〇：Shoulder Surfing Attacks

Shoulder surfing is a type of browsing attack in which an attacker looks over the shoulder of another person to see what is being typed on that person’s monitor items or keyboard. Of the attacks listed, this is the easiest to perform in that it requires no knowledge of the computer system. Therefore, the correct answer is a shoulder surfing attack.

×：Dictionary attack

A dictionary attack is an unauthorized login that targets users who use words as passwords.

×：Side-channel attack

A side-channel attack is an attack that eavesdrops on system data from physical information.

×：Timing Attacks

A timing attack is an attack in which various input information is given to a device that processes ciphers, and the cipher key or other information is deduced from the difference in processing time. If processing time is taken, it can be inferred as a rough indication that the process is proceeding normally as a process, and so on.

〇：Common Criteria

Common Criteria was created in the early 1990s as a way to combine the strengths of both the Trustworthy Computer Systems Evaluation Criteria (TCSEC) and the Information Technology Security Evaluation Criteria (ITSEC) and eliminate their weaknesses. Common Criteria is more flexible than TCSEC and easier than ITSEC. Common Criteria is recognized worldwide and assists consumers by reducing the complexity of assessments and eliminating the need to understand the definitions and meanings of different assessments in different assessment schemes. This also helps manufacturers because they can now build a specific set of requirements when they want to market their products internationally, rather than having to meet several different evaluation criteria under different rules and requirements.

×：ITSEC

This is incorrect because it is not the most widely used information technology security evaluation standard. ITSEC was the first attempt to establish a single standard for evaluating the security attributes of computer systems and products in many European countries. In addition, ITSEC separates functionality and assurance in its evaluations, giving each a separate rating. It was developed to provide greater flexibility than TCSEC and addresses integrity, availability, and confidentiality in networked systems. The goal of ITSEC was to become the global standard for product evaluation, but it failed to achieve that goal and was replaced by Common Criteria.

×：Red Book

Wrong, as it is a U.S. government publication that addresses the topic of security evaluation of networks and network components. Formally titled Trusted Network Interpretation, it provides a framework for protecting different types of networks. Subjects accessing objects on the network must be controlled, monitored, and audited.

×：Orange Book

Incorrect as this is a U.S. Government publication that addresses government and military requirements and expectations for operating systems. The Orange Book is used to evaluate whether a product is suitable for the security characteristics and specific applications or functions required by the vendor. The Orange Book is used to review the functionality, effectiveness, and assurance of the product under evaluation, using classes designed to address typical patterns of security requirements. It provides a broad framework for building and evaluating trusted systems, with an emphasis on controlling which users have access to the system. We call it the Orange Book, but another name for it is Trusted Computer System Evaluation Criteria (TCSEC).

〇：Salvage Teams

The BCP coordinator should understand the needs of the company and the types of teams that need to be developed and trained. Employees should be assigned to specific teams based on their knowledge and skill sets. Named leaders, each team must have members and the ability to direct their activities. These team leaders will be responsible not only for ensuring that team goals are met, but also for interacting with each other to ensure that each team is operating properly. The salvage team is responsible for initiating recovery of the original site. They are also responsible for backing up data from the alternate site and restoring it within the new facility, carefully terminating any unforeseen operations, and ensuring equipment and personnel are transported to the new facility.

×：Damage Assessment Team

The Damage Assessment Team is incorrect because it is responsible for determining the extent and severity of damage.

×：BCP Team

Wrong because the BCP team is responsible for creating and maintaining a business continuity plan.

×：Recovery Team

Wrong because the Recovery Team is responsible for getting an alternate site to work and to keep the environment functioning.

Copyright applies to books, art, music, software, etc. It is granted automatically and is valid for 70 years after the creator’s death and 95 years after creation. Therefore, the correct answer is “75 years”.

〇：Due Care

Confidentiality means that the company does everything it could reasonably have done to prevent a security breach under the circumstances and takes appropriate control and action in the event of a security breach. In short, it means that the company is acting responsibly by practicing common sense and prudent management. If a company has a facility that is not fire-immune, its arsonist will be only a small part of this tragedy. The company is responsible for providing fire-resistant building materials, alarms, exits, fire extinguishers, and backup fire detection and suppression systems, all critical information specific areas that could be affected by a fire. If a fire were to burn the company’s building and all records (customer data, inventory records, and information needed to rebuild the business) were to disappear, the company would not take precautions to ensure that it is protected against that loss. For example, it would be possible to back up to an off-site location. In this case, employees, shareholders, customers, and anyone else affected could potentially sue the company. However, if the company has done all that is expected of it in terms of the points mentioned so far, it is difficult to sue without success if proper care (dee care) is not taken.

×：Downstream Liability

Is wrong because one firm’s activities (or lack thereof) may have a negative impact on other firms. If either company fails to provide the required level of protection and its negligence affects the partners with whom it cooperates, the affected company can sue the upstream company. For example, suppose Company A and Company B have built an extranet. Company A has not implemented controls to detect and address viruses. Company A is infected with a harmful virus, which infects Company B through the extranet. The virus destroys critical data and causes a major disruption to Company B’s production. Company B can therefore sue Company A for negligence. This is an example of downstream liability.

×：Liability

Incorrect, as it generally refers to the obligation and expected behavior or actions of a particular party. Obligations can have a defined set of specific actions required, which is a more general and open approach that allows parties to determine how to fulfill specific obligations.

×：Due diligence

A better answer to this question. Liability is not considered a legal term as with the other answers. Due diligence is because the firm has properly investigated all of its possible weaknesses and vulnerabilities. Before you can understand how to properly protect yourself, you need to know that you are protecting yourself. To understand the real level of risk, investigate and assess the real level of vulnerability. Even after these steps and assessments have been made, effective controls and protective measures can be identified and implemented. Due diligence means identifying all potential risks, but an appropriate response is one that actually mitigates the risk.

〇：Creating Data Collection Techniques

Of the steps listed, the first step in a Business Impact Analysis (BIA) is to create a data collection technique. The BCP committee will use questionnaires, surveys, and interviews to collect key person information on how different tasks are accomplished within the organization, along with any relevant dependencies of processes, transactions, or services. Process flow diagrams should be created from this data and used throughout the BIA and planning and development phases.

×：Risk calculations for each different business function

This is incorrect because the risk for each business function is calculated after the business function has been identified. And before that happens, the BCP team needs to collect data from key personnel. To calculate the risk for each business function, qualitative and quantitative impact information must be collected, properly analyzed, and interpreted. Once the data analysis is complete, it should be reviewed with the most knowledgeable people in the company to ensure that the results are relevant and to explain the actual risks and impacts facing the organization. This will flush out any additional data points that were not captured initially and allow for a full understanding of all possible business impacts.

×：Identifying Critical Business Functions

Image B is incorrect because the identification of critical business functions is done after the BCP committee has learned about the business functions that exist by interviewing and surveying key individuals. Once the data collection phase is complete, the BCP committee conducts an analysis to determine which processes, devices, or business activities are critical. If a system stands on its own, does not affect other systems, and is less critical, it can be classified as a Tier 2 or Tier 3 recovery step. In other words, these resources are not processed in the recovery phase until the most critical (Tier 1) resources are up and running.

×：Vulnerability and Threat Identification to Business Functions

This is not the first step and is incorrect because it identifies vulnerabilities and threats to business functions toward the end of the business impact analysis. It is the last of the steps listed in the answer. Threats can be man-made, natural, or technical. It is important to identify all possible threats and estimate their likelihood of occurring. When developing these plans, some issues may not be immediately apparent. These issues are best addressed by groups conducting scenario-based exercises. This ensures that when the threat becomes reality, the plan will have an impact on all business tasks, departments, and critical operations. The more issues that are planned for, the better prepared you will be should these events occur.

〇：Test the restore procedure.

The ability to successfully restore from a backup must be tested periodically. Therefore, the correct answer is: “Test the restore procedure.” will be

×：Ensure that all user data is backed up.

Making copies of user data is important, but copies are useless unless it is ensured that the copies can be restored.

