that keys must be deposited in the event of a backup or emergency situation. Keys are at risk of being lost, destroyed or damaged. Backup copies must be available and readily accessible when needed.

×：Keys must not be made public.

Of course. It is a key.

×：Keys should be stored and transmitted by secure means.

Wrong, since it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. If keys are distributed to users, they must be stored in a secure location in the file system and used in a controlled manner.

〇：XACML

XACML allows two or more companies to have a trust model set up to share identity, authentication, and authorization methods. This means that when you authenticate against your own software, you can pass the authentication parameters to your partner. This allows them to interact with their partner’s software without having to authenticate more than once. This is done via XACML (Extensible Access Control Markup Language), which allows multiple organizations to share application security policies based on a trust model XACML is a markup language and processing model implemented in XML XACML is a markup language and processing model implemented in XML. It declares access control policies and describes how to interpret access control policies.

×：XML (Extensible Markup Language)

XML (Extensible Markup Language) is incorrect because it is a way to electronically code documents and represent data structures such as web services. XML is not used to share security information. XML is an open standard that is more robust than traditional HTML. In addition to serving as a markup language, XML also serves as the foundation for other industry-specific XML standards. With XML, companies can communicate with each other while using a markup language that meets their specific needs.

×：SPML

Service Provisioning Markup Language (SPML) is incorrect because it is used by companies to exchange user, resource, and service provisioning information rather than application security information. SPML is an XML-based framework developed by OASIS that allows enterprise platforms, such as web portals and application servers, to provision requests to multiple companies for the purpose of securely and quickly setting up web services and applications. It is intended to enable the generation of.

×：GML

Incorrect because GML (Generalized Markup Language) is a method created by IBM for document formatting. It describes a document in terms of parts (chapters, paragraphs, lists, etc.) and their relationships (heading levels). GML was the predecessor of SGML (Standard Generalized Markup Language) and HTML (Hypertext Markup Language).

〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

〇：Identity Theft

Identity theft is a situation in which a person obtains important personal information, such as driver’s license numbers, bank account numbers, identification cards, or social security numbers, and uses that information to impersonate another person. Typically, identity thieves use personal information to obtain credit, goods, or services in the victim’s name. This can have consequences such as destroying the victim’s credit rating, creating a false criminal record, and issuing an arrest warrant to the wrong individual. Identity theft can be categorized in two ways: true name and account takeover. True name identity theft means that the thief uses your personal information to open a new account. The thief might open a new credit card account, establish cell phone service like Sam’s, or open a new checking account to obtain blank checks.

×：Phishing Scams

Incorrect because it is a type of social engineering attack intended to obtain personal information, letters of credit, credit card numbers, and financial data. Attackers use a variety of methods to entice users to divulge sensitive data. While the goal of phishing scams is to get victims to hand over their personal information, the goal of identity theft is to use that personal information for personal or financial gain. Attackers can use phishing attacks as a means of committing identity theft.

Since the specific technique is not described in the question text, it cannot be said to be a phishing scam.

×：Pharming

Incorrect, as this is a technical attack in which the victim is deceived into submitting personal information to the attacker via an unauthorized website.The victim types a web address such as “www.nicebank.com” into their browser. The victim’s system sends a request to the victimized DNS server that directs the victim to a website under the attacker’s control. The site looks like the requested Web site, and the user enters his or her personal information. The personal information can be used by the attacker for identity theft.

We cannot say that this is pharming because the specific technique is not described in the question text.

×：Account takeover

Account takeover identity theft is incorrect because it means using personal information to access a person’s existing account rather than opening a new account. Typically, the mailing address on the account is changed and a huge bill is filed before the person whose account was stolen is aware of the problem. The Internet has made it easier for identity thieves to use stolen information because they can conduct transactions without personal interaction.

〇：SOAP allows Remote Procedure Calls to be used to exchange information between applications over the Internet.

To allow applications to exchange information over the Internet, the Simple Object Access Protocol (SOAP) was created to be used instead of Remote Procedure Call (RPC). SOAP is an XML-based protocol that encodes messages in a Web service setting. It allows programs running on different operating systems to communicate using Web-based communication methods.

×：SOAP is designed to overcome compatibility and security issues associated with remote procedure calls.

