〇：Password synchronization between different systems

Password synchronization is designed to reduce the complexity of maintaining different passwords for different systems. Password synchronization technology allows a single password to be maintained across multiple systems by transparently synchronizing passwords to other systems in real time. This reduces help desk call volume. However, one of the disadvantages of this approach is that only one password is used to access different resources. This means that a hacker only needs to figure out one set of credentials to gain unauthorized access to all resources. Therefore, the correct answer is “password synchronization between different systems”.

×：Password reset by administrator query

This does not reduce the amount of help desk support because the end user must contact the administrator.

×：End-user manual password reset by self-service

This is the so-called “self-service” password reset, in which end users change their passwords themselves from their profile pages.

This is the most practical way to reduce the amount of helpdesk support, but it does not meet the requirement of easy access to multiple resources in case of a password compromise.

×：Password reset by inquiry

This does not reduce the amount of helpdesk support because it requires the end user to contact the administrator. An inquiry is an inquiry whether or not an administrator is attached.

〇：System logs that operate and are acquired on a daily basis

It is necessary to show that the logs are different from common usage in order to determine whether the access is unauthorized or not. Also, it is less reliable as legal evidence regarding logs that are not routinely obtained.

×：System logs from sophisticated products that comply with international standards

Market sophistication is not a requirement for legal evidence. Conversely, it is unlikely that software developed in-house cannot be used for legal archives.

×：System logs printed and stored as physical media

Whether or not logs are printed is not necessarily a legal requirement. Since the records are printed out as software, they are not purely physical evidence.

×：System logs close to the infrastructure recorded at the OS layer

Logs close to the OS layer have greater systemic traceability, but they are also less relevant to user operations and are not suitable as evidence of unauthorized access.

Diameter is an authentication protocol that implements the AAA (Authentication, Authorization, Accounting) service, the successor to RADIUS. This can cause performance degradation and data loss. This can lead to performance degradation and data loss.

RPO (Recovery Point Objective) is the target value for recovering data at a point in the past when a failure occurs. When a failure occurs, the data currently handled is lost. The lost data must be recovered from backups, but it is important to know how far in the past the backups are from the current point in time.

RTO (Recovery Time Objective) is a target value that defines when the data should be recovered in the event of a failure. In the event of a failure, the service must not be unavailable indefinitely. Failure response procedures and disaster drills must be implemented to establish a target value for the time from the occurrence of a failure to the startup of service.

〇：To create an overview of business functions and systems

Outlining business functions and systems is not a reason to create and execute a disaster recovery plan. While these tasks are likely to be accomplished as a result of the disaster recovery plan, they are not a valid reason to implement the plan compared to other answers to the question. Usually occurring during the planning process, simply outlining business functions and systems is not enough to develop and implement a disaster recovery plan.

×：To create post-disaster recovery procedures

It is not correct to develop and implement a disaster recovery plan because providing post-disaster recovery procedures is a good reason to do so. In fact, this is exactly what a disaster recovery plan provides. The goal of disaster recovery is to take the necessary steps to minimize the impact of a disaster and ensure that resources, personnel, and business processes can resume operations in a timely manner. The goal of a disaster recovery plan is to handle the disaster and its consequences in the immediate aftermath.

×：To back up data and create backup operating procedures

Inappropriate, because not only backing up data but also extending backup operations is a good way to develop and implement a disaster recovery plan. When considering a disaster recovery plan, some companies focus primarily on backing up data and providing redundant hardware. While these items are very important, they are only a small part of a company’s overall operations. Hardware and computers need people to configure and operate them, and data is usually not useful unless it can be accessed by other systems or outside entities. All of these may require backups as well as data.

×：To establish emergency response procedures

This is incorrect because there are good reasons to establish and implement a disaster recovery plan, and providing emergency response procedures is a valid reason. Disaster recovery plans are implemented when everything is in emergency mode and everyone is scrambling to get all critical systems back online. Carefully written procedures will make this entire process much more effective.

Translated with www.DeepL.com/Translator (free version)

〇：Security Management Committee

Steve serves on the Security Steering Committee, which is responsible for making decisions on tactical and strategic security issues within the company. The committee consists of individuals from across the organization and should meet at least quarterly. In addition to the responsibilities outlined in this question, the Security Steering Committee is responsible for establishing a clearly defined vision statement that supports it in cooperation with the organizational intent of the business. It should provide support for the goals of confidentiality, integrity, and availability as they relate to the business goals of the organization. This vision statement should be supported by a mission statement that provides support and definition to the processes that apply to the organization and enable it to reach its business goals.

Each organization may call it by a different name, or they may be entrusted with a series of definition-to-approval processes for security. In this case, the term “operations” is the closest that comes to mind.

×：Security Policy Committee

This is incorrect because senior management is the committee that develops the security policy. Usually, senior management has this responsibility unless they delegate it to an officer or committee. The security policy determines the role that security plays within the organization. It can be organizational, issue specific, or system specific. The Governing Board does not directly create the policy, but reviews and approves it if acceptable.

×：Audit Committee

Incorrect because it provides independent and open communication between the Board of Directors, management, internal auditors, and external auditors. Its responsibilities include the system of internal controls, the engagement and performance of the independent auditors, and the performance of the internal audit function. The Audit Committee reports its findings to the Governing Board, but does not fail to oversee and approve the security program.

×：Risk Management Committee

Incorrect as it is to understand the risks facing the organization and work with senior management to bring the risks down to acceptable levels. This committee does not oversee the security program. The Security Steering Committee typically reports its findings to the Risk Management Committee on information security. The risk management committee should consider the entire business risk, not just the IT security risk.

〇：To allow the database to execute transactions as a single unit without interruption.

Online transaction processing (OLTP) is used when databases are clustered to provide high fault tolerance and performance. It provides a mechanism to monitor and address problems as they occur. For example, if a process stops functioning, the monitoring function within OLTP will detect and attempt to restart the process. If the process cannot be restarted, the transaction that occurred is rolled back to ensure that no data has been corrupted or that only a portion of the transaction occurred; OLTP records when the transaction occurred (in real time). Usually multiple databases in a distributed environment are updated.

This classification by the extent to which transaction processing is appropriate is very complex. Therefore, database software must implement ACID characteristics. Among them is atomicity, which means that the transaction is either executed entirely or not executed at all. It is the property that a transaction must either be executed completely or not at all.

When a question like this is answered incorrectly, judging that you could not solve it because you did not know OLTP will hinder your future study methods. Although the question text is worded in a complicated way, it is more important to understand what atomicity is in ACID than to memorize the definition of OLTP to solve the actual question.

×：To be able to establish database consistency rules.

It enforces the consistency rules as stated in the database security policy, but does not imply transaction atomicity.

×：To prevent rollbacks from occurring.

Transaction atomicity does not refer to suppressing rollbacks.

×：To prevent concurrent processes from interacting with each other.

This falls under independence, isolation, and segregation. Independence, isolation, and quarantine (isolation) means that the processes are hidden from other operations during processing. It is the property that even if multiple transactions are executed simultaneously, they must not produce the same processing results as if they were executed alone.

〇：Entity integrity

Entity integrity ensures that a tuple is uniquely identified by its primary key value. A tuple is a row in a two-dimensional database. The primary key is the corresponding column value that makes each row unique. For entity integrity, every tuple must contain one primary key. If a tuple does not have a primary key, the tuple will not be referenced by the database.

×：Concurrent Maintainability

Concurrent integrity is not a formal term in database software and is therefore incorrect. There are three main types of integrity services: semantic, reference, and entity. Concurrency is software that is accessed by multiple users or applications simultaneously. Without controls in place, two users can access and modify the same data at the same time.

×：Referential Integrity

Referential integrity is incorrect because it references all foreign keys that refer to an existing primary key. There must be a mechanism to ensure that foreign keys do not contain references to non-existent records or null-valued primary keys. This type of integrity control allows relationships between different tables to work properly and communicate properly with each other.

×：Semantic Integrity

The semantic integrity mechanism is incorrect because it ensures that the structural and semantic rules of the database are in place. These rules concern data types, boolean values, uniqueness constraints, and operations that may adversely affect the structure of the database.

〇：Conforms to the X.509 standard and assigns a namespace to each object accessed in the database by LDAP.

Most companies have directories that contain information about company network resources and users. Most directories use a hierarchical database format based on the X.500 standard (not X.509) and a type of protocol such as LDAP (Lightweight Directory Access Protocol) that allows subjects and applications to interact with the directory The application can then use LDAP to access the directory. Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a particular resource using a similar request. The directory service assigns an Distinguished Name (DN) to each object in the database based on the X.500 standard to be accessed. Each distinguished name represents a set of attributes about a particular object and is stored as an entry in the directory.