×：Back up the database management system (DBMS) to your own specifications.

While it is a good idea to use measures to meet the proprietary specifications of the DBMS to ensure that transactional copies are usable, those copies will not be trusted unless the restores are tested.

×：Ensure that the backup log files are complete.

Monitoring backup logs for completion is good operational practice, but it is wrong because it is no substitute for regular testing of the backups themselves and their ability to truly recover from data loss.

〇：XACML

XACML allows two or more companies to have a trust model set up to share identity, authentication, and authorization methods. This means that when you authenticate against your own software, you can pass the authentication parameters to your partner. This allows them to interact with their partner’s software without having to authenticate more than once. This is done via XACML (Extensible Access Control Markup Language), which allows multiple organizations to share application security policies based on a trust model XACML is a markup language and processing model implemented in XML XACML is a markup language and processing model implemented in XML. It declares access control policies and describes how to interpret access control policies.

×：XML (Extensible Markup Language)

XML (Extensible Markup Language) is incorrect because it is a way to electronically code documents and represent data structures such as web services. XML is not used to share security information. XML is an open standard that is more robust than traditional HTML. In addition to serving as a markup language, XML also serves as the foundation for other industry-specific XML standards. With XML, companies can communicate with each other while using a markup language that meets their specific needs.

×：SPML

Service Provisioning Markup Language (SPML) is incorrect because it is used by companies to exchange user, resource, and service provisioning information rather than application security information. SPML is an XML-based framework developed by OASIS that allows enterprise platforms, such as web portals and application servers, to provision requests to multiple companies for the purpose of securely and quickly setting up web services and applications. It is intended to enable the generation of.

×：GML

Incorrect because GML (Generalized Markup Language) is a method created by IBM for document formatting. It describes a document in terms of parts (chapters, paragraphs, lists, etc.) and their relationships (heading levels). GML was the predecessor of SGML (Standard Generalized Markup Language) and HTML (Hypertext Markup Language).

Unfortunately, security components usually affect system performance but go unnoticed by the user. If system performance is significantly slower, security controls may be enforced. The reason controls must be transparent is so that users and intruders do not know enough to disable or bypass them.

While it is important to understand the term “transparent” in the realm of security, there is another way to answer the question in terms of solving it. If there is only one answer to a four-answer question, then answers that mean the same thing cannot be correct. Therefore, by grouping, the only answer that is correct is the one that does not belong to a group.

And the key point in this question is whether the user knows. The other choices indicate that the situation is communicated on the server side as an outsider, whether a legitimate user or an attacker, whereas only one is acknowledged on the server administrator’s side.

Archive bits are those that have been updated since the previous backup point in time. Full backups are full backups, so there is no need to be aware of where changes have occurred. Incremental backups also do not require awareness of change points because the backup portion is predetermined. Therefore, both clear the archive bit. However, differential backups do not clear the archive bit because only the changed part is known to be backed up.

It is a good thing for a module to have low coupling and high condensibility. The higher the degree of condensation, the easier it is to update and modify, and it does not affect other modules with which it interacts. This also means that modules are easier to reuse and maintain. Coupling degree is a measure of the amount of interaction a single module requires to perform its task. If a module’s coupling is low, it means that the module does not need to communicate with many other modules to perform its job. It is easier to understand and reuse than a module that depends on many other modules to perform its tasks. It will also be easier to modify modules without affecting the many modules around them. Therefore, the correct answer is “low-coupling, high-cohesion”.

〇：Regular training to change employee attitudes

Behavior-directed controls are intended to direct the behavior required of employees as part of organizational management. Regular training that changes employee awareness falls under the action-directed type. Therefore, the correct answer is “Regular training to change employee attitudes”.

×：Remotely directed defenses using drone audits

This falls under reinforcing (compensating) defensive measures.

×：Defensive measures to be behavioral psychological barriers due to physical barriers

This is a physical (physically) defensive measure.

×：Developing recurrence prevention measures to review certain actions

This is a corrective measure.

〇：Disk Redundancy

Information that is required to be available at all times must be mirrored or duplexed. In both mirroring (also called RAID 1) and duplexing, all data write operations are performed simultaneously or nearly simultaneously at multiple physical locations.

×：Direct Access Storage

Direct access storage is incorrect because it is a general term for magnetic disk storage devices traditionally used in mainframe and minicomputer (midrange computer) environments. RAID is a type of direct access storage device (DASD).

×：Striping

Incorrect because the technique of striping is used when data is written to all drives. This activity splits the data and writes it to multiple drives. Write performance is not affected, but read performance is greatly improved because multiple heads are getting data at the same time. Parity information is used to reconstruct lost or corrupted data. Striping simply means data; parity information may be written to multiple disks.

×：Parallel Processing

Parallel processing is incorrect because a computer has multiple processing units built into it to execute multiple streams of instructions simultaneously. While mirroring may be used to implement this type of processing, it is not a requirement.

In white box software testing, the tester has full knowledge of the program’s source code, data structures, variables, etc.

Service Organization Control (SOC) is a rule established by the American Institute of Certified Public Accountants (AICPA) to assure the internal control of the party contracted to perform services. Sometimes, work is contracted out to other firms. In order to guarantee the quality of its own work, the company that is contracted to perform the work must also have appropriate controls in place. For this reason, we check the internal control of the outsourcing company to which the work is outsourced.

• SOC-1 (Internal Control over Financial Reporting (ICFR)) Audits the accounting of the trustee company.
  SOC-2 (Trust Services Criteria): Checks security and other controls other than accounting for the fiduciary company. Usually takes six months to complete.
  SOC-3 (Trust Services Criteria for General Use Report) Confirms security and other controls other than accounting for unspecified persons (users).

Diameter is an authentication protocol that implements the AAA (Authentication, Authorization, Accounting) service, the successor to RADIUS. This can cause performance degradation and data loss. This can lead to performance degradation and data loss.

〇：Salt

A rainbow table is a pre-built list of ciphertexts that match plaintext and have hashes that match passwords. The table can contain millions of pairs. Salting is random data used as additional input to a one-way function that “hashes” a password or passphrase. The primary function of a salting is to protect against dictionary or compiled rainbow table attacks.

×：Login Attempt Restrictions

Effective against all unauthorized login methods, but not a direct or effective countermeasure against rainbow tables.

×：Key stretching

Replacing passwords with longer, random strings for encryption purposes.

×：Hashing

Password hashing is a fixed-length cipher (hash) statement for secure password storage.

〇：One-time pad

Stream ciphers refer to one-time pad technology. In practice, stream ciphers cannot provide the level of protection that one-time pads do, but are practical.

×：AES

AES is incorrect because it is a symmetric block cipher. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits.

×：Block ciphers

Block ciphers are used for encryption and decryption purposes. The message is wrong because it is divided into blocks of bits.

×：RSA

RSA is incorrect because it is an asymmetric algorithm.

〇：Data Encryption

The Advanced Encryption Standard (AES) is a data encryption standard developed to improve upon the previous de facto standard, Data Encryption Standard (DES). As a symmetric algorithm, AES is used to encrypt data. Therefore, the correct answer is “data encryption.

There are other situations where AES is used in the other choices, but encrypting data is the most focused or better answer. Thus, there are cases where all of the choices are correct.

×：Data integrity

This is a characteristic of digital signatures.

×：Key recovery

It is a property of decryption and key escrow.

×：Symmetric key distribution

Using symmetric keys for AES distribution lowers the key delivery problem.

〇：SMTP lacks proper authentication mechanisms.

Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.

×：The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.

If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.

×：Technically abolished by keyword filtering.

Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.

×：The blacklist function is not technically reliable.

If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.

〇：The expiration date should be set short.

Key management is critical for proper protection. Part of key management is to determine the key’s period of validity, which would be determined by the sensitivity of the data being protected. For sensitive data, periodic key changes are required and the key’s expiration date will be shortened. On the other hand, for less secure data, a key with a longer expiration date is not a problem.

×：Keys should be deposited in case of backup or emergency.