Attempting to allow communication between objects of different applications over the Internet is incorrect because SOAP was created to overcome the compatibility and security issues introduced by RPC. SOAP is designed to work with multiple operating system platforms, browsers, and servers.

×：SOAP and remote procedure calls were created to enable application layer communication.

This is incorrect because both SOAP and RPC were created to enable application layer communication. SOAP is an XML-based protocol that encodes messages in a Web service setting. Therefore, if a Windows client needs to access a Windows server that provides a particular web service, programs on both systems can communicate using SOAP without running into interoperability problems.

×：HTTP is not designed to work with remote procedure calls, but SOAP is designed to work with HTTP.

HTTP is not designed to work with RPC, but SOAP is designed to work with HTTP. SOAP actually defines the structure of the XML schema or communication mechanism. The SOAP XML schema defines how objects communicate directly with each other. One of the advantages of SOAP is that program calls most likely get through firewalls, since HTTP communication is generally allowed. This ensures that the client/server model is not broken by getting denied by firewalls during the communication entity.

〇：Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is an access control that enforces access privileges by pre-classifying resources into levels. There are several types of access rights to data files. There are several types of access rights to data files: the user of the data file, the owner who creates the data file, and the administrator who decides which owner can create the data. SELinux, TOMOYO Linux, Trusted BSD, and Trusted Solaris are methods used by MACs.

×：Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is an access control method that allows the owner of an access target to change access privileges.

×：Role Access Control (RAC)

There is no such term. A close equivalent is role-based access control, which divides accounts by role and applies access control to those roles.

×：Voluntary Access Control (VAC)

There is no such term.

〇：Provisioning accounts, modifying accounts, auditing account usage, and deactivating accounts.

All phases of the authenticated access lifecycle should be considered. Access should not be granted without proper instructions, nor should access be granted or denied without expected authorization. Suspension of access must also be auditable.

×：Provisioning or adding accounts, changing accounts, and suspending accounts.

Incorrect because it does not include auditing of account usage.

×：Adding an account, deleting an account, or deleting a user’s data.

Incorrect because deletion of user data may conflict with data retention requirements.

×：Verifying account passwords, checking account usage, and deleting accounts.

Incorrect because it is merely an authentication step and not related to account management.

〇：Striping

RAID redundant arrays is a technology used for redundancy and performance. It combines multiple physical disks and aggregates them into a logical array; RAID appears as a single drive to applications and other devices. With striping, data is written to all drives. With this activity, data is split and written to multiple drives. Since multiple heads are reading and writing data at the same time, write and read performance is greatly improved.

×：Parity

Parity is used to reconstruct corrupted data.

×：Mirroring

Writing data to two drives at once is called mirroring.

×：Hot Swap

Hot swap refers to a type of disk found on most RAID systems. A RAID system with hot-swap disks allows the drives to be swapped out while the system is running. When a drive is swapped out or added, parity data is used to rebuild the data on the new disk that was just added.

〇：Verifying Data Availability

The responsibility for verifying data availability is the sole responsibility that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) controller. The data controller is also responsible for maintaining and protecting the data in accordance with the data owner’s instructions. This includes performing regular backups of data, restoring data from backup media, maintaining records of activities, and enforcing information security and data protection requirements in company policies, guidelines, and standards. Data owners work at a higher level than data managers. The data owner basically says, “This is the level of integrity, availability, and confidentiality you need to provide. Please do it now”. The data administrator is executing these permissions and following up on the installed controls to ensure they are working properly.

×：Assigning Information Classification

Incorrect as you are asking if Jim is not responsible for the assignment of information classifications because as the data owner, Jim is responsible for the assignment of information classifications.

×：Determining how to protect data

Incorrect because the data owner, such as Jim, is responsible for determining how the information is protected. The data owner has organizational responsibility for data protection and is liable for any negligence with respect to protecting the organization’s information assets. This means that Jim needs to decide how to protect the information and ensure that the data controller (a role usually occupied by IT or security) is implementing these decisions.

×：Determining how long to retain data

This is incorrect because the decision of how long to retain data is the responsibility of the data owner. The data owner is also responsible for determining who can access the information and ensuring that the appropriate access rights are used. He may approve access requests himself or delegate that function to the business unit manager. The business unit manager approves the request based on the user access criteria defined by the data owner.