×：Namespaces are used to manage objects in the directory.

This is incorrect because objects in a hierarchical database are managed by a directory service. Directory services allow administrators to configure and manage identification, authentication, permissions, and access control for the network. Objects in the directory are labeled and identified by namespace, which is how the directory service keeps objects organized.

×：Enforce security policies by performing access control and identity management functions.

This is incorrect because directory services enforce the security policy set by performing access control and identity management functions. For example, when a user logs into a domain controller in a Windows environment, the directory service (Active Directory) determines which network resources are accessible and which are not.

×：Administrators can configure and manage how identification takes place within the network.

Directory service is incorrect because it allows the administrator to configure and manage identification within the network. It also allows for the configuration and management of authentication, authorization, and access control.

〇：Increased Processing Power

The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.

×：Increased circuitry, cache memory, and multiprogramming

This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.

×：Dual-mode computation

The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.

×：Direct Memory Access I/O

Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.

〇：Security

Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.

The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.

×：Cost

Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.

×：Convergence

Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.

×：Flexibility

Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.

〇：Social Engineering

Social engineering is an attack that invites human error rather than system. It occurs regardless of system architecture and installed software.

×：DDoS Attacks

A DDoS attack is a mass DoS attack against a target website or server from multiple computers.

×：Ransomware

Ransomware is malware that freezes data by encrypting it and demands a ransom from the owner.

×：Zero-day attacks

A zero-day attack is an attack on a vulnerability that was disclosed before it was fixed.

〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

There are many different types of distributed denial of service (DDoS) attacks; there is no IPSec flood; UDP flood, SYN flood, and MAC flood are all distributed denial of service (DDoS) attacks.

〇：Waterfall

Waterfall is very unidirectional and each phase leads directly to the next phase. In a pure waterfall model, there is no way to return to the previous phase.

×：Agile

Agile is the idea that system development should be done flexibly. It is a trial-and-error development method that emphasizes adaptive planning, evolutionary development, early delivery, and continuous improvement. Agile differs from the traditional approach of modeling a process, where principles and claims are shared by the entire team and an attempt is made to adapt to every situation.

×：SASHIMI

The SASHIMI model is a model of the system development process that allows the end and beginning points of each phase to run concurrently. In many cases, a waterfall model is used, where the next phase is moved to the next phase with the submission and review of deliverables. This is also great, but in practice, there are times when the delivery is made but modified due to changing requirements.

×：Spiral

The spiral model is a method of development that iterates from design to testing for each function. It is a method in which a series of processes consisting of planning, analysis, design, implementation, testing, and evaluation are repeated many times within a single project to gradually increase the degree of completion. In a software project, these phases are repeated.

〇：Intercept anti-malware calls to the operating system for file system information.

This is a “no” question. Polymorphic viruses attempt to fool anti-malware scanners. In particular, they use methods to generate operational copies. Even if the anti-malware software detects and disables one or two copies, the other copies remain active in the system.

This problem must be solved by process of elimination. What definitions are polymorphic viruses? If you remember the word list “what is a polymorphic virus,” you may not understand what makes a polymorphic virus unique. The most striking feature of polymorphic viruses is that they repeatedly change entities.

×：Using noise, mutation engines, or random number generators to change the sequence of instructions.

Polymorphic-type viruses may change the sequence of instructions by including noise or false instructions along with other useful instructions. They can also use mutation engines and random number generators to alter the sequence of instructions in the hope that they will not be detected. The original functionality remains intact, but the code is altered, making it nearly impossible to identify all versions of the virus using a fixed signature.

×：Different encryption schemes that require different decryption routines can be used.

Polymorphic-type viruses can use different encryption schemes that require different decryption routines. This requires an anti-malware scan to identify all copies of this type of virus, one for each possible decryption method. Polymorphic virus creators hide the encrypted virus payload and add decryption methods to the code. Once encrypted, the code becomes meaningless, but that does not necessarily mean that the encrypted virus is a polymorphic virus and thus escapes detection.

×：Create multiple and various copies.

Polymorphic viruses generate multiple, varied copies in order to avoid detection by anti-malware software.

A well-known port is a port number from 0 to 1023 that is reserved for standard services. There are three port number combinations. Well-known port numbers (0-1023) are port numbers officially registered with IANA. Registered port numbers (1024-49151) are port numbers that are officially registered with IANA. A dynamic/private port number (49152-65535) is a port number that is not officially registered with IANA.

〇：Restore the virus unpatched file version from the backup media.

The best practice is to install an unpatched, uninfected version of the file from the backup media. It is important to restore files that are known to be clean, as attempts to remove the files may corrupt them. The most important thing is not to spread the impact, but attempting to unilaterally delete files may make them unavailable for later investigation.

×：Replace the file with the file saved the previous day.

The file saved the previous day may also contain the virus.

×：Delete the file and contact the vendor.

This is an incorrect answer because the condition of this question is that if the file is deleted, the normal file content itself may be damaged.

×：Back up the data and delete the file.

This is an incorrect answer because backing up the data that contains the virus and deleting the file does not result in a clean situation.

〇：SIEM

Many organizations have implemented security event management systems, called Security Information and Event Management (SIEM) systems. They attempt to correlate log data collected from various devices (servers, firewalls, routers, etc.) and provide analysis capabilities. They also have solutions with networks (IDS, IPS, anti-malware, proxies, etc.) that collect logs in various proprietary formats that require centralization, standardization, and normalization. Therefore, the correct answer is SIEM.

×：Intrusion Detection System

Intrusion Detection System (IDS, Intrusion Detection System) is a mechanism that monitors the system and leads to passive actions. It does not have the ability to collect and analyze logs.

×：SOAR

SOAR (Security Orchestration, Automation and Response) is a technology that enables efficient monitoring, understanding, decision-making and action on security incidents. It may be fulfilled by SOAR through intrinsic cause analysis, but it is not a solution used for the purpose of identifying if suspicious activity is taking place in the network.

×：Event correlation tools

The term “event correlation tool” does not exist, but may be a feature of a SIEM.

〇：Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.

This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.

In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.

There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.

×：If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.

If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.

×：Restrict processes to interact only with the memory segments allocated to them.

The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.

×：Swap contents from RAM to hard drive as needed.

This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.

Computer worms are standalone malware computer programs that replicate themselves and spread to other computers. They typically operate at OSI reference layers 5-7.

〇：Provisioning accounts, modifying accounts, auditing account usage, and deactivating accounts.

All phases of the authenticated access lifecycle should be considered. Access should not be granted without proper instructions, nor should access be granted or denied without expected authorization. Suspension of access must also be auditable.

×：Provisioning or adding accounts, changing accounts, and suspending accounts.

Incorrect because it does not include auditing of account usage.

×：Adding an account, deleting an account, or deleting a user’s data.

Incorrect because deletion of user data may conflict with data retention requirements.

×：Verifying account passwords, checking account usage, and deleting accounts.

Incorrect because it is merely an authentication step and not related to account management.

〇：Considering an architecture that can handle health information.

Carol is a systems engineer and is expected to explore systemic realities. It is likely that she is deviating from her role to preemptively explain why it cannot be done systemically, to modify approvals other than the system configuration, or to initiate legal work. The correct answer, therefore, is, “Think about an architecture that can handle health information.” The correct answer would be

×：To address the dangers of handling health information in the system.

The basic stance of a system engineer is to obtain feasibility as a system. Although it is necessary to supplement the danger to the proposed idea, appealing the danger should not be the main purpose.

×：Obtaining permission to entrust health information from a medical institution.

A contract should be signed and the legal scope of responsibility should be clarified. This is outside the scope of the system engineer’s scope.

×：To prepare a written consent to use for handling health information.

It is necessary to obtain consent for end users before using the service, and the scope of legal responsibility needs to be clarified. This is outside the scope object of the system engineer’s scope.

〇：Used in structured languages, it decreases development time but is somewhat resource intensive.

Third generation programming languages are easier to deal with than their predecessors. They reduce program development time and allow for simplified and quick debugging. However, these languages are more resource intensive when compared to second generation programming languages.

×：Intuitive manipulation of programming reduces effort, but the amount of manual coding for specific tasks tends to be greater than in previous generations.

The advantages and disadvantages of 4th generation programming are explained below. It is true that the use of heuristics in fourth generation programming languages has greatly reduced programming effort and errors in the code. However, there is something untrue about the fact that the amount of manual coding is more than required of 3rd generation languages.

×：The use of binaries for coding is very time consuming, but the potential for errors is reduced.