This is incorrect because it is true that keys must be deposited in the event of a backup or emergency situation. Keys are at risk of being lost, destroyed or damaged. Backup copies must be available and readily accessible when needed.

×：Keys must not be made public.

Of course. It is a key.

×：Keys should be stored and transmitted by secure means.

Wrong, since it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. If keys are distributed to users, they must be stored in a secure location in the file system and used in a controlled manner.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

Awareness is to inform the organization’s members of the information they already have in order to make them more vigilant again. Tranning is the input of information that is unknown to the members of the organization. Therefore, the difference between awareness-raising and tranning is whether the target audience is already aware of the information.

〇：Statistically predictable

The two main types of symmetric algorithms are block ciphers and stream ciphers. Block ciphers perform a mathematical function on a block of bits at a time. Stream ciphers do not divide the message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs the mathematical function on each bit individually. If it were statistically predictable, it would not be a practical encryption technique in the first place.

×：Statistically Fair Keystreams

Statistically fair keystreams are an element of good stream ciphers. Therefore, it is incorrect. Another way to say a statistically unbiased keystream is that it is a highly random keystream that is difficult to predict.

×：The repetitive pattern of bit strings treated in a keystream is long.

Another way to say the randomness of a keystream is that it is highly random, with long repetitions = rarely repeated = highly random.

×：The keystream is irrelevant to the key.

A keystream that is not related to a key is an element of a good stream cipher. Therefore, it is incorrect. This is important because the key provides the randomness of the encryption process.

〇：Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is an access control that enforces access privileges by pre-classifying resources into levels. There are several types of access rights to data files. There are several types of access rights to data files: the user of the data file, the owner who creates the data file, and the administrator who decides which owner can create the data. SELinux, TOMOYO Linux, Trusted BSD, and Trusted Solaris are methods used by MACs.

×：Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is an access control method that allows the owner of an access target to change access privileges.

×：Role Access Control (RAC)

There is no such term. A close equivalent is role-based access control, which divides accounts by role and applies access control to those roles.

×：Voluntary Access Control (VAC)

There is no such term.

〇：MTTR

Mean Time to Repair (MTTR) is the average time it takes to repair a device and return it to pre-failure production. Using a redundant array as an example, MTTR is the time it takes to replace the failed drive after the actual failure is noticed and the time the redundant array has completed rewriting the information on the new drive. Therefore, the correct answer is MTTR.

×：SLA

Service Level Agreements (SLA) are agreements on service quality, such as usage volume and failure recovery.

×：Hot Swap

Hot swapping refers to replacing, attaching, or disconnecting parts, cables, etc. while equipment is still in operation.

×：MTBF

Mean Time Between Failures (MTBF) is the average time it takes for a device to fail after repair.

A well-known port is a port number from 0 to 1023 that is reserved for standard services. There are three port number combinations. Well-known port numbers (0-1023) are port numbers officially registered with IANA. Registered port numbers (1024-49151) are port numbers that are officially registered with IANA. A dynamic/private port number (49152-65535) is a port number that is not officially registered with IANA.

Deleting a file is physically recoverable. Shredding, demagnetizing, and overwriting are all methods that render the file physically unrecoverable.

〇：The client generates a session key and encrypts it with a public key.

Transport Layer Security (TLS) uses public key cryptography to provide data encryption, server authentication, message integrity, and optionally client authentication. When a client accesses a cryptographically protected page, the web server initiates TLS and begins the process of securing subsequent communications. The server performs a three-handshake to establish a secure session. After that, client authentication with a digital certificate, as the case may be, comes in. The client then generates a session key, encrypts it with the server’s public key, and shares it. This session key is used as the symmetric key for encrypting the data to be transmitted thereafter. Thus, the correct answer is: “The client generates a session key and encrypts it with the public key.” will be

×：The server generates the session key and encrypts it with the public key.

The server does not encrypt with the public key.

×：The server generates a session key and encrypts it with the private key.

Even if encryption is performed from the server side, it can be decrypted with the public key, so it is not structurally possible.

×：The client generates a session key and encrypts it with its private key.

The client side does not have the private key.

〇：ISO / IEC 27005 – Guidelines for Bodies Providing Audits and Certification of Information Security Management Systems

The ISO / IEC 27005 standard is a guideline for information security risk management. ISO / IEC 27005 is an international standard on how risk management should be implemented within the framework of an ISMS.

×：ISO / IEC 27002 – Code of practice for information security management

This is not correct because it is a code of practice for information security management. Therefore, it has the correct mapping. ISO / IEC 27002 provides best practice recommendations and guidelines for starting, implementing, or maintaining an ISMS.

×：ISO / IEC 27003 – ISMS Implementation Guidelines

This is incorrect as it is a guideline for ISMS implementation. Therefore, it has the correct mapping. Focuses on the key aspects necessary for the successful design and implementation of an ISMS according to ISO / IEC 27001:2005. It describes the ISMS specification and design process from its inception to the creation of an implementation plan.

×：ISO / IEC 27004 – Guidelines for Information Security Management Measurement and Metrics Framework

This is incorrect because it is a guideline for an information security management measurement and metrics framework. Therefore, it has the correct mapping. It provides guidance on the development and use of measures to assess the effectiveness of an ISMS and a group of controls or controls, as specified in ISO / IEC 27001.

〇：Make the mail relay server available to everyone.

This is a question of choosing the “ineffective” one. An open mail relay server is not an effective countermeasure against spam. In fact, spammers often use spammers to distribute spam, because the attackers can hide their identities. An open mail relay server is an SMTP server configured to allow inbound SMTP connections from anyone on the Internet, and many relays are properly configured to prevent attackers from distributing spam and pornography. Thus, the correct answer is “have an email relay server available to everyone.” will be.

×：Build a properly configured mail relay server.

A properly configured mail relay server can also suppress spam mail.

×：Perform filtering at the e-mail gateway.

Filtering emails that are considered spam mail at the gateway will help to prevent spam mail.

×：Filtering at the client.

Filtering spam mail at the client, i.e., in a mailing application such as Outlook, is considered to be a countermeasure against spam mail.

〇：Capability Maturity Model Integration

Capability Maturity Model Integration (CMMI) is a comprehensive set of integration guidelines for developing products and software. It addresses the various phases of the software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operation, maintenance, and what should happen at each stage. The model describes the procedures, principles, and practices underlying the maturation of the software development process. It was developed to help software vendors improve their development processes. It will improve software quality, shorten the development life cycle, create and meet milestones in a timely manner, and adopt a proactive approach rather than a reactive approach that is less effective.

×：Software Development Life Cycle

Incorrect because the Software Development Life Cycle (SDLC) describes how a system should be developed and maintained throughout its life cycle and does not involve process improvement.

×：ISO/IEC 27002

Incorrect because ISO/IEC 27002 is an international standard that outlines how the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) create and maintain an organizational information security management system (ISMS). ISO/IEC 27002 has a section dealing with the acquisition, development, and maintenance of information systems, but does not provide a process improvement model for software development.

×：Certification and Accreditation Process

This is incorrect because the certification and accreditation (C&A) process handles testing and evaluation of systems against predefined criteria. This has nothing to do with improving the software development process.

MTD represents the time it takes to signify severe and irreparable damage to the reputation and bottom line of an organization; RTO values are smaller than MTD values; RTO assumes that there is a period of acceptable downtime.

Disaster Recovery Planning (DRP) is the process of creating short-term plans, policies, procedures, and tools to enable the recovery or continuation of critical IT systems in the event of a disaster. It focuses on the IT systems that support critical business functions and how they will be restored after a disaster. For example, it considers what to do if you suffer a distributed denial of service (DDOS) attack, if your servers are compromised, if there is a power outage, etc. BCP is more focused on what should happen and does not necessarily include system requirements.

Remote journaling means that a transaction log file, not the file itself, is sent remotely. A transaction is one or more update operations performed on a file. In other words, it is a history of updates to a file. This means that if the original file is lost, it can be reconstructed from the transaction log.