Injection attacks are cracking attacks in which special strings are embedded in user forms and submitted to malfunction the receiving user’s information processing. Sufficiently strong input validation and data type restrictions on input fields, input length limits, and modifications are to do it. Only allow users to enter appropriate data into fields. Limit the number of characters a user can use, and possibly restrict by character type, allowing only letters in names, numbers in phone numbers, and displaying country and state drop-downs.

Freeware is free software and can be used for free. Shareware is fully functional proprietary software that is initially free to use. Often a trial to test the software requires a fee to continue using it after 30 days. Thus, the correct answer is, “Freeware is free in perpetuity, while shareware is free for a set period of time.” will be.

〇：Dynamic Testing

Dynamic testing is testing that is performed by actually running the developed program. Compared to static testing, it is a practical test in which the program is actually run and checked. Therefore, the correct answer is “dynamic testing.

×：Static Testing

Static testing is testing that is performed without running the developed program.

×：White box testing

White box testing is a test to confirm the operation of a program after understanding the contents of the program.

×：Black box testing

Black box testing is testing to confirm that the program does not behave unexpectedly without understanding the contents of the program.

Compromise is when what used to be secure encryption becomes insecure due to the evolution of computers. Cryptography is based on the sharing of a single answer, a key, among those communicating. The key is generated by computer calculations, and a third party must solve a difficult problem that would take several years to derive. However, as the computational power of computers has evolved, it is now possible to solve difficult problems that could not be solved before. In this case, encryption is meaningless. This is the compromise caused by evolution. Therefore, the correct answer is “Compromise.

Disposable passwords and one-time pads are passwords but generated from something you own, not something you know. In other words, possession.

〇：Completing the Business Impact Analysis

Of the steps listed in this question, completing the Business Impact Analysis is the highest priority. The BIA is essential in determining the most critical business functions and identifying the threats associated with them. Qualitative and quantitative data must be collected, analyzed, interpreted, and presented to management.

×：Test and Drill Plan

Test and drill is wrong because it is part of the last step in disaster recovery and contingency planning. Because the environment is constantly changing, it is important to test your business continuity plan on a regular basis. Testing and disaster recovery drills and exercises should be performed at least once a year. The exercises should be done in sections or at specific times that require logistical planning, as most firms cannot afford these exercises to disrupt production or productivity.

×：Determining alternatives for off-site backup facilities

This is incorrect because it is part of the contingency strategy that is done in the middle of the disaster recovery and contingency planning process. In the event of a major disaster, an alternate off-site backup capability is required. Typically, contracts are established with third-party vendors to provide such services. The client pays a monthly fee to retain the right to use the facility when needed and then pays an activation fee when they need to use that facility.

×：Organize and prepare related documentation

This is incorrect because the relevant documentation is organized and created around the time the disaster recovery and contingency planning process is completed. Procedures should be documented. This is because time-consuming schedules are confusing when they are actually needed. Documentation should include information on how to install images, configure the operating system and server, and install utilities and proprietary software. Other documentation should include call trees and contact information for specific vendors, emergency agencies, off-site facilities, etc.

〇：Risk Mitigation

Risk can be addressed in four basic ways: transfer, avoidance, mitigation, and acceptance. Sue reduces the risk posed by her e-mail system by implementing security controls such as antivirus and anti-spam software. This is also referred to as risk mitigation, where risk is reduced to a level considered acceptable. Risk can be mitigated by improving procedures, changing the environment, erecting barriers to threats, and implementing early detection techniques to stop threats when they occur and reduce damage.

×：Risk Acceptance

This is inappropriate because risk acceptance does not involve spending on protection or countermeasures such as anti-virus software. When accepting a risk, one should be aware of the level of risk faced and the potential damage costs and decide to keep it without implementing countermeasures. If the cost/benefit ratio indicates that the cost of countermeasures exceeds the potential losses, many companies will accept the risk.

×：Risk Avoidance

Wrong because it would mean discontinuing the activity that is causing the risk. In this case, Sue’s firm decides to continue using e-mail. A company may choose to terminate an activity that introduces risk if the risk outweighs the business needs of the activity. For example, a company may choose to block social media websites in some departments because of the risk to employee productivity.