This is incorrect because it is a description of a machine language and implies the advantages and disadvantages of a first generation programming language.

×：It contributes to decreasing programming processing time, but knowledge of machine structures is essential.

Incorrect because it describes second generation programming languages. These languages require extensive knowledge of machine architecture and the programs written in them are only for specific hardware.

〇：Data Protection Directive

In many cases, the European Union (EU) takes personal privacy more seriously than most other countries in the world and therefore adheres to strict laws regarding data considered personal information based on the European Union Principles for the Protection of Personal Data. This set of principles addresses the use and communication of information that is considered private in nature. These principles and how to comply with them are contained in the EU Data Protection Directive. All European states must comply with these principles, and all companies doing business with EU companies must follow this directive if their business involves the exchange of privacy-type data.

×：Organization for Economic Cooperation and Development (OECD)

Image B is incorrect because the Organization for Economic Cooperation and Development (OECD) is an international organization that brings together different governments to help address the economic, social, and governance challenges of a globalized economy. For this reason, the OECD has developed national guidelines to ensure that data is properly protected and that everyone adheres to the same kinds of rules.

×：Federal Private Sector Bill

The Federal Private Bill is incorrect. There is no official bill by this name.

×：Privacy Protection Act

The Privacy Protection Act is the wrong answer. There is no official legislation by this name.

〇：Zero Knowledge Proof

Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.

×：Key Clustering

Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.

×：Avoiding Birthday Attacks

An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.

×：Provides data confidentiality

Provided via encryption when data is encrypted with a key, which is incorrect.

〇：Control of the processing and distribution process

An important part of the digital forensic process is to maintain a proper chain of custody of evidence.

The question structure assumes Chain of Custody (Chain of Custody) from “the purpose of securing all evidence and notating it as information to be presented to those who verify it” and selects the one that comes closest to the definition.

×：Reasonable care

Wrong because reasonable care implies performing an activity that a reasonable person would be expected to perform under similar circumstances.

×：Investigation

Incorrect because investigation involves the proper collection of relevant data during the incident response process and includes analysis, interpretation, reaction, and recovery.

×：Motive, Opportunity, Means

Motive, Opportunity, and Means (MOM) is incorrect because it is a strategy used to understand why certain crimes were committed and by whom.

Disk mirroring means writing the same data to multiple hard disks; a RAID (Redundant Array of Independent Disks) controller must write all data twice, requiring at least two disks. Disk striping can also be provided when parity is used, but disk striping alone cannot provide redundancy.

〇：Salt

A rainbow table is a pre-built list of ciphertexts that match plaintext and have hashes that match passwords. The table can contain millions of pairs. Salting is random data used as additional input to a one-way function that “hashes” a password or passphrase. The primary function of a salting is to protect against dictionary or compiled rainbow table attacks.

×：Login Attempt Restrictions

Effective against all unauthorized login methods, but not a direct or effective countermeasure against rainbow tables.

×：Key stretching

Replacing passwords with longer, random strings for encryption purposes.

×：Hashing

Password hashing is a fixed-length cipher (hash) statement for secure password storage.

〇：XACML

XACML allows two or more companies to have a trust model set up to share identity, authentication, and authorization methods. This means that when you authenticate against your own software, you can pass the authentication parameters to your partner. This allows them to interact with their partner’s software without having to authenticate more than once. This is done via XACML (Extensible Access Control Markup Language), which allows multiple organizations to share application security policies based on a trust model XACML is a markup language and processing model implemented in XML XACML is a markup language and processing model implemented in XML. It declares access control policies and describes how to interpret access control policies.

×：XML (Extensible Markup Language)

XML (Extensible Markup Language) is incorrect because it is a way to electronically code documents and represent data structures such as web services. XML is not used to share security information. XML is an open standard that is more robust than traditional HTML. In addition to serving as a markup language, XML also serves as the foundation for other industry-specific XML standards. With XML, companies can communicate with each other while using a markup language that meets their specific needs.

×：SPML

Service Provisioning Markup Language (SPML) is incorrect because it is used by companies to exchange user, resource, and service provisioning information rather than application security information. SPML is an XML-based framework developed by OASIS that allows enterprise platforms, such as web portals and application servers, to provision requests to multiple companies for the purpose of securely and quickly setting up web services and applications. It is intended to enable the generation of.

×：GML

Incorrect because GML (Generalized Markup Language) is a method created by IBM for document formatting. It describes a document in terms of parts (chapters, paragraphs, lists, etc.) and their relationships (heading levels). GML was the predecessor of SGML (Standard Generalized Markup Language) and HTML (Hypertext Markup Language).

〇：All security activities shall be conducted within the security department.

When all security activities are performed within the security department, security functions within a silo and is not integrated throughout the organization. In companies that have a security governance program in place, security responsibilities are pervasive throughout the organization, from senior management down the chain of command. A common scenario is executive management with the executive director of operations responsible for risk management activities for a particular business unit. Additionally, employees are responsible for malicious or accidental security breaches.

×：Officers will be updated quarterly on the company’s security status.

Incorrect. Security governance is providing strategic guidance, ensuring that goals are being met, risks are properly managed, and resources are used responsibly. Organizations with a security governance program have a board of directors that understands the importance of security and is aware of the organization’s security performance and breaches.

×：Deploy security products, services, and consultants in an informed manner.

Security governance is incorrect because it is a cohesive system of integrated security components that includes products, people, training, and processes. Therefore, organizations that have a security governance program in place will assist consultants with security products, management services, and consultants in an informed manner. They are also constantly reviewed to ensure they are cost effective.

×：The organization establishes metrics and goals for improving security.

inaccurate because security governance requires performance measurement and oversight mechanisms. Organizations that have a security governance program in place are continually reviewing their processes, including security, with the goal of continuous improvement. On the other hand, an organization lacking a security governance program may proceed without analyzing its performance, thus repeating the same mistakes.

Circuit switching is a dedicated communication channel through a network. The circuit guarantees full bandwidth. The circuit functions as if the nodes were physically connected by cables.

〇：Business Continuity Processes Integrate Change Management Processes

Unfortunately, business continuity plans can quickly become outdated. An outdated BCP can give a company a false sense of security, which can be fatal if a disaster actually occurs. One of the simplest, most cost-effective, and process-efficient ways to keep your plan current is to incorporate it into your organization’s change management process. Are new applications, equipment, and services documented? Are updates and patches documented? The change management process should be updated to incorporate fields and triggers that alert the BCP team when significant changes occur and provide a means to update recovery documentation. Ensure that the BCP is kept up-to-date, and other measures include maintaining personnel evaluations of the plan and conducting regular training on using the plan, such as making business continuity part of all business decisions.

×：Update hardware, software, and application changes

Wrong because hardware, software, and application changes occur frequently; unless the BCP is part of a change management process, these changes are not included in the BCP. The BCP should be updated when changes to the environment occur. If it is not updated after a change, it is out of date.

×：Infrastructure and Environment Change Updates

Incorrect because infrastructure and environment changes occur frequently. Unless the BCP is part of a change management process, as with software, hardware, and application changes, infrastructure and environment changes are unlikely to result in a transition to the BCP.

×：Personnel changes

Incorrect, as the plan may become obsolete. It is not uncommon for BCPs to be abandoned when the person or persons responsible for maintenance leave the company. These responsibilities must be reassigned. To ensure this, maintenance responsibilities must be built into job descriptions and properly monitored.

〇：Known Plaintext Attacks

A known-plaintext attack is a situation in which a decryptor can obtain plaintext indiscriminately. A ciphertext-alone attack is a situation where a decryptor can acquire ciphertext indiscriminately. A known-plaintext attack acquires the plaintext but does not know what ciphertext it is paired with, meaning that decryption is attempted with only two random ciphertexts. In this situation, it is difficult to decrypt. Therefore, the correct answer is “known-plaintext attack.

×：Selective Plaintext Attack

A choice-plaintext attack is a situation in which the decryptor can freely choose the plaintext to acquire and obtain the ciphertext.

×：Adaptive Choice Plaintext Attack

An adaptive choice-plaintext attack is a situation in which the decryptor can freely choose which plaintext to acquire and acquire the ciphertext, and can repeat the acquisition again after seeing the result.

×：None of the above

It is rare for the answer to be “none of the above” when the choice is “most of the above.

〇：Extraction of data from the database

In data classification, the data classification is used to specify which users have access to read and write data stored in the database, but it does not involve the extraction of data from the database. Therefore, the correct answer is “extraction of data from the database.