〇：Execution Domain Switching

Execution domain switching occurs when the CPU needs to move between executing instructions for a more trusted process versus a less trusted process. Trusted Computing Base (TCB) allows processes to switch domains in a secure manner to access different levels of information based on sensitivity. Execution domain switching occurs when a process needs to invoke a process in a higher protection ring. The CPU executes the user-mode instruction back into privileged mode.

At first glance, this is a geeky problem that does not make sense. But don’t give up. Since there is no such thing as skipping, you can only get a right or wrong answer when the question is posed, so it is preferable to answer the question with some degree of prediction.

From this point on, let’s consider how to answer the questions. If you look at the question text and read it to the point where it reads, “You moved from one area to the other, and that was a security breach?” If you can read to that point, then you have two choices: deny or “stop the process,” or change or “switch the domain of execution. Next, the question text reads “if you need to access it,” which is asking how to accomplish this objective, not whether or not you should.

×：Execution of I/O operations

This is incorrect because input/output (I/O) operations are not initiated to ensure security when a process in one domain needs to access another domain in order to retrieve sensitive information. I/O operations are performed when input devices (such as a mouse or keyboard) and output devices (such as a monitor or printer, etc.) interact with an application or applications.

×：Stopping a Process

A process deactivation is one that occurs when a process instruction is fully executed by the CPU or when another process with a higher priority calls the CPU, which is incorrect. When a process is deactivated, new information about the new requesting process must be written to a register in the CPU. The TCB component must ensure that this is done, since the data replaced in the registers may be confidential.

×：Mapping from virtual memory to real memory

Incorrect because memory mapping occurs when a process needs its instructions and data processed by the CPU. The memory manager maps logical addresses to physical addresses so that the CPU knows where to place the data. This is the responsibility of the operating system’s memory manager.

〇：3-tier architecture

The 3-tier architecture clearly distinguishes the three layers: the client has the user interface responsible for input and displaying results, and the server has the functional process logic responsible for data processing and data storage for accessing the database. The user interface role is generally handled by the front-end web server with which the user interacts. It can handle both static and cached dynamic content. The functional process logic is where requests are reformatted and processed. It is typically a dynamic content processing and generation level application server. Data storage is where sensitive data is held. It is the back-end database and holds both the data and the database management system software used to manage and provide access to the data.

×：2-tier architecture

Two-tier, or client/server, is incorrect because it describes an architecture in which a server serves one or more clients that request those services.

×：Screened Subnets

A screen-subnet architecture is for one firewall to protect one server (basically a one-tier architecture). The external, public-side firewall monitors requests from untrusted networks like the Internet. If one layer, the only firewall, is compromised, an attacker can access sensitive data residing on the server with relative ease.

×：Public and Private DNS Zones

Separating DNS servers into public and private servers provides protection, but this is not the actual architecture.

〇：Graham-Denning Model

The Graham-Denning model addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a basic set of rights in terms of the commands that a particular subject can execute on an object. The model has eight basic protective rights or rules on how to safely perform these types of functions

×：Brewer-Nash Model

It is incorrect because its purpose is to provide access control that can be changed dynamically according to the user’s previous actions. The main purpose is to protect against conflicts of interest due to user access attempts. For example, if a large marketing firm provides marketing promotions and materials for two banks, the employee responsible for the Bank A project should not be able to see information about Bank B, the marketing firm’s other bank customer. A conflict of interest could arise because the banks are competitors. If the project manager of the marketing firm’s Project A can see information about Bank B’s new marketing campaign, he may attempt to execute it rather than promote it to please more direct customers. Marketing firms have a bad reputation when internal employees can act irresponsibly.

×：Clark-Wilson Model

The Clark-Wilson model is incorrect because it is implemented to protect data integrity and ensure that transactions are properly formatted within the application. Subjects can only access objects through authorized programs. Segregation of duties is enforced. Auditing is required. The Clark-Wilson model addresses three integrity goals: preventing changes by unauthorized users, preventing inappropriate changes by unauthorized users, and maintaining internal and external consistency.

×：Bell-LaPadula Model

This model was developed to address concerns about the security of U.S. military systems and the leakage of classified information, and is incorrect. The primary goal of the model is to prevent unauthorized access to classified information. It is a state machine model that enforces the confidentiality aspect of access control. Matrices and security levels are used to determine if a subject has access to different objects. Specific rules are applied to control how objects interact with each other compared to the subject’s object classification.

The Health Insurance Interoperability and Accountability Act (HIPAA) has three rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. The rules mandate administrative, physical, and technical safeguards.

〇：SAML assertions are used to enable identity federation and distributed systems.

SAML provides a model that allows two parties to share authentication information about one entity. The two parties are considered a Service Provider (SP) and an Identity Provider (IdP). The Identity Provider asserts information about the principal, such as whether the subject is authenticated or has certain attributes. The service provider uses the information provided by the identity provider to make access decisions about the services it provides, including whether to trust the identity provider’s assertions. By trusting the identity provider’s information, the service provider can provide services without requiring the principal to authenticate again. This framework enables federated identification and distributed authentication across domains.

A SAML assertion is information about a principal contained in a SAML response that is returned to the service provider after authentication has been processed by the identity provider.

×：Two SAML assertions (authentication and authorization) are used to indicate that an authority by SAML has validated a particular subject.

The Identity Provider will not return two SAML assertions; one assertion will be returned per request.

×：The SAML binding specification describes how to embed SAML messages within the TCP and UDP protocols.

It is not classified in the sense of within the TCP and UDP protocols.

×：The SAML profile has a definition for issuing a refresh token.

Refresh tokens are a concept in the OAuth/OIDC family.

〇：A review by another coder after the coder has completed coding.

A static code review is a review performed by another engineer to mitigate points that were not apparent to the author. Thus, the correct answer is “Reviewed by another coder after the coder’s coding is complete.” will be.

×：To allow coders to see each other’s coding and work in parallel.

Extreme programming (XP, extreme programming) is a flexible method of developing a program while discussing it in pairs. It is not code review.

×：Ensuring that proper transaction processing is applied before check-in.

This is a statement about database commitment.

×：Ensuring that the appropriate questions and answers exist.

The presence of appropriate question and answer may be part of what is performed during the code review, but it is not a description of the code review itself.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

Student numbers, which are left to the control of each school, cannot be considered privacy information because they are not sufficient information to identify an individual.

〇：Entity integrity

Entity integrity ensures that a tuple is uniquely identified by its primary key value. A tuple is a row in a two-dimensional database. The primary key is the corresponding column value that makes each row unique. For entity integrity, every tuple must contain one primary key. If a tuple does not have a primary key, the tuple will not be referenced by the database.

×：Concurrent Maintainability

Concurrent integrity is not a formal term in database software and is therefore incorrect. There are three main types of integrity services: semantic, reference, and entity. Concurrency is software that is accessed by multiple users or applications simultaneously. Without controls in place, two users can access and modify the same data at the same time.

×：Referential Integrity

Referential integrity is incorrect because it references all foreign keys that refer to an existing primary key. There must be a mechanism to ensure that foreign keys do not contain references to non-existent records or null-valued primary keys. This type of integrity control allows relationships between different tables to work properly and communicate properly with each other.

×：Semantic Integrity

The semantic integrity mechanism is incorrect because it ensures that the structural and semantic rules of the database are in place. These rules concern data types, boolean values, uniqueness constraints, and operations that may adversely affect the structure of the database.

〇：Used in structured languages, it decreases development time but is somewhat resource intensive.

Third generation programming languages are easier to deal with than their predecessors. They reduce program development time and allow for simplified and quick debugging. However, these languages are more resource intensive when compared to second generation programming languages.

×：Intuitive manipulation of programming reduces effort, but the amount of manual coding for specific tasks tends to be greater than in previous generations.

The advantages and disadvantages of 4th generation programming are explained below. It is true that the use of heuristics in fourth generation programming languages has greatly reduced programming effort and errors in the code. However, there is something untrue about the fact that the amount of manual coding is more than required of 3rd generation languages.

×：The use of binaries for coding is very time consuming, but the potential for errors is reduced.

This is incorrect because it is a description of a machine language and implies the advantages and disadvantages of a first generation programming language.