×：Risk Transfer

This is incorrect because it involves sharing risk with other entities, as in the purchase of insurance to transfer some of the risk to the insurance company. Many types of insurance are available to firms to protect their assets. If a company determines that its total or excess risk is too high to gamble, it can purchase insurance.

〇：How routers are centrally managed and control packets based on the controller’s instructions 

Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.

×：Mapping between MAC and IP addresses.

ARP table.

×：Updating the routing table in a dynamic way.

Explanation of dynamic routing.

×：A method in which routers communicate with each other to update the routing table when an event occurs.

This is an explanation of routing control in case of communication failure.

〇：The attacker knows nothing about the organization other than the information that is publicly available.

In black box testing (zero-knowledge), the attacker has no knowledge about the organization other than the publicly available information. The focus is on what the external attacker does. Therefore, the correct answer is “knows nothing about the organization other than the information that is publicly available.” The result will be

×：I know everything.

White box testing is testing to verify the operation of a program, which is done after knowing what is in the program.

×：I keep the product manual and retain privileged access.

A gray box test is a test that is performed by a pen tester to some extent, with the attacker having only limited knowledge of the program.

This is a white box test or gray box test.

×：The vendor retains an accessible level of information.

In a black box test, the attacker has no information in principle.

〇：The format of the audit log is unknown and is not available to the intruder in the first place.

Audit tools are technical controls that track activity within a network, on a network device, or on a specific computer. Auditing is not activity that denies an entity access to a network or computer, but it tracks activity so that the security administrator can understand the type of access made, identify security violations, or alert the administrator of suspicious activity. This information points out weaknesses in other technical controls and helps the administrator understand where changes need to be made to maintain the required level of security within the environment. Intruders can also use this information to exploit these weaknesses. Therefore, audit logs should be protected by controls on privileges, permissions, and integrity, such as hashing algorithms. However, the format of system logs is generally standardized for all similar systems. Hiding the log format is not a normal measure and is not a reason to protect audit log files.

×：If not properly protected, audit logs may not be admissible during prosecution.

This is incorrect because great care must be taken to protect audit logs in order for them to be admissible in court. Audit trails can be used to provide alerts about suspicious activity that can be investigated later. In addition, it is useful in determining exactly how far away the attack took place and the extent of any damage that may have occurred. It is important to ensure that a proper chain of custody is maintained so that all data collected can be properly and accurately represented in case it needs to be used in later events such as criminal proceedings or investigations.

×：Because audit logs contain sensitive data, only a specific subset of users should have access to them.

This is incorrect because only administrators and security personnel need to be able to view, modify, and delete audit trail information. Others cannot see this data and can rarely change or delete it. The use of digital signatures, message digest tools, and strong access controls can help ensure the integrity of the data. Its confidentiality can be protected with encryption and access control as needed, and it can be stored on write-once media to prevent data loss or tampering. Unauthorized access attempts to audit logs should be captured and reported.

×：Intruders may attempt to scrub logs to hide their activities.

If an intruder breaks into your home, do your best to leave no fingerprints or clues that can be used to link them to criminal activity. The same is true for computer fraud and illegal activity. Attackers often delete audit logs that hold this identifying information. In the text, deleting is described as scrubbing. Deleting this information may alert administrators to an alert or perceived security breach and prevent valuable data from being destroyed. Therefore, audit logs should be protected by strict access controls.

Within the U.S. military complex and national security apparatus, the most common names for data classification become unclassified and classified. “Classified” information includes classified, critical secret, and top secret (Top Secret). Classified data is data that, if improperly disclosed, could harm national security. Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security. Finally, Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security.

〇：Socket

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are transport protocols used by applications to retrieve data over a network. Both use ports to communicate with the upper OSI layer and keep track of the various conversations that occur simultaneously. Ports are also the mechanism used to identify how other computers access services. When a TCP or UDP message is formed, the source and destination ports are included in the header information along with the source and destination IP addresses. This IP address and port number is called a socket; the IP address serves as the gateway to the computer and the port serves as the gateway to the actual protocol or service.

×：IP address

This is incorrect because the IP address does not tell the packet how to communicate with the service or protocol. The purpose of an IP address is to identify and address the location of a host or network interface. Each node in a network has a unique IP address. This information, along with the source and destination ports, make up a socket. The IP address tells the packet where to go, and the port indicates how to communicate with the appropriate service or protocol.