What is this? This is a question that you may think “What is this?” but you need to calmly analyze the classification of data and the manipulation of data. The more time you spend, the more tempted you are to give a difficult answer, but keeping calm is important in solving abstract problems.

×：Grouping hierarchically classified information

This is the primary activity of data classification.

×：Ensuring that non-confidential data is not unnecessarily protected

It is written in a complicated way, but it says that what does not need to be protected does not need the ability to be protected either.

×：Understanding the impact of data leakage

Although not directly, we may check the impact of a data breach in order to understand its importance in classifying data. Ka.

〇：Normalization

Normalization is the process of efficiently organizing data by eliminating redundancy, reducing the potential for anomalies during data manipulation, and improving data consistency within a database. It is a systematic method of ensuring that database structures are correctly designed so that undesirable characteristics (insert, update, and delete anomalies) do not occur and data integrity is lost.

×：Polymorphism

Polymorphism is incorrect because different objects are given the same input and react differently.

×：Database View Implementation

A database view is a logical access control, implemented so that one group or specific user can see certain information and another group is restricted from seeing it completely, which is incorrect. For example, a database view could be implemented so that middle management can see the profits and expenses of a department without seeing the profits of the entire enterprise. Database views do not minimize duplicate data. Rather, it manipulates how the data is displayed by a particular user/group.

×：Schema Construction

Schemas in database systems are incorrect because they are structures described in a formal language. In a relational database, a schema defines tables, fields, relationships, views, indexes, procedures, queues, database links, directories, etc. A schema describes the database and its structure, but not the data that exists in the database itself.

The EU Data Protection Directive is a very aggressive privacy law. Organizations must inform individuals how their data is collected and used. Organizations must allow people to opt out of data sharing with third parties. Opt-in is required to share the most sensitive data. No transmissions from the EU unless the recipient country is found to have adequate (equivalent) privacy protections, and the U.S. does not meet this standard.

A key escrow system is one in which a third-party organization holds a copy of the public/private key pair. If the private key is stolen, all ciphers can be decrypted. Conversely, if it is lost, all ciphers cannot be decrypted. Therefore, you want to have a copy. However, if you have it yourself, it may be stolen if a break-in occurs, so you leave it with a third-party organization.

The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.

〇：Regular training to change employee attitudes

Behavior-directed controls are intended to direct the behavior required of employees as part of organizational management. Regular training that changes employee awareness falls under the action-directed type. Therefore, the correct answer is “Regular training to change employee attitudes”.

×：Remotely directed defenses using drone audits

This falls under reinforcing (compensating) defensive measures.

×：Defensive measures to be behavioral psychological barriers due to physical barriers

This is a physical (physically) defensive measure.

×：Developing recurrence prevention measures to review certain actions

This is a corrective measure.

Scoping determines which parts of a standard will be deployed to the organization. It selects the standards that apply to the request or industry and determines which are within the organizational scope and which are outside of it.

〇：CA signs certificates.

A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.

×：RA creates the certificate and CA signs it.

Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.

×：RA signs certificates.

The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.

×：The user signs the certificate.

Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.

〇：Information used to reconstruct data

RAID can improve system performance by providing fault tolerance to the hard drive and the data it holds. Redundancy and speed are provided by splitting the data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve the requested information. Control data is also distributed across each disk. This is called parity, and if one disk fails, the other disks can work together to recover the data.

×：Information used to create new data

This is incorrect because parity information is not used to create new data, but rather as instructions on how to recreate lost or corrupted data.

×：Information used to erase data

Parity information is not used to erase data. This is incorrect because it is used as instructions on how to recreate lost or corrupted data.

×：Information used to construct data

Parity information is not used to create data. Incorrect because it is used as instructions on how to recreate lost or corrupted data.

Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.

〇：Encryption and decryption are more efficient.

Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. Elliptic curve cryptography (ECC) differs from other asymmetric algorithms because of its efficiency; ECC is efficient because it is computationally less expensive than other asymmetric algorithms. In most cases, the longer the key, the more bloated the computation to secure it, but ECC can provide the same level of protection with a shorter key size than RSA requires.

×：Provides digital signatures, secure key distribution, and encryption.

ECC is wrong because it is not the only asymmetric algorithm that provides digital signatures, secure key distribution, and encryption provided by other asymmetric algorithms such as RSA.

×：Calculated in finite discrete logarithms.

Wrong because Diffie-Hellman and El-Gamal compute with finite discrete logarithms.

×：Uses a large percentage of resources to perform the encryption.

Incorrect because ECC when compared to other asymmetric algorithms uses much less resources. Some devices, such as wireless devices and cell phones, have limited processing power, storage, power, and bandwidth. Resource utilization efficiency is very important for the encryption methods used in this type.

Web access management (WAM) software controls what users can access when interacting with Web-based corporate assets using a Web browser. This type of technology is continually becoming more robust and experiencing increased deployment. This is due to the increased use of e-commerce, online banking, content delivery, and Web services. The basic components and activities of the Web access control management process are

• The user submits credentials to the web server.
• The web server requests the WAM platform to authenticate the user. WAM authenticates to the LDAP directory and obtains credentials from the policy database.
• The user requests access to a resource (object).
• The web server verifies that object access is allowed and grants access to the requested resource.

When the complicated term WAM is mentioned, the journey begins to search for a definition of WAM that may be at the end of one’s brain. But as these thoughts begin, you will want the hard answers, like the X.500 database. But if you don’t know, it is straightforward to interpret and answer to the best of your understanding; if you interpret WAM as software that controls access to a Web server, then the question is, “Which is the correct definition of WAM?” Rather than “What do you think software that controls access to a web server does?” rather than “What do you think software that controls access to a web server does? However, it is still tempting to factor in the possibility that WAM is a solution that uses a specific technology that may be unfamiliar to you.

〇：The format of the audit log is unknown and is not available to the intruder in the first place.

Audit tools are technical controls that track activity within a network, on a network device, or on a specific computer. Auditing is not activity that denies an entity access to a network or computer, but it tracks activity so that the security administrator can understand the type of access made, identify security violations, or alert the administrator of suspicious activity. This information points out weaknesses in other technical controls and helps the administrator understand where changes need to be made to maintain the required level of security within the environment. Intruders can also use this information to exploit these weaknesses. Therefore, audit logs should be protected by controls on privileges, permissions, and integrity, such as hashing algorithms. However, the format of system logs is generally standardized for all similar systems. Hiding the log format is not a normal measure and is not a reason to protect audit log files.

×：If not properly protected, audit logs may not be admissible during prosecution.

This is incorrect because great care must be taken to protect audit logs in order for them to be admissible in court. Audit trails can be used to provide alerts about suspicious activity that can be investigated later. In addition, it is useful in determining exactly how far away the attack took place and the extent of any damage that may have occurred. It is important to ensure that a proper chain of custody is maintained so that all data collected can be properly and accurately represented in case it needs to be used in later events such as criminal proceedings or investigations.

×：Because audit logs contain sensitive data, only a specific subset of users should have access to them.

This is incorrect because only administrators and security personnel need to be able to view, modify, and delete audit trail information. Others cannot see this data and can rarely change or delete it. The use of digital signatures, message digest tools, and strong access controls can help ensure the integrity of the data. Its confidentiality can be protected with encryption and access control as needed, and it can be stored on write-once media to prevent data loss or tampering. Unauthorized access attempts to audit logs should be captured and reported.

×：Intruders may attempt to scrub logs to hide their activities.

If an intruder breaks into your home, do your best to leave no fingerprints or clues that can be used to link them to criminal activity. The same is true for computer fraud and illegal activity. Attackers often delete audit logs that hold this identifying information. In the text, deleting is described as scrubbing. Deleting this information may alert administrators to an alert or perceived security breach and prevent valuable data from being destroyed. Therefore, audit logs should be protected by strict access controls.

〇：Business Case

The most important part of establishing and maintaining a current continuity plan is management support. Management may need to be convinced of the need for such a plan. Therefore, a business case is needed to obtain this support. The business case should include current vulnerabilities, legal obligations, current status of the recovery plan, and recommendations. Management is generally most interested in cost-benefit issues, so preliminary figures can be gathered and potential losses estimated. Decisions about how a company should recover are business decisions and should always be treated as such.

×：Business Impact Analysis

Incorrect because the Business Impact Analysis (BIA) was conducted after the BCP team gained management’s support for its efforts. A BIA is conducted to identify areas of greatest financial or operational loss in the event of a disaster or disruption. It identifies the company’s critical systems required for survival and estimates the amount of downtime the company can tolerate as a result of a disaster or disruption.