×：It contributes to decreasing programming processing time, but knowledge of machine structures is essential.

Incorrect because it describes second generation programming languages. These languages require extensive knowledge of machine architecture and the programs written in them are only for specific hardware.

〇：Information used to reconstruct data

RAID can improve system performance by providing fault tolerance to the hard drive and the data it holds. Redundancy and speed are provided by splitting the data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve the requested information. Control data is also distributed across each disk. This is called parity, and if one disk fails, the other disks can work together to recover the data.

×：Information used to create new data

This is incorrect because parity information is not used to create new data, but rather as instructions on how to recreate lost or corrupted data.

×：Information used to erase data

Parity information is not used to erase data. This is incorrect because it is used as instructions on how to recreate lost or corrupted data.

×：Information used to construct data

Parity information is not used to create data. Incorrect because it is used as instructions on how to recreate lost or corrupted data.

〇：Operating system patching is easier.

This is an incorrect choice question. Virtualization does not simplify operating system patching. In fact, it complicates it by adding at least one additional operating system. Each operating system differs from the typical version configuration, adding to the complexity of patching. The server’s own operating system runs as a guest within the host environment. In addition to patching and maintaining the traditional server operating system, the virtualization software itself must be patched and maintained.

For this question, we do not require an understanding of all the technical systems of virtualization. What is required here is a selection of answers based on a process of elimination.

×：I can build a secure computing platform.

Building a secure computing platform may not be a feature of virtualization per se. However, can we build a secure environment? This is not a false choice because it cannot be ruled out.

×：It can provide fault and error containment.

Virtualization can be host independent. In terms of containment, it can be interpreted as being able to provide fault and error containment through independence from physical servers. Therefore, it cannot be denied and is therefore not an incorrect choice.

×：It can provide powerful debugging capabilities.

Virtualization can reproduce a unique environment, not just put up a clean virtual host. Therefore, it is undeniable and therefore out of the wrong choice.

〇：The ability to control access close to the resource.

Central access control has various advantages such as uniform rules and reduced operational burden. Distributed access control allows access control in close proximity to resources, thus protecting resources independently.

×：It should be possible to design a comprehensive

Distributed access control is not a comprehensive design because the authentication and authorization functions are distributed.

×：Relatively low cost.

Whether or not costs can be kept down cannot be determined by this design concept alone.

×：Logs from various devices make it easier to understand the current status.

Both central access control and distributed access control can acquire logs from various devices.

Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.

Carrier Sense Multiple Access Collision Detection (CSMA / CD) is used for systems that can transmit and receive simultaneously, such as Ethernet. If two clients listen at the same time and make sure the line is clear, both may transmit at the same time, causing a collision. Collision Detection (CD) is added to solve this scenario. The client checks to see if the line is idle and transmits if it is idle. If in use, they wait for a random time (milliseconds). During transmission, they monitor the network and if more input is received than transmitted, another client is also transmitting and sends a jam signal instructing other nodes to stop transmitting, wait a random time and then start transmitting again.

Within the U.S. military complex and national security apparatus, the most common names for data classification become unclassified and classified. “Classified” information includes classified, critical secret, and top secret (Top Secret). Classified data is data that, if improperly disclosed, could harm national security. Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security. Finally, Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security.

〇：Central Control Systems

The most common types of industrial control systems (ICS) are distributed control systems (DCS), programmable logic controllers (PLC), and supervisory control and data acquisition (SCADA) systems. Although these systems provide a type of central control function, central control systems are not considered a common type of ICS because these systems are inherently distributed. DCSs are used to control product systems for industries such as water, electricity, and refineries. A DCS connects controllers that are distributed across geographic locations using a centralized supervisory control loop. This supervisory controller requests status data from field controllers and feeds this information back to a central interface for monitoring. Status data retrieved from sensors can be used in failover situations. The DCS can provide redundant protection in a modular fashion. This reduces the impact of a single failure. In other words, if a part of the system goes down, the entire system does not go down.

×：Programmable Logic Controllers

A programmable logic controller (PLC) is a common industrial control system (ICS) used to connect sensors throughout a utility network and convert this sensor signal data into digital data that can be processed by software monitoring and management. Originally created to perform simplified logic functions within basic hardware, PLCs have evolved into powerful controllers used in both SCADA and DCS systems. In SCADA systems, PLCs are most commonly used to communicate with remote field devices, while in DCS systems they are used as local controllers in supervisory control schemes. PLCs provide an application programming interface that allows communication with engineering control software applications.

×：Supervisory Control and Data Acquisition

Supervisory Control and Data Acquisition (SCADA) is used to refer to computerized systems used to collect and process data and apply operational control to components that make up a utility-based environment. This is a common type of ICS. SCADA control centers allow centralized monitoring and control of field sites (e.g., power grid, water supply systems). Field sites have remote station control devices (field devices) that provide data to the central control center. Based on the data sent from the field device, an automated process or operator can control the remote device to solve a problem or send commands to change the configuration for operational needs. This is a difficult environment to work within because the hardware and software is usually proprietary to a particular industry. It is privately owned and operated. Communication can be via telecommunication links, satellites, and microwave-based systems.

×：Distributed Control Systems

This is incorrect because Distributed Control Systems (DCS) are a common type of ICS. In a DCS, control elements are not centralized. The control elements are distributed throughout the system and managed by one or more computers. SCADA systems, DCSs, and PLCs are used in industrial sectors such as water, oil and gas, electrical, and transportation. These systems are considered “critical infrastructure” and are highly interconnected and dependent systems. Until now, these critical infrastructure environments have not used the same types of technologies and protocols as the Internet, making them very difficult to attack in isolation. Over time, these proprietary environments were converted to IP-based environments using IP-based workstations connected to networking devices. While this transition allows for centralized management and control, it also creates a type of cyber attack that is always vulnerable to the computer industry.

〇：Conflict condition

A race condition is present when a process performs a task on a shared resource and the sequence could be in the wrong order. 2 or more processes can have a race condition if they use a shared resource, like data in a variable. It is important that processes perform their functions in the correct sequence.

×：Backdoors

Backdoors are incorrect because they are “listening” services on certain ports. Backdoors are implemented by attackers to allow easy access to the system without authenticating as a normal system user.

×：Maintenance Hooks

Maintenance hooks are specific software codes that allow easy and unauthorized access to sensitive parts of a software product. Software programmers use maintenance hooks to allow them to get quick access to the code so that they can make fixes in immediate, but this is dangerous.

×：Data validation errors

Data validation errors are wrong because an attacker cannot operate on the process execution sequence.

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

There is an unfamiliar term: data classification program. This is not a dictionary definition of the term. You want to classify data, what do you do to do that? What is the first step in this process? Since you are being asked about the “first step” in doing this, you can answer by listing the options in order and choosing the first option. Do not search the dictionary in your mind for the word “data classification,” think of the process flow of data classification, and recall the name of the first process.

In order, you might go from understanding the level of protection you need to provide, to specifying the data classification criteria, to determining the protection mechanisms for each classification level, to identifying the data controller. Whatever you do, the first step should be research. Then the problem is defined and the best answer is derived, which is the general solution to the problem.

〇：Security Management Committee

Steve serves on the Security Steering Committee, which is responsible for making decisions on tactical and strategic security issues within the company. The committee consists of individuals from across the organization and should meet at least quarterly. In addition to the responsibilities outlined in this question, the Security Steering Committee is responsible for establishing a clearly defined vision statement that supports it in cooperation with the organizational intent of the business. It should provide support for the goals of confidentiality, integrity, and availability as they relate to the business goals of the organization. This vision statement should be supported by a mission statement that provides support and definition to the processes that apply to the organization and enable it to reach its business goals.

Each organization may call it by a different name, or they may be entrusted with a series of definition-to-approval processes for security. In this case, the term “operations” is the closest that comes to mind.

×：Security Policy Committee

This is incorrect because senior management is the committee that develops the security policy. Usually, senior management has this responsibility unless they delegate it to an officer or committee. The security policy determines the role that security plays within the organization. It can be organizational, issue specific, or system specific. The Governing Board does not directly create the policy, but reviews and approves it if acceptable.