×：Port

The port is incorrect because it tells the packet only how to communicate with the appropriate service or protocol. It does not tell the packet where it should go. The IP address provides this information. Ports are communication endpoints used by IP protocols such as TCP and UDP. Ports are identified by a number.

×：Frame

Frame is incorrect because the term is used to refer to a datagram after the header and trailer have been given to the data link layer.

Stored data is data that is stored on a disk or other media. Transmitted data is data flowing over a network. Used data is data that is in memory, cache, etc. and in use. Just because it is being transported by truck does not make it data that is being transferred. Therefore, “stored data” is the correct answer.

HIPAA covered entities and the organizations and individuals who assist them in their business are treated in the same manner as HIPAA covered entities. Health care providers, health information clearinghouses, and health insurance plans are covered entities. Developers of health apps are responsible as programmers rather than holders or plan holders of bodily information. They may not be covered by HITECH, which focuses on how body information is managed. Therefore, the correct answer is “health app developer”.

It is not necessary to know the detailed HITECH requirements. You can classify them based on whether or not you are dealing with information and answer the questions by process of elimination.

Student numbers, which are left to the control of each school, cannot be considered privacy information because they are not sufficient information to identify an individual.

〇：That the identity of the public official has been properly verified.

FIPS 201-2 establishes U.S. government standards for personal identity verification (PIV) and gives various requirements for assurance. Access to restricted information by government employees and contracting agents depends on their level of clearance and need to know it, but first the government must assure the individual that they are who they say they are.

×：That government employees are properly cleared for the work to which they are assigned.

Government employees must be properly cleared for the information to which they have been granted access, and therefore true identification must be available for review and verification prior to such access.

×：Government employees are only allowed access to data at their clearance level.

This is wrong because government employees only need to get acquainted and have access to the information they need to access. But again, this must be based on a clear level of assurance that the clearance they possess is valid.

×：That the data to which public officials have access is properly classified.

This is incorrect because the classification of data is not directly related to the validation of personal information.

〇：Central Control Systems

The most common types of industrial control systems (ICS) are distributed control systems (DCS), programmable logic controllers (PLC), and supervisory control and data acquisition (SCADA) systems. Although these systems provide a type of central control function, central control systems are not considered a common type of ICS because these systems are inherently distributed. DCSs are used to control product systems for industries such as water, electricity, and refineries. A DCS connects controllers that are distributed across geographic locations using a centralized supervisory control loop. This supervisory controller requests status data from field controllers and feeds this information back to a central interface for monitoring. Status data retrieved from sensors can be used in failover situations. The DCS can provide redundant protection in a modular fashion. This reduces the impact of a single failure. In other words, if a part of the system goes down, the entire system does not go down.

×：Programmable Logic Controllers

A programmable logic controller (PLC) is a common industrial control system (ICS) used to connect sensors throughout a utility network and convert this sensor signal data into digital data that can be processed by software monitoring and management. Originally created to perform simplified logic functions within basic hardware, PLCs have evolved into powerful controllers used in both SCADA and DCS systems. In SCADA systems, PLCs are most commonly used to communicate with remote field devices, while in DCS systems they are used as local controllers in supervisory control schemes. PLCs provide an application programming interface that allows communication with engineering control software applications.

×：Supervisory Control and Data Acquisition

Supervisory Control and Data Acquisition (SCADA) is used to refer to computerized systems used to collect and process data and apply operational control to components that make up a utility-based environment. This is a common type of ICS. SCADA control centers allow centralized monitoring and control of field sites (e.g., power grid, water supply systems). Field sites have remote station control devices (field devices) that provide data to the central control center. Based on the data sent from the field device, an automated process or operator can control the remote device to solve a problem or send commands to change the configuration for operational needs. This is a difficult environment to work within because the hardware and software is usually proprietary to a particular industry. It is privately owned and operated. Communication can be via telecommunication links, satellites, and microwave-based systems.

×：Distributed Control Systems

This is incorrect because Distributed Control Systems (DCS) are a common type of ICS. In a DCS, control elements are not centralized. The control elements are distributed throughout the system and managed by one or more computers. SCADA systems, DCSs, and PLCs are used in industrial sectors such as water, oil and gas, electrical, and transportation. These systems are considered “critical infrastructure” and are highly interconnected and dependent systems. Until now, these critical infrastructure environments have not used the same types of technologies and protocols as the Internet, making them very difficult to attack in isolation. Over time, these proprietary environments were converted to IP-based environments using IP-based workstations connected to networking devices. While this transition allows for centralized management and control, it also creates a type of cyber attack that is always vulnerable to the computer industry.