×：Risk Analysis

Incorrect, as this is a method of identifying risks and assessing the potential damage that could be caused to justify security protection measures. In the context of BCP, risk analysis methods should be used in a BIA to identify which processes, devices, or operations are critical and should be recovered first.

×：Threat reports

The answer is wrong because it is unintended. However, it is important for management to understand what the actual threats are to the enterprise, the consequences of those threats, and the potential loss value for each threat. Without this understanding, management pays lip service to continuity planning and in some cases may be worse than if it did not plan because of the false awareness of security it creates.

〇：Conduct a risk analysis.

The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.

×：Create a performance metric for the countermeasure.  

The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.

×：Design program.  

Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.

×：Implement countermeasures.  

Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.

Student numbers, which are left to the control of each school, cannot be considered privacy information because they are not sufficient information to identify an individual.

〇：ACL

Access Control List (ACL) A map value from the Access Control Matrix to an object; ACLs are used in several operating system, application, and router configurations. They are lists of items that are authorized to access a particular object and they define the level of authorization to be granted. Authorization can be specified to an individual or to a group. Therefore, ACLs are bound to an object and indicate which subjects can access it, and feature tables are bound to a subject and indicate which objects the subject can access.

×：Function table

The function table is a row in the access control matrix.

×：Constraint Interface

Constraint interfaces are wrong because they limit the user’s access ability by not allowing them to request certain functions or information or have access to certain system resources.

×：Role-based values

The role-based access control (RBAC) model, called non-discretionary access control, is wrong because it uses a centralized set of controls to determine how subjects and objects interact.

〇：Level of insurance required to cover assets.

This question is about choosing what is not used. There are several ways to calculate asset value (AV, Asset Value): the market approach, which refers to similar assets in the market, the income approach, which measures it by the profit it will earn in the future, and the cost approach, which measures it by the cost spent on the asset. The level of insurance needed to cover an asset is a decision made after identifying the asset value and conducting an appropriate risk analysis, allowing the organization to more easily determine the level of insurance coverage to purchase for that asset. Therefore, the correct answer is “level of insurance required to cover the asset”.

×：Value of the asset in the external market.

The technique of referring to similar assets in the market is known as the market approach.

×：Initial costs and outlay for purchasing, licensing, and supporting the asset.

The method of measuring by the cost spent on an asset is known as the cost approach.

×：The value of the asset to the organization’s production operations.

The method of measuring by the profit that will be earned in the future is known as the revenue approach.

A structured change management process must be established to direct staff to make appropriate configuration changes. Standard procedures keep the process under control and ensure that it can be implemented in a predictable manner. Change management policies should include procedures for requesting changes, approving changes, documenting, testing and viewing changes, implementing, and reporting changes to management. The configuration management change control process is not typically associated with service level agreement approvals.

Disaster Recovery Planning (DRP) is the process of creating short-term plans, policies, procedures, and tools to enable the recovery or continuation of critical IT systems in the event of a disaster. It focuses on the IT systems that support critical business functions and how they will be restored after a disaster. For example, it considers what to do if you suffer a distributed denial of service (DDOS) attack, if your servers are compromised, if there is a power outage, etc. BCP is more focused on what should happen and does not necessarily include system requirements.

〇：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.

Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.

A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.

〇：TOC/TOU

Certain attacks can take advantage of the way a system processes requests and performs tasks. A TOC/TOU attack handles a series of steps that the system uses to complete a task. This type of attack takes advantage of the reliance on the timing of events occurring in a multitasking operating system; TOC/TOU is a software vulnerability that allows the use of condition checking (i.e., credential verification) and the results from that condition checking function. In the scenario in this question, the fact that the web application is likely correctly configured indicates that the programming code of this application has this type of vulnerability embedded in the code itself.

×：Buffer overflow

When too much data is accepted as input to a particular process, a buffer overflow occurs. This is incorrect because it does not match the event in the problem statement. A buffer is an allocated segment of memory. A buffer can overflow arbitrarily with too much data, but to be used by an attacker, the code inserted into the buffer must be of a specific length and require a command to be executed by the attacker. These types of attacks are usually exceptional in that the fault is segmented, or sensitive data is provided to the attacker.

×：Blind SQL Injection

Blind SQL injection attacks are wrong because they are a type of SQL injection attack that sends true or false questions to the database. In a basic SQL injection, the attacker sends specific instructions in SQL format to query the associated database. In a blind SQL attack, the attacker is limited to sending a series of true-false questions to the database in order to analyze the database responses and gather sensitive information.

×：Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) is incorrect because it is an attack type that attempts to trick the victim into loading a web page containing malicious requests or operations. The attack operation is performed within the context of the victim’s access rights. The request inherits the victim’s identity and performs undesirable functions for the victim. In this type of attack, the attacker can cause the victim’s system to perform unintended actions such as changing account information, retrieving account data, or logging out. This type of attack could be related to the scenario described in this question, but focuses on how the user can bypass the locking mechanism built into the web application. The logic in the programming code is incorrectly developed and the locking function is bypassed because a rigorous series of checks and usage sequences are not performed correctly.

〇：Due Care

Confidentiality means that the company does everything it could reasonably have done to prevent a security breach under the circumstances and takes appropriate control and action in the event of a security breach. In short, it means that the company is acting responsibly by practicing common sense and prudent management. If a company has a facility that is not fire-immune, its arsonist will be only a small part of this tragedy. The company is responsible for providing fire-resistant building materials, alarms, exits, fire extinguishers, and backup fire detection and suppression systems, all critical information specific areas that could be affected by a fire. If a fire were to burn the company’s building and all records (customer data, inventory records, and information needed to rebuild the business) were to disappear, the company would not take precautions to ensure that it is protected against that loss. For example, it would be possible to back up to an off-site location. In this case, employees, shareholders, customers, and anyone else affected could potentially sue the company. However, if the company has done all that is expected of it in terms of the points mentioned so far, it is difficult to sue without success if proper care (dee care) is not taken.

×：Downstream Liability

Is wrong because one firm’s activities (or lack thereof) may have a negative impact on other firms. If either company fails to provide the required level of protection and its negligence affects the partners with whom it cooperates, the affected company can sue the upstream company. For example, suppose Company A and Company B have built an extranet. Company A has not implemented controls to detect and address viruses. Company A is infected with a harmful virus, which infects Company B through the extranet. The virus destroys critical data and causes a major disruption to Company B’s production. Company B can therefore sue Company A for negligence. This is an example of downstream liability.

×：Liability

Incorrect, as it generally refers to the obligation and expected behavior or actions of a particular party. Obligations can have a defined set of specific actions required, which is a more general and open approach that allows parties to determine how to fulfill specific obligations.

×：Due diligence

A better answer to this question. Liability is not considered a legal term as with the other answers. Due diligence is because the firm has properly investigated all of its possible weaknesses and vulnerabilities. Before you can understand how to properly protect yourself, you need to know that you are protecting yourself. To understand the real level of risk, investigate and assess the real level of vulnerability. Even after these steps and assessments have been made, effective controls and protective measures can be identified and implemented. Due diligence means identifying all potential risks, but an appropriate response is one that actually mitigates the risk.

A captive portal is a mechanism that restricts communication with the outside world until user authentication, user registration, and user consent are performed when a terminal connects to the network.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

〇：VLAN

Virtual LANs (VLANs) allow logical isolation and grouping of computers based on resource requirements, security, or business needs, despite the standard physical location of the system. Computers in the same department configured on the same VLAN network can all receive the same broadcast messages, allowing all users to access the same types of resources regardless of their physical location.

×：Open Network Architecture  

Open network architecture is wrong because it describes the technology that can configure a network; the OSI model provides a framework for developing products that operate within an open network architecture.

×：Intranet

Incorrect because an intranet is a private network used by a company when it wants to use Internet and Web-based technologies in its internal network.

×：VAN  

Incorrect because a Value Added Network (VAN) is an electronic data interchange (EDI) infrastructure developed and maintained by a service bureau.

Deleting a file is physically recoverable. Shredding, demagnetizing, and overwriting are all methods that render the file physically unrecoverable.

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

〇：One-time pad

Stream ciphers refer to one-time pad technology. In practice, stream ciphers cannot provide the level of protection that one-time pads do, but are practical.

×：AES

AES is incorrect because it is a symmetric block cipher. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits.

×：Block ciphers

Block ciphers are used for encryption and decryption purposes. The message is wrong because it is divided into blocks of bits.

×：RSA

RSA is incorrect because it is an asymmetric algorithm.

Defense-in-Depth is the concept that protection should not be monolithic, but should be multi-layered in all aspects. The term “defense-in-depth” comes close to the alternative, as multiple layers of protection are required to protect against a single vulnerability.