×：Audit Committee

Incorrect because it provides independent and open communication between the Board of Directors, management, internal auditors, and external auditors. Its responsibilities include the system of internal controls, the engagement and performance of the independent auditors, and the performance of the internal audit function. The Audit Committee reports its findings to the Governing Board, but does not fail to oversee and approve the security program.

×：Risk Management Committee

Incorrect as it is to understand the risks facing the organization and work with senior management to bring the risks down to acceptable levels. This committee does not oversee the security program. The Security Steering Committee typically reports its findings to the Risk Management Committee on information security. The risk management committee should consider the entire business risk, not just the IT security risk.

〇：Differential Backup

Backups can be taken in full, differential, or incremental. Most files are not changed daily to save very much time and resources, and it is better to develop a backup plan that does not back up for data that is not continually changing. In backup software, when a file is modified or created, the file system sets the archive bit and the backup software determines if that file should be backed up. A differential backup backs up files that have changed since the last full backup.

×：Incremental Backup

An incremental backup backs up all data that has changed since the last backup.

×：Full Backup

A full backup backs up the entire database or the entire system.

×：Partial Backup

Not in the backup category.

Disaster Recovery Planning includes the Mitigation, Preparedness, Response, and Recovery life cycles.

• Mitigation: Reduces the impact and likelihood of a disaster.
• Prepare: Create programs, procedures, and tools for response.
• Response: follow procedures and how to respond to a disaster.
• Recovery: re-establish basic functionality and return to a full production environment.

〇：To create an overview of business functions and systems

Outlining business functions and systems is not a reason to create and execute a disaster recovery plan. While these tasks are likely to be accomplished as a result of the disaster recovery plan, they are not a valid reason to implement the plan compared to other answers to the question. Usually occurring during the planning process, simply outlining business functions and systems is not enough to develop and implement a disaster recovery plan.

×：To create post-disaster recovery procedures

It is not correct to develop and implement a disaster recovery plan because providing post-disaster recovery procedures is a good reason to do so. In fact, this is exactly what a disaster recovery plan provides. The goal of disaster recovery is to take the necessary steps to minimize the impact of a disaster and ensure that resources, personnel, and business processes can resume operations in a timely manner. The goal of a disaster recovery plan is to handle the disaster and its consequences in the immediate aftermath.

×：To back up data and create backup operating procedures

Inappropriate, because not only backing up data but also extending backup operations is a good way to develop and implement a disaster recovery plan. When considering a disaster recovery plan, some companies focus primarily on backing up data and providing redundant hardware. While these items are very important, they are only a small part of a company’s overall operations. Hardware and computers need people to configure and operate them, and data is usually not useful unless it can be accessed by other systems or outside entities. All of these may require backups as well as data.

×：To establish emergency response procedures

This is incorrect because there are good reasons to establish and implement a disaster recovery plan, and providing emergency response procedures is a valid reason. Disaster recovery plans are implemented when everything is in emergency mode and everyone is scrambling to get all critical systems back online. Carefully written procedures will make this entire process much more effective.

Translated with www.DeepL.com/Translator (free version)

〇：Stateful Inspection

Stateful Inspection detects abnormal communication in which the request and response are linked and only the response is returned from a different server. Therefore, the correct answer is “Stateful Inspection.

×：Application Gateway

Commonly referred to as WAF, this is used when filtering is performed based on strings in telegrams, such as SQL injection.

×：Packet Filtering

Used for filtering by IP address or port.

×：Session Gateway

There is no such firewall category.

Brute force can be used to decrypt the plaintext, given enough time. This is valid for all key-based ciphers except one-time pads. Eventually the data will be decrypted, but so many false positives will occur that the data will be rendered useless.

〇：Software Configuration Management

Products that provide software configuration management (SCM) identify software attributes at various points in time and provide systematic control of change to maintain software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release. During a software development project, it is stored in a system that can be managed as a centralized code repository and perform SCM functions to track revisions made by multiple people to a single master set.

×：Software Change Control Management

This is incorrect as it is not an official term for this type of function. Software Change Control Management is only part of Software Configuration Management. Software configuration management systems provide concurrency management, version control, and synchronization.

×：Software Escrow

A software escrow framework in which a third party holds a copy of the source code that will be released to the customer in the event of certain circumstances, such as bankruptcy of the vendor who developed the code.

×：Software Configuration Management Escrow

Incorrect, as this is not an official term for this type of functionality.

Stored data is data that is stored on a disk or other media. Transmitted data is data flowing over a network. Used data is data that is in memory, cache, etc. and in use. Just because it is being transported by truck does not make it data that is being transferred. Therefore, “stored data” is the correct answer.

〇：Database Migration

The movement of accessible data from one repository to another may be required over its lifetime, but is generally not as important as the other phases provided in response to this question.

×：Data specification and classification

This is incorrect because the determination of what the data is and its classification is the first essential phase that can provide the appropriate level of protection.

×：Continuous monitoring and auditing of data access

Incorrect because without continuous monitoring and auditing of access to sensitive data, breaches cannot be identified and security cannot be guaranteed.

×：Data Archiving

Incorrect as even the most sensitive data is subject to retention requirements. This means that it must be archived for an appropriate period of time and with the same level of security as during actual use.

Point-to-Point Tunneling Protocol (PPTP) is a way to implement a virtual private network (VPN). It is Microsoft’s proprietary VPN protocol that operates at the data link layer of the OSI model; PPTP can only provide a single connection and can operate over a PPP connection.

Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.

〇：Check for errors caused by principal code modifications.

Regression testing finds defects after code changes have occurred. It looks for reduced or lost functionality, including old bugs. Therefore, the correct answer is: “Check for errors due to changes in the main code.” will be.

×：Install the developed software on the customer’s hardware.

This is not a test, but part of the release.

×：Checking the detection and processing when faced with a failure.

This is so-called troubleshooting and is accomplished by handing over the operational plan and procedures to the operations team.

×：Checking the interfaces of software components.

This is testing against the interface and is performed as part of the test items for internal and external coupling tests.

Level 2 of the software functional maturity model is reproducible. It is a maturity level where some processes are reproducible and produce constant results. The process discipline is not rigorous, but it helps to maintain existing processes. Therefore, the correct answer is Level 2.

At Level 1, the process is usually undocumented and dynamic. It tends to be driven by users and events in an ad hoc, uncontrolled, reactive manner. As a result, the process is chaotic and unstable.

At Level 2, at maturity, some processes are repeatable and will produce consistent results. Process discipline will not be rigid, but where it exists it will help ensure that existing processes are maintained.

At Level 3, a documented set of standard processes has been established and has improved somewhat over time.

At Level 4, the process is being evaluated to ensure that it is achieving its goals. Process users experience the process under multiple and varied conditions to demonstrate competence.

Level 5 focuses on continuous improvement of process performance through incremental and innovative technical changes/improvements.

〇：Cost-benefit analysis

To require that controls be put in place to reduce risk within acceptable limits, measures need to be selected that are identified as realistic, sufficiently likely, and sufficiently impactful. Simply analyzing the costs and benefits of possible measures will help determine what measures should be taken.

×：Risk Analysis

This is incorrect because risk determination is only the first step in identifying what may be needed to control risk within acceptable thresholds.

×：ALE Consequences

Wrong because ALE informs the firm of what it could lose if a particular threat becomes real. The value of the ALE goes into the cost-benefit analysis, but the ALE does not address the costs of the countermeasure and the benefits of the countermeasure.

×：Identifying vulnerabilities and threats that pose a risk

This is incorrect because although the vulnerability and threat assessments make the need for countermeasures known, the assessments alone do not determine what the cost-effectiveness of the competing countermeasures is expected to be.

〇：CA signs certificates.

A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.

×：RA creates the certificate and CA signs it.

Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.

×：RA signs certificates.

The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.

×：The user signs the certificate.

Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.

Circuit switching is a dedicated communication channel through a network. The circuit guarantees full bandwidth. The circuit functions as if the nodes were physically connected by cables.