Scoping determines which parts of a standard will be deployed to the organization. It selects the standards that apply to the request or industry and determines which are within the organizational scope and which are outside of it.

〇：All failed access attempts should be logged and reviewed.

The physical access control system may use software and auditing capabilities to generate an audit trail or access log associated with access attempts. The date and time of the entry point when access was attempted, the user ID used when access was attempted, and any failed access attempts, among others, should be recorded.

×：Failed access attempts are recorded and only security personnel are entitled to review them.

Unless someone actually reviews them, the access logs are as useless as the audit logs generated by the computer. Security guards should review these logs, but security professionals and facility managers should review these logs on a regular basis. The administrator must know the existence and location of entry points into the facility.

×：Only successful access attempts should be logged and reviewed.

Wrong, as unsuccessful access attempts should be logged and reviewed. Audit should be able to alert you to suspicious activity even though you are denying an entity access to a network, computer, or location.

×：Failed access attempts outside of business hours should be logged and reviewed.

Incorrect, as all unauthorized access attempts should be logged and reviewed regardless. Unauthorized access can occur at any time.

〇：Data Protection Directive

In many cases, the European Union (EU) takes personal privacy more seriously than most other countries in the world and therefore adheres to strict laws regarding data considered personal information based on the European Union Principles for the Protection of Personal Data. This set of principles addresses the use and communication of information that is considered private in nature. These principles and how to comply with them are contained in the EU Data Protection Directive. All European states must comply with these principles, and all companies doing business with EU companies must follow this directive if their business involves the exchange of privacy-type data.

×：Organization for Economic Cooperation and Development (OECD)

Image B is incorrect because the Organization for Economic Cooperation and Development (OECD) is an international organization that brings together different governments to help address the economic, social, and governance challenges of a globalized economy. For this reason, the OECD has developed national guidelines to ensure that data is properly protected and that everyone adheres to the same kinds of rules.

×：Federal Private Sector Bill

The Federal Private Bill is incorrect. There is no official bill by this name.

×：Privacy Protection Act

The Privacy Protection Act is the wrong answer. There is no official legislation by this name.

〇：Known Plaintext Attacks

A known-plaintext attack is a situation in which a decryptor can obtain plaintext indiscriminately. A ciphertext-alone attack is a situation where a decryptor can acquire ciphertext indiscriminately. A known-plaintext attack acquires the plaintext but does not know what ciphertext it is paired with, meaning that decryption is attempted with only two random ciphertexts. In this situation, it is difficult to decrypt. Therefore, the correct answer is “known-plaintext attack.

×：Selective Plaintext Attack

A choice-plaintext attack is a situation in which the decryptor can freely choose the plaintext to acquire and obtain the ciphertext.

×：Adaptive Choice Plaintext Attack

An adaptive choice-plaintext attack is a situation in which the decryptor can freely choose which plaintext to acquire and acquire the ciphertext, and can repeat the acquisition again after seeing the result.

×：None of the above

It is rare for the answer to be “none of the above” when the choice is “most of the above.

〇：Regular software updates

You are the system administrator. As an administrator, what you should be doing is updating software on a regular basis. Therefore, the correct answer is “regular software updates.

There may be some that you should implement, but choosing the better of the two will also be tested in the actual exam.

×：Sophisticated product selection

In most cases, products that meet the requirements will be selected in accordance with the Request for Proposal (RFP) presented by the customer. Existing system administrators may be involved in some of these discussions, but this is not an appropriate response.

×：Early reporting to your supervisor

In all jobs, reporting to the supervisor is probably an essential part of the job. Here, however, it is more appropriate to focus on your position as a software system administrator.

×：Human resources to monitor the system

A resident system may allow you to deal with problems in a timely manner. However, here, it is more appropriate to focus on the position as a system administrator of the software.

〇：Promptly deactivate the use of employee-only accounts.