Users can logically guess the URL or path to access resources they should not. If an organization’s network has access to a report name ending in “financials_2017.pdf”, it is possible to guess other file names that should not be accessed, such as “financials_2018.pdf” or “financials.pdf”.

〇：Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is a U.S. copyright law that makes it a crime, among other things, for technology to infringe upon the access control measures established to protect copyrighted material. Therefore, the correct answer is “Digital Millennium Copyright Act.

If you find a way to “unlock” a proprietary method of protecting an e-book, you can charge this act. Even if you do not share the actual copyrighted book with anyone, the specific law has been broken and you will be convicted.

×：COPPA

The Children’s Online Privacy Protection Act (COPPA) is a law that allows for the safe use of children’s sites on the Internet and prohibits children from being put at risk if they do not have any terms and conditions The law prohibits children from being endangered without any terms and conditions so that they can safely use the Internet for children.

×：Federal Privacy Act

There is no such law, but a close equivalent is the U.S. Federal Data Privacy Act. This would be a comprehensive privacy law at the federal level in the United States.

×：GDPR

The General Data Protection Regulation (GDPR) is a privacy law for EU citizens that is a stricter version of the Data Protection Directive.

〇：Buffer overflow

A buffer is an area reserved by an application to store something in it, like some user input. After the application receives input, the instruction pointer is put into the buffer. A buffer overflow occurs when the application accidentally allows the input to overwrite the instruction pointer in the code and write it to the buffer area. Once the instruction pointer is overwritten, it can be executed under the application’s security context.

×：Traffic Analysis

Traffic Analysis is incorrect because it is a method of revealing information by looking at traffic patterns on the network.

×：Race Condition

Incorrect because it does not indicate a race condition attack; if two different processes need to perform their tasks on a resource, they need to follow the correct order.

×：Covert Storage

Incorrect because in a covert storage channel, processes are capable of communicating through some type of storage space on the system.

〇：Unit Testing

Unit testing involves testing individual components in a controlled environment to verify data structures, logic, and boundary conditions. After the programmer develops a component, it is tested with several different input values and in a variety of situations. Unit testing can begin early in the development process and usually continues throughout the development phase. One of the benefits of unit testing is that it identifies problems early in the development cycle. It is easier and less expensive to make changes to individual units.

×：Acceptance Testing

This is incorrect because acceptance testing is done to verify that the code meets the customer’s requirements. This test is applied to some or all of the application, but usually not individual components.

×：Regression Testing

Regression testing is incorrect because it implies retesting a system after changes have been made to ensure its functionality, performance, and protection. Essentially, regression testing is done to identify bugs where functionality no longer works as intended as a result of a program change. It is not uncommon for developers to fix one problem, accidentally create a new problem, or fix a new problem and solve an old one. Regression testing involves checking for previously fixed bugs to ensure that they have not reappeared and re-running previous tests.

×：Integration Testing

Integration testing is incorrect because it verifies that components work together as outlined in the design specification. After unit testing, individual components or units are tested in combination to verify that they meet functional, performance, and reliability requirements.

〇：Parallel testing or full interruption testing

A Business Impact Analysis (BIA) is considered a functional analysis where the team gathers data through interviews and documentation sources. Document business functions, activities, and transactions. Develop a hierarchy of business functions. Finally, a classification scheme is applied that indicates the level of importance of each individual function. Parallel and full interruption tests are not part of the BIA. These tests are performed to ensure the ongoing effectiveness of the business continuity plan to accommodate the constantly changing environment. While full interruption testing involves shutting down the original site and resuming operations and processing at an alternate site, parallel testing is performed to ensure that a particular system will actually function properly at the alternate off-site function.

×：Application of a classification scheme based on criticality levels.

This is incorrect because it is performed during a BIA. This is done by identifying a company’s critical assets and mapping them to characteristics such as maximum allowable downtime, operational disruption and productivity, financial considerations, regulatory liability, and reputation.

×：Gathering information through interviews

This is not correct as it is done during the BIA. The BCP committee does not truly understand all business processes, the steps to be taken, or the resources and supplies those processes require. Therefore, the committee should collect this information from people in the know, which are department heads and specific employees within the organization.

×：Document business functions

This is incorrect because the BCP committee makes this part of the BIA. Business activities and transactions must be documented. This information can come from department managers and specific employees who are interviewed or surveyed. Once the information is documented, the BCP committee can conduct an analysis to determine which processes, equipment, or operational activities are most critical.

HIPAA covered entities and the organizations and individuals who assist them in their business are treated in the same manner as HIPAA covered entities. Health care providers, health information clearinghouses, and health insurance plans are covered entities. Developers of health apps are responsible as programmers rather than holders or plan holders of bodily information. They may not be covered by HITECH, which focuses on how body information is managed. Therefore, the correct answer is “health app developer”.

It is not necessary to know the detailed HITECH requirements. You can classify them based on whether or not you are dealing with information and answer the questions by process of elimination.

〇：AS / NZS 4360

AS / NZS 4360 can be used for security risk analysis, but it was not created for that purpose. It takes a much broader approach to risk management than other risk assessment methods, such as NIST or OCTAVE, which focus on IT threats and information security risks. AS / NZS 4360 can be used to understand a firm’s financial, capital, personnel safety, and business decision-making risks.

×：FAP

Incorrect as there is no formal FAP risk analysis methodology.

×：OCTAVE

Image B is incorrect because it focuses on IT threats and information security risks. OCTAVE is intended for use in situations that manage and direct information security risk assessments within an organization. Employees of an organization are empowered to determine the best way to assess security.

×：NIST SP 800-30

Wrong because it is specific to IT threats and how they relate to information threats. Focus is primarily on systems. Data is collected from network and security practices assessments and from people within the organization. Data is used as input values for the risk analysis steps outlined in the 800-30 document.

〇：Data User

An individual who uses data for work-related tasks is a data user. Users must have the necessary level of access to data to perform their job duties. They are also responsible for adhering to operational security procedures to ensure the confidentiality, integrity, and availability of the data to others. This means that users must take appropriate precautions and follow both security policies and data classification rules.

×：Data Owners

This is incorrect because the data owner has a higher level of responsibility in protecting the data. The data owner is responsible for classifying the data, regularly reviewing the classification level, and delegating responsibility for the data protection position to the data controller. The data owner is usually a manager or executive within the organization and is responsible for the protection of the company’s information assets.

×：Data Controller

Incorrect, as the data controller is responsible for implementing and maintaining security controls as directed by the data owner. In other words, the data administrator is the technician of the controls that protect the data. Her duties include creating backups, restoring data, implementing and maintaining countermeasures, and managing controls.

×：Information Systems Auditor

Incorrect, as they are responsible for evaluating controls. After evaluating the controls, the auditor submits a report to management, mapping the results to the organization’s acceptable level of risk. This has nothing to do with using data or being meticulous in the use of data.

〇：Trademarks

Intellectual property can be protected by several different laws, depending on the type of resource. Trademarks are used to protect words, names, symbols, sounds, shapes, colors, or combinations of these, such as logos. The reason a company registers one of these trademarks, or a combination of these trademarks, is to represent their company (brand identity) to the world. Therefore, the correct answer is “trademark”.

×：Patent

A patent is a monopoly right to use a technology for something that is very difficult to invent, such as a medicine.

×：Copyright

A copyright is a right to something that is not technical, such as music or a book, but something that is thought up and created.

×：Trade Secrets

Trade secrets are information that is useful and confidential as a business activity, such as customer information, product technology and manufacturing methods.

〇：Increasing database security controls and providing more granularity.

The best approach to protecting the database in this situation would be to increase controls and assign detailed permissions. These measures would ensure that users cannot abuse their permissions and that the confidentiality of the information is maintained. The granularity of permissions would give network administrators and security professionals additional control over the resources they are charged with protecting, and the granular level would allow them to give individuals just the exact level of access they need.

×：Implement an access control where each user’s privileges are displayed each time they access the database.

Implementing an access control that displays each user’s permissions is incorrect because they are an example of one control each time they access the database. This is not the overall way of dealing with user access to a database full of information. This may be an example of better database security control, but it needs to be limited to the right places.

×：Change the classification label of the database to a higher security status.

The classification level of the information in the database should previously be determined based on its level of confidentiality, integrity, and availability. This option implies that a higher level of authorization should be given, but there is no indication in the question text that the security level is inappropriate.

×：Reduce security. Allow all users to access information as needed.

The answer to reduce security is incorrect.