〇：Lock out the account for a certain period of time after reaching the clipping level.

Brute force attack is an attack that continuously tries different inputs to achieve a predefined goal that can then be used to qualify for unauthorized access. A brute force attack to discover the password means that the intruder is trying all possible sequences of characters to reveal the correct password. This proves to be a good countermeasure if the account will be disabled (or locked out) after this type of attack attempt is made.

×：Increase the clipping level.

Clipping levels are wrong because they need to be implemented to establish a baseline of user activity and acceptable error. Entities attempting to log into an account after the clipping level is met should be locked out. A high clipping level gives the attacker more attempts during a warning or lockout. Lowering the clipping level is a good countermeasure.

×：After the threshold for failed login attempts is met, the administrator should physically lock out the account.

This is incorrect because it is impractical to have an administrator physically lock out an account. This type of activity can easily be taken care of through automated software mechanisms. Accounts should be automatically locked out for a certain amount of time after a threshold of failed login attempts is met.

×：Encrypt password files and choose a weaker algorithm.

Encrypting passwords and/or password files and using a weaker algorithm is incorrect as it increases the likelihood of a successful brute force attack.

〇：Representatives from each department meet and undergo validation.

Structured walk-through testing allows functional personnel to review the plan as it is fulfilled to ensure its accuracy and validity.

×：Ensures that some systems will run at alternate sites.

This is incorrect because it describes parallel testing.

×：Send a copy of the disaster recovery plan to all departments to verify its completeness.

This is incorrect because it describes a checklist test.

×：Take down the normal operation system.

This is incorrect because it describes a full interruption test.

〇：Security

Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.

The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.

×：Cost

Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.

×：Convergence

Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.

×：Flexibility

Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.

〇：Diameter

Diameter is an authentication, authorization, and audit (AAA) protocol that not only provides the same kind of functionality as RADIUS and TACACS, but also offers more flexibility and capabilities to meet the emerging demands of today’s complex and diverse networks. Once all remote communication is done via Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) connections, users can authenticate themselves via Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) to authenticated. The technology has become much more complex and there are multiple devices and protocols to choose from over the ever increasing Diameter protocol, Mobile IP, PPP, Voice over IP (VoIP), and other over Ethernet, wireless devices, smart phones, and other devices can authenticate themselves to the network using roaming protocols.

×：Watchdog

Watchdog timers are wrong because such processes are generally used to detect software failures such as abnormal termination or hangs. The watchdog function sends out “heartbeat” packets to determine if the service is responding. If not, the process can be terminated or reset. These packets help prevent software deadlocks, infinite loops, and process prioritization problems. This feature can be used in the AAA protocol to determine if a packet needs to be retransmitted and if a problem occurs and the connection should be closed and reopened, but it is not in the access control protocol itself.

×：RADIUS

Remote Authentication Dial-In User Service (RADIUS) is wrong because it is a network protocol and provides client/server authentication, authorization, and auditing for remote users.

×：TACACS

Terminal Access Controller Access Control System Plus (TACACS ) is incorrect because it provides essentially the same functionality as RADIUS.

〇：All security activities shall be conducted within the security department.

When all security activities are performed within the security department, security functions within a silo and is not integrated throughout the organization. In companies that have a security governance program in place, security responsibilities are pervasive throughout the organization, from senior management down the chain of command. A common scenario is executive management with the executive director of operations responsible for risk management activities for a particular business unit. Additionally, employees are responsible for malicious or accidental security breaches.

×：Officers will be updated quarterly on the company’s security status.

Incorrect. Security governance is providing strategic guidance, ensuring that goals are being met, risks are properly managed, and resources are used responsibly. Organizations with a security governance program have a board of directors that understands the importance of security and is aware of the organization’s security performance and breaches.

×：Deploy security products, services, and consultants in an informed manner.

Security governance is incorrect because it is a cohesive system of integrated security components that includes products, people, training, and processes. Therefore, organizations that have a security governance program in place will assist consultants with security products, management services, and consultants in an informed manner. They are also constantly reviewed to ensure they are cost effective.

×：The organization establishes metrics and goals for improving security.

inaccurate because security governance requires performance measurement and oversight mechanisms. Organizations that have a security governance program in place are continually reviewing their processes, including security, with the goal of continuous improvement. On the other hand, an organization lacking a security governance program may proceed without analyzing its performance, thus repeating the same mistakes.

〇：Converts bytecode to machine-level code.

Java is an object-oriented, platform-independent programming language. It is used as a full-fledged programming language to write programs called applets that run in the user’s browser. java is platform independent because it creates intermediate code that is not processor-specific bytecode. java virtual machine (JVM) converts bytecode into machine-level code that can be understood by processors on a particular system.

×：Converts source code to bytecode and blocks the sandbox.

Incorrect because the Java Virtual Machine converts bytecode to machine-level code. The Java compiler does not convert source code to bytecode. The JVM also creates a virtual machine in an environment called the sandbox. This virtual machine is the enclosed environment in which the applet executes its activities. The applet is typically sent via HTTP within the requested web page and is executed as soon as the applet arrives. If the applet developer fails to function properly, it may intentionally or accidentally perform a malicious act. Therefore, the sandbox strictly limits the applet’s access to system resources. The JVM mediates access to system resources to ensure that applet code runs and works within its own sandbox.

×：It runs only on specific processors within a specific operating system.

This is incorrect because Java is an object-oriented, platform-independent programming language. Other languages are compiled into object code for specific operating systems and processors. Thus, a particular application can run on Windows, but not on the Mac OS. Intel processors do not necessarily understand machine code compiled for Alpha processors. Java is platform independent because it creates intermediate code bytecode. It is not processor-specific code bytecode.

×：Develop an applet that runs in the user’s browser.

This is incorrect because the Java Virtual Machine does not create applets. Java is adopted as a full-fledged programming language and is used to write complete and short programs called applets that run in the user’s browser. Programmers create Java applets and run them through a compiler. The Java compiler converts the source code into byte code. The user then downloads the Java applet. The bytecode is converted to machine-level code by the JVM. Finally, the applet is executed when invoked.

〇：System logs that operate and are acquired on a daily basis

It is necessary to show that the logs are different from common usage in order to determine whether the access is unauthorized or not. Also, it is less reliable as legal evidence regarding logs that are not routinely obtained.

×：System logs from sophisticated products that comply with international standards

Market sophistication is not a requirement for legal evidence. Conversely, it is unlikely that software developed in-house cannot be used for legal archives.

×：System logs printed and stored as physical media

Whether or not logs are printed is not necessarily a legal requirement. Since the records are printed out as software, they are not purely physical evidence.

×：System logs close to the infrastructure recorded at the OS layer

Logs close to the OS layer have greater systemic traceability, but they are also less relevant to user operations and are not suitable as evidence of unauthorized access.

〇：Unit Testing

Unit testing involves testing individual components in a controlled environment to verify data structures, logic, and boundary conditions. After the programmer develops a component, it is tested with several different input values and in a variety of situations. Unit testing can begin early in the development process and usually continues throughout the development phase. One of the benefits of unit testing is that it identifies problems early in the development cycle. It is easier and less expensive to make changes to individual units.

×：Acceptance Testing

This is incorrect because acceptance testing is done to verify that the code meets the customer’s requirements. This test is applied to some or all of the application, but usually not individual components.

×：Regression Testing

Regression testing is incorrect because it implies retesting a system after changes have been made to ensure its functionality, performance, and protection. Essentially, regression testing is done to identify bugs where functionality no longer works as intended as a result of a program change. It is not uncommon for developers to fix one problem, accidentally create a new problem, or fix a new problem and solve an old one. Regression testing involves checking for previously fixed bugs to ensure that they have not reappeared and re-running previous tests.

×：Integration Testing

Integration testing is incorrect because it verifies that components work together as outlined in the design specification. After unit testing, individual components or units are tested in combination to verify that they meet functional, performance, and reliability requirements.

The expected annual loss amount is the value of losses that could occur in the future, equalized on an annual basis based on the frequency of occurrence. Therefore, it is the Single Loss Expectancy (SLE) multiplied by the annual frequency of occurrence (ALO).