Provisioning is the process of adding accounts for use in the system. Conversely, de-provisioning is the removal of an account. An employee’s account should be deactivated at the time the employee leaves the organization. Giving a former employee access to the organization’s resources is an information leak. Therefore, the correct answer is “promptly deactivate the employee’s dedicated account.” will be

×：Retrieve the employee’s loaner computer.

This is not provisioning, but should be done at the time the employee leaves the company.

×：Signing an NDA.

A non-disclosure agreement (NDA, Non-Disclosure Agreement) is an agreement that prohibits the disclosure to others of trade secrets, etc. of the other party learned in the course of business. It is not provisioning.

×：Securing the personal contact information of employees.

A normal company would not attempt to collect such private information upon separation from employment. It is not provisioning.

〇：The client generates a session key and encrypts it with a public key.

Transport Layer Security (TLS) uses public key cryptography to provide data encryption, server authentication, message integrity, and optionally client authentication. When a client accesses a cryptographically protected page, the web server initiates TLS and begins the process of securing subsequent communications. The server performs a three-handshake to establish a secure session. After that, client authentication with a digital certificate, as the case may be, comes in. The client then generates a session key, encrypts it with the server’s public key, and shares it. This session key is used as the symmetric key for encrypting the data to be transmitted thereafter. Thus, the correct answer is: “The client generates a session key and encrypts it with the public key.” will be

×：The server generates the session key and encrypts it with the public key.

The server does not encrypt with the public key.

×：The server generates a session key and encrypts it with the private key.

Even if encryption is performed from the server side, it can be decrypted with the public key, so it is not structurally possible.

×：The client generates a session key and encrypts it with its private key.

The client side does not have the private key.

〇：SMTP lacks proper authentication mechanisms.

Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.

×：The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.

If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.

×：Technically abolished by keyword filtering.

Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.

×：The blacklist function is not technically reliable.

If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

〇：The most common method used is to change the most significant bit.

Steganography is a method of hiding data in other media types. One of the most common ways to embed messages in some types of media is using the least significant bit (LSB). This is because many types of files are modified and this is where sensitive data can be made visible and hidden without modifying the file. the LSB approach has been successful in hiding information within the graphics of high-resolution or sound-heavy audio files (high bit rate).

×：Hiding by abstraction.

Steganography is incorrect because it is concealment by abstraction. Security by obscurity means that someone uses secrecy as a way to protect an asset, rather than actually using the measure to secure something.

×：Just as encryption does, steganography is not a front for the existence of the sensitive data itself.

It is true that steganography does not draw attention to itself as does encryption. In other words, it is concealment by abstraction.

×：Media files are ideal for steganographic transmissions that are large in size.

This is incorrect because it is true that larger media files are ideal for steganographic transmissions because everyone needs to privately use multiple bits to manipulate with low likelihood of noticing.

〇：Approval of the attack to the target organization

Permission must be obtained from the target organization for the attack during the planning phase. Even though it is a test, it takes an action that is similar to an attack. During the implementation, the target system cannot be updated, so approval must be obtained. We also need to understand the system to be penetrated in great detail, so that the information itself is not leaked to the outside world. Also, a successful intrusion will indicate that the system has been compromised. It is necessary to make an arrangement such as not waiting until a report is generated to inform the company of the situation. Therefore, the correct answer is “Approval of attack on the target organization.

×：Share the target organization’s design documents.

This is done as necessary. Although there are various design documents, detailed design documents such as detailed design documents and program design documents are generally not presented, but only the usage of the service and basic server configuration are generally shared.

×：Confirmation of OS version

As a rule, this is not done. Penetration testing is generally conducted from the investigation of the attack. In particular, there are few cases where the OS version is informed to the penetration tester.

×：Deployment of the attack tools to be used

It is not uncommon for attack tools to be deployed from the organization that possesses the system that is the target of the penetration. This in itself is an act of limiting the attack methods, as it does not constitute a realistic test.

RPO (Recovery Point Objective) is the target value for recovering data at a point in the past when a failure occurs. When a failure occurs, the data currently handled is lost. The lost data must be recovered from backups, but it is important to know how far in the past the backups are from the current point in time.

RTO (Recovery Time Objective) is a target value that defines when the data should be recovered in the event of a failure. In the event of a failure, the service must not be unavailable indefinitely. Failure response procedures and disaster drills must be implemented to establish a target value for the time from the occurrence of a failure to the startup of service.