〇：RAID Level 3

RAID redundant arrays provide fault tolerance capability for hard drives and can improve system performance. Redundancy and speed are provided by splitting data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve requested information. At this time, recovery data is also created. This is called parity; if one disk fails, the parity data can be used to reconstruct the corrupted or lost information. Different levels of RAID systems experience different activities that provide fault tolerance or improved performance. RAID level 3 is a method that uses byte-level striping and dedicated parity disks.

×：RAID Level 0

Wrong because only striping occurs at level 0.

×：RAID Level 5

RAID 5 is incorrect because it uses block-level striping and interleaved parity on all disks.

×：RAID Level 10

Level 10 is incorrect because it is associated with striping and mirroring.

Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.

〇：Digital Signature

A digital signature is a hash value encrypted with the sender’s private key. The act of signing means encrypting a hash value of a message with a private key. A message can be digitally signed, providing authentication, non-repudiation, and integrity. The hash function guarantees the integrity of the message, and the signature of the hash value provides authentication and non-repudiation.

×：Encryption Algorithms

Encryption algorithms are wrong because they provide confidentiality. Encryption is most commonly performed using symmetric algorithms. Symmetric algorithms can provide authentication, non-repudiation, and integrity as well as confidentiality.

×：Hash Algorithms

Hash algorithms are wrong because they provide data integrity. Hash algorithms generate a message digest, which detects whether modifications have been made (also called a hash value). The sender and receiver individually generate their own digests, and the receiver compares these values. If they differ, the receiver can know the message has been modified. Hash algorithms cannot provide authentication or non-repudiation.

×：Encryption paired with digital signatures

This is incorrect because encryption and digital signatures provide confidentiality, authentication, non-repudiation, and integrity. Encryption alone provides confidentiality. And digital signatures provide authentication, non-repudiation, and integrity. The question requires that it can provide authentication, non-repudiation, and integrity. It is a nasty question.

〇：Software Escrow

If you do not have access to the software, but the developer may be out of business, you should plan for what to do after that out-of-business event. Software escrow means that the third party retains the source and compiled code, backup manuals, and other support materials. The agreement between the software vendor, the customer, and the third party would typically be that the customer would only have access to the source code when the vendor goes out of business and in the event of the vendor’s inability to fulfill its stated responsibilities or breach of the original agreement. The customer is protected because they can gain access to the source code and other materials through a third-party escrow agent.

×：Reciprocal Treatment Agreement

Although the term “reciprocal treatment agreement” does not exist, a close concept is mutual assistance agreements. A Mutual Assistance Agreement (MAA) is a promise to support each other in the event of a disaster by sharing facilities. There are times when you want to do something about a disaster, but you don’t have the funds to do it. In such a case, you can find a similar organization and agree to cooperate with each other in the event of a disaster.

×：Electronic Data Vault

Electronic data vaulting (e-vaulting) is the use of a remote backup service to electronically transmit backups off-site at regular intervals or when files are changed.

×：Business interruption insurance

Although the term business interruption insurance does not exist, it can be interpreted as a concept similar to insurance in the event of business interruption. Insurance is typically applied against financial risk. In this issue, software escrow is more appropriate because we want to continue access to the software.

Freeware is free software and can be used for free. Shareware is fully functional proprietary software that is initially free to use. Often a trial to test the software requires a fee to continue using it after 30 days. Thus, the correct answer is, “Freeware is free in perpetuity, while shareware is free for a set period of time.” will be.

〇：Data Encryption

The Advanced Encryption Standard (AES) is a data encryption standard developed to improve upon the previous de facto standard, Data Encryption Standard (DES). As a symmetric algorithm, AES is used to encrypt data. Therefore, the correct answer is “data encryption.

There are other situations where AES is used in the other choices, but encrypting data is the most focused or better answer. Thus, there are cases where all of the choices are correct.

×：Data integrity

This is a characteristic of digital signatures.

×：Key recovery

It is a property of decryption and key escrow.

×：Symmetric key distribution

Using symmetric keys for AES distribution lowers the key delivery problem.

There is an unfamiliar term: data classification program. This is not a dictionary definition of the term. You want to classify data, what do you do to do that? What is the first step in this process? Since you are being asked about the “first step” in doing this, you can answer by listing the options in order and choosing the first option. Do not search the dictionary in your mind for the word “data classification,” think of the process flow of data classification, and recall the name of the first process.

In order, you might go from understanding the level of protection you need to provide, to specifying the data classification criteria, to determining the protection mechanisms for each classification level, to identifying the data controller. Whatever you do, the first step should be research. Then the problem is defined and the best answer is derived, which is the general solution to the problem.

〇：Ensure the security of customer, company, and employee data.

The Chief Privacy Officer (CPO) is responsible for ensuring the security of customer, company, and employee data; the CPO is directly involved in setting policies regarding how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports reports and findings to the Chief Security Officer (CSO). Thus, the correct answer is “Ensure that customer, company, and employee data is protected.” The answer is “Yes.

Perhaps you did not know what a CPO is. The point of this question is to see if you can conceive of the protection of personal information from the word privacy. When you see some words you don’t know in the actual exam, don’t throw them away because you don’t know what they mean. There are always hints.

×：Ensure the protection of partner data.

CPOs are responsible for ensuring the security of customer, company, and employee data.

There can be protection of partner data, but not in the sense of a primary role.

×：Ensuring the accuracy and protection of company financial information.

This is not considered to be a protection of privacy.

×：Ensuring that security policies are defined and implemented.

This is a common objective for all personnel/responsible parties and is not focused in the context of your role as Chief Privacy Officer (CPO).

〇：Graham-Denning Model

The Graham-Denning model addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a basic set of rights in terms of the commands that a particular subject can execute on an object. The model has eight basic protective rights or rules on how to safely perform these types of functions

×：Brewer-Nash Model

It is incorrect because its purpose is to provide access control that can be changed dynamically according to the user’s previous actions. The main purpose is to protect against conflicts of interest due to user access attempts. For example, if a large marketing firm provides marketing promotions and materials for two banks, the employee responsible for the Bank A project should not be able to see information about Bank B, the marketing firm’s other bank customer. A conflict of interest could arise because the banks are competitors. If the project manager of the marketing firm’s Project A can see information about Bank B’s new marketing campaign, he may attempt to execute it rather than promote it to please more direct customers. Marketing firms have a bad reputation when internal employees can act irresponsibly.

×：Clark-Wilson Model

The Clark-Wilson model is incorrect because it is implemented to protect data integrity and ensure that transactions are properly formatted within the application. Subjects can only access objects through authorized programs. Segregation of duties is enforced. Auditing is required. The Clark-Wilson model addresses three integrity goals: preventing changes by unauthorized users, preventing inappropriate changes by unauthorized users, and maintaining internal and external consistency.

×：Bell-LaPadula Model

This model was developed to address concerns about the security of U.S. military systems and the leakage of classified information, and is incorrect. The primary goal of the model is to prevent unauthorized access to classified information. It is a state machine model that enforces the confidentiality aspect of access control. Matrices and security levels are used to determine if a subject has access to different objects. Specific rules are applied to control how objects interact with each other compared to the subject’s object classification.

Remote journaling means that a transaction log file, not the file itself, is sent remotely. A transaction is one or more update operations performed on a file. In other words, it is a history of updates to a file. This means that if the original file is lost, it can be reconstructed from the transaction log.

Matrix is not a network topology. Ring, mesh, and star are network topologies.

〇：Extraction of data shared with unauthorized entities

This is a problem of selecting unrelated items. Extraction of data shared with unauthorized entities is a confidentiality issue. Although it is complicatedly worded, the operations on the data are unauthorized and extraction, and none of them include the destruction of data, which is the primary focus of integrity. Therefore, the correct answer is “extraction of data shared with unauthorized entities.

In solving this problem, it is not necessary to know what an entity is. The focus is on whether any modification or destruction has taken place.

×：Unauthorized manipulation or alteration of data

Mistake. Because integrity is associated with unauthorized manipulation or alteration of data. Integrity is maintained when unauthorized modification is prevented. Hardware, software, and communication mechanisms must work together to correctly maintain and process data and move data to its intended destination without unexpected changes. Systems and networks must be protected from outside interference and contamination.

×：Unauthorized data modification

Unauthorized data modification is a mistake as it relates to integrity. Integrity is about protecting data, not changing it by users or other systems without authorization.

×：Intentional or accidental data substitution

Incorrect because intentional or accidental data substitution is associated with integrity. Integrity is maintained when assurances of the accuracy and reliability of information and systems are provided along with assurances that data will not be tampered with by unauthorized entities. An environment that enforces integrity prevents attacks, for example, the insertion of viruses, logic bombs, or backdoors into the system that could corrupt or replace data. Users typically incorrectly affect the integrity of the system and its data (internal users may also perform malicious acts). For example, a user may insert incorrect values into a data processing application and charge a customer $3,000 instead of $300.

〇：A Comprehensive Executive Summary

No matter how technically comprehensive a report to management may be, it is not always desirable to be too informative; IT security professionals must understand that the risk to the enterprise from a data breach is only one of many concerns that senior management must understand and prioritize. C-level executives must be attentive to many risks and may have difficulty properly categorizing the often unfamiliar, highly technical threats. In short, the IT security professional’s primary job is to summarize the risks in as short a time as possible in a way that suits the management.

×：List of Threats, Vulnerabilities, and Likelihood of Occurrence

This is incorrect because it is not the most important element to report to management. Such a list is essential to a comprehensive security report, but providing it to senior management is unlikely to result in effective action without a skillful executive summary.

×：A comprehensive list of the probability and impact of expected adverse events

This is incorrect because it is not the most important element of the report to management. Such lists are important in technical reports, but summaries are critical to achieving risk mitigation goals.

×：A comprehensive list of threats, vulnerabilities, and likelihood of occurrence, a comprehensive list of the probability and impact of expected adverse events, and a written summary thereof to meet technical comprehensiveness

incorrect because it describes the most common and significant obstacles to reporting to management.

〇：Purge by overwriting

Purging means making data unavailable even by physical forensic efforts. This is typically accomplished by overwriting each sector of the medium on which the data is stored.

×：Deleting data

Wrong. Deleting data by operating system command typically leaves the data on the storage medium while marking the clusters or blocks that are stored for later reuse.

Personally, I feel that this option is better prepared for the exam. This is because the choice uses the general language of deleting data, which allows the answer to be given in a short time and in a broad sense. However, the term purge is a stronger fit for the question than the answer to this question.

×：Sanitizing media

Wrong. Although more powerful than simply deleting data with an operating system command, sanitization usually refers to making storage media reusable within the same security context.

The method-specific option “purge” is a stronger fit for the problem, since you asked for “using special skills, such as physical or forensic.”

×：None of these work!

Wrong. With appropriate prudence, purging techniques can successfully handle data residuals.

MAC (mandatory access control) is often used when confidentiality is of utmost importance. Access to objects is determined by labels and clearances. It is often used in organizations where confidentiality is very important, such as the military.

The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.

〇：Meetings should be conducted with a fixed number of members and should be as small as possible.

The BCP committee should be large enough to represent each department within the organization. It should consist of people who are familiar with the different departments within the company, as each department has unique functions and unique risks and threats. All issues and threats will be formulated when they are brought in and discussed. This cannot be done effectively with a few divisions or a few people. The committee must consist of at least business unit, senior management, IT, security, communications, and legal personnel.

Conducting meetings with a fixed number of members and as few as possible is certainly not a misinterpretation of “elite few. However, one must know what is the “best” answer and answer it.

×：Committee members should be involved in the planning, testing, and implementation phases.

The answer is incorrect because it is correct that committee members need to be involved in the planning, testing, and implementation phases. If Matthew, the coordinator of the BCP, is a good business leader, he will consider that it is best to make team members feel ownership over their duties and roles. The people who develop the BCP must also be the ones who implement it. If some critical tasks are expected to be performed during a time of crisis, additional attention should be given during the planning and testing phase.

×：The business continuity coordinator should work with management to appoint committee members.

This is incorrect because the BCP coordinator should work with management to appoint committee members. However, management’s involvement does not end there. The BCP team should work with management to finalize the goals of the plan, identify the critical parts of the business that must be handled first in the event of a disaster, and identify department and task priorities. Management also needs to help direct the team on the scope and specific goals of the project.

×：The team should consist of people from different departments within the company.

This is incorrect because the team should consist of people from different departments within the company. This will be the only way for the team to consider the risks and threats that each department faces according to the organization.

〇：Council of Europe Convention on Cybercrime

The Council of Europe (CoE) Convention on Cybercrime is an example of an attempt to create a standard international response to cybercrime. It is the first international treaty to address computer crime by coordinating national laws and improving investigative techniques and international cooperation. The treaty’s objectives include creating a framework to bind the jurisdiction of the accused and the perpetrators of the crimes. For example, extradition is possible only if the case is a crime in both countries.

×：World Congress Council on Cybercrime

The World Congress Council on Cybercrime is misleading and therefore wrong. The official name of the Convention is the Council of Europe’s Convention on Cybercrime. It establishes comprehensive legislation against cybercrime and serves as a framework for international cooperation among the signatories to the Convention to guide all countries.

×：Organization for Economic Cooperation and Development (OECD)

Image C is wrong because the Organization for Economic Cooperation and Development (OECD) is an international organization that brings together different governments to help address the economic, social, and governance challenges of a globalized economy. For this reason, the OECD has developed national guidelines to ensure that data is properly protected and that everyone adheres to the same kinds of rules.

×：Organization for Cooperation and Development in Cybercrime

Organization for Cooperation and Development of Cybercrime is the wrong answer. There is no formal entity of this name.

〇：Dynamic Testing

Dynamic testing is testing that is performed by actually running the developed program. Compared to static testing, it is a practical test in which the program is actually run and checked. Therefore, the correct answer is “dynamic testing.

×：Static Testing

Static testing is testing that is performed without running the developed program.

×：White box testing

White box testing is a test to confirm the operation of a program after understanding the contents of the program.

×：Black box testing

Black box testing is testing to confirm that the program does not behave unexpectedly without understanding the contents of the program.

〇：DDoS attacks

Availability is one of the properties of the CIA triad that indicates service continuity. An attack that threatens the continuity of service corresponds to a DDoS attack that sends a large number of requests and causes a service outage. Therefore, the correct answer is “DDoS attack”.

×: Wheeling

Whaling is a spear-phishing attack that targets a socially recognized person or organization.

×: TOC/TOU

TOC/TOU is a software bug that occurs when the system is modified between the time a condition is checked and the time the results of that check are used. In many cases, the attack replaces one file with another between looking for the file and reading the file.

×: DRAM

RAM (Random Access Memory) is memory used for CPU and screen displays, etc. DRAM is RAM that is only stored for short periods of time and requires periodic refreshing.

〇：All failed access attempts should be logged and reviewed.

The physical access control system may use software and auditing capabilities to generate an audit trail or access log associated with access attempts. The date and time of the entry point when access was attempted, the user ID used when access was attempted, and any failed access attempts, among others, should be recorded.

×：Failed access attempts are recorded and only security personnel are entitled to review them.

Unless someone actually reviews them, the access logs are as useless as the audit logs generated by the computer. Security guards should review these logs, but security professionals and facility managers should review these logs on a regular basis. The administrator must know the existence and location of entry points into the facility.

×：Only successful access attempts should be logged and reviewed.

Wrong, as unsuccessful access attempts should be logged and reviewed. Audit should be able to alert you to suspicious activity even though you are denying an entity access to a network, computer, or location.

×：Failed access attempts outside of business hours should be logged and reviewed.

Incorrect, as all unauthorized access attempts should be logged and reviewed regardless. Unauthorized access can occur at any time.

〇：Regular software updates

You are the system administrator. As an administrator, what you should be doing is updating software on a regular basis. Therefore, the correct answer is “regular software updates.

There may be some that you should implement, but choosing the better of the two will also be tested in the actual exam.

×：Sophisticated product selection

In most cases, products that meet the requirements will be selected in accordance with the Request for Proposal (RFP) presented by the customer. Existing system administrators may be involved in some of these discussions, but this is not an appropriate response.

×：Early reporting to your supervisor

In all jobs, reporting to the supervisor is probably an essential part of the job. Here, however, it is more appropriate to focus on your position as a software system administrator.

×：Human resources to monitor the system

A resident system may allow you to deal with problems in a timely manner. However, here, it is more appropriate to focus on the position as a system administrator of the software.

〇：Test the restore procedure.

The ability to successfully restore from a backup must be tested periodically. Therefore, the correct answer is: “Test the restore procedure.” will be

×：Ensure that all user data is backed up.

Making copies of user data is important, but copies are useless unless it is ensured that the copies can be restored.

×：Back up the database management system (DBMS) to your own specifications.

While it is a good idea to use measures to meet the proprietary specifications of the DBMS to ensure that transactional copies are usable, those copies will not be trusted unless the restores are tested.

×：Ensure that the backup log files are complete.

Monitoring backup logs for completion is good operational practice, but it is wrong because it is no substitute for regular testing of the backups themselves and their ability to truly recover from data loss.