〇：Zachman Framework

The Zachman Framework is an enterprise architecture that determines the what, how, where, who, when, and why for each mandate. Enterprise architecture is to create a management structure to achieve business goals. We create an organization to achieve business goals, and basically, the larger the business goals, the larger the organization. If the structure of the organization is not in place, the organization will not run efficiently, as there may be residual work that needs to be done, or there may be friction between jobs due to authority that is covered by others. Therefore, it is necessary to clarify the scope of each job authority in order to put the organization in order. The job authority here is different from the perspectives of human resources or sales. It is easier to think of them as hierarchically separated to achieve business goals. Clarify the scope in Executive, Business Management, Architecture, Engineers, Subcontractors, and Stakeholders, respectively. Therefore, the correct answer is the Zachman Framework.

×：SABSA

SABSA (Sherwood Applied Business Security Architecture) is a framework to ensure that security measures are working properly in achieving business goals. Unlike the Zachman Framework, the tasks to be organized are hierarchical elements. Business Requirements > Conceptual Architecture > Logical Service Architecture > Physical Infrastructure Architecture > Technology and Products, each with a 5W1H practice.

×：Five-W method

There is no such term. If there is, it is a term coined to make it easier to interpret.

×：Biba Model

The Biba model is a security model that indicates that data cannot be changed without permission.

〇：Interface test is intended to verify correct operation in the correct state. Misuse case testing is intended to verify that problems occur in error conditions.

All applications must undergo interface testing to ensure proper function and use. They should undergo misuse case testing to determine if their intentional misuse could cause errors that would harm the confidentiality, integrity, and availability of the data to which the application provides access.

×：Interface test is intended to determine if a problem occurs in an error condition. Misuse case testing is intended to verify correct operation in the correct state.

While it may be possible to find incorrect behavior based on the assumption that the correct behavior occurs, the sentence is backwards in terms of the purpose of the test as well.

×：Interface testing is intended to check for proper usability. Misuse case testing monitors when errors occur.

Interfaces are not limited to usability. It is also a test for the API for server-to-server communication.

×：Interface testing and misuse case testing are essentially the same.

Essentially, the purpose of the test and the creation of an environment to achieve that purpose are different.

〇：Service Strategy

The basic approach of ITIL is to create a service strategy that focuses on the overall planning of the intended IT services. Once the initial planning is complete, it provides guidelines for the design of validated IT services and overall implementation policies. The service transition phase is then initiated, providing guidelines for the assessment, testing, and validation of the IT services. This enables the transition from the business environment to the technical service. Service Operations ensures that all determined services have achieved their objectives. Finally, Continuous Service Improvement points out areas for improvement throughout the service lifecycle. Service strategy is considered the core of ITIL. It consists of a set of guidelines that include best practices for planning, design, and alignment of IT and business approaches, market analysis, service assets, setting goals to provide quality service to customers, and the strategy and value of implementing the service strategy.

×：Service Operations

Service operations is a critical component of the lifecycle when services are actually delivered, and something like ITIL that provides guidance is not at the core of actual operations. Lifecycle operations define a set of guidelines that ensure that an agreed level of service is delivered to the customer. The different genres incorporated by service operations include event management, problem management, access management, incident management, application management, technology management, and operations management. Service Operations balances between conflicting goals such as technology and business requirements, stability and responsiveness, cost and quality of service, and competing proactive activities.

×：Service Design

Inadequate because it involves a set of best practices for the design of IT services, including processes, architecture, policies, and documentation to meet current and future business requirements. The goal of service design is to design services according to agreed business objectives. Design processes that can support lifecycle and risk identification and management. Involves improving IT service quality as a whole.

×：Service Migration

Service Migration is incorrect because it focuses on delivering the services proposed by the business strategy for operational use. It also includes guidelines to enable a smooth transition of the business model to technical services. If service requirements change after design, Service Migration ensures that those requirements are delivered in accordance with the changed design. Areas of focus for these guidelines include the responsibilities of personnel involved in the migration transition plan and support, change management, knowledge management, release and deployment management, service verification and testing, and evaluation.

〇：Keys will need to be distributed via a secure transmission channel.

For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.

×：Computation is more intensive than in asymmetric systems.

That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.

×：Much faster operation than asymmetric systems

Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.

×：Mathematically intensive tasks must be performed

Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.

〇：The sender encrypts the message digest with his/her private key.

A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.

×：The sender encrypts the message digest with his/her public key.

The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.

×：The receiver encrypts the message digest with his/her private key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

×：The receiver encrypts the message digest with his/her public key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

Risk is the multiplication of threats and vulnerabilities. If the threat is at least as great as the vulnerability is fatal, it is a significant impact, or risk. Therefore, the best illustration of the relationship between the four rules is the multiplier.

〇：Public key infrastructure is a mechanism configuration for public key cryptographic distribution, and public key cryptography is another name for asymmetric encryption.

Public key cryptography is asymmetric cryptography. The terms are used interchangeably. Public key cryptography is a concept within the Public Key Infrastructure (PKI), which consists of various parts such as Certificate Authorities, Registration Authorities, certificates, keys, programs, and users. Public Key Infrastructure is used to identify and create users, distribute and maintain certificates, revoke and distribute certificates, maintain encryption keys, and for the purpose of encrypted communication and authentication.

×：Public key infrastructure uses symmetric algorithms and public key cryptography uses asymmetric algorithms.

This is incorrect because the public key infrastructure uses a hybrid system of symmetric and asymmetric key algorithms and methods. Public key cryptography is to use asymmetric algorithms. Therefore, asymmetric and public key cryptography are interchangeable, meaning they are the same. Examples of asymmetric algorithms are RSA, elliptic curve cryptography (ECC), Diffie-Hellman, and El Gamal.

×：Public key infrastructure is used to perform key exchange, while public key cryptography is used to create public/private key pairs.

This is incorrect because public key cryptography is the use of asymmetric algorithms used to create public/private key pairs, perform key exchange, and generate and verify digital signatures.

×：Public key infrastructure provides confidentiality and integrity, while public key cryptography provides authentication and non-repudiation.

Incorrect because the public key infrastructure itself does not provide authentication, non-repudiation, confidentiality, or integrity.

〇：Buffer overflow

A buffer is an area reserved by an application to store something in it, like some user input. After the application receives input, the instruction pointer is put into the buffer. A buffer overflow occurs when the application accidentally allows the input to overwrite the instruction pointer in the code and write it to the buffer area. Once the instruction pointer is overwritten, it can be executed under the application’s security context.

×：Traffic Analysis

Traffic Analysis is incorrect because it is a method of revealing information by looking at traffic patterns on the network.

×：Race Condition

Incorrect because it does not indicate a race condition attack; if two different processes need to perform their tasks on a resource, they need to follow the correct order.

×：Covert Storage

Incorrect because in a covert storage channel, processes are capable of communicating through some type of storage space on the system.

〇：For early detection or enclosure in the event of an attack.

Attackers will conduct an investigation before launching a substantial attack. In such cases, a vulnerable network can provide preventative information such as where the attacker is accessing the network from. This is because only an attacker would have the incentive to break into the network. Vulnerable network domains, such as honeypots, make this kind of intrusion easier and clarify the attacker’s behavior. Thus, the correct answer is “to detect or enclose them early in the event of an attack.” will be

×：Debugging environment for when a system outage occurs in the current environment.

The answer is not to intentionally create a vulnerable environment. It is only the result of creating an environment that is vulnerable.

×：Aiming to prevent regressions due to old vulnerabilities.

Even if it is an old vulnerability, it should be addressed and there is no point in allowing it to remain.

×：A special environment for running a product with a low version that is no longer supported.

It is not an answer to intentionally create a vulnerable environment. It is merely the result of creating an environment that is vulnerable.

Gates and fences are used as physical deterrents and preventative measures. Fences as small as 3 feet can be a deterrent, but as tall as 8 feet can be a deterrent and prevention mechanism. The purpose of the fence is to limit the routes in and out of the facility so that they occur only through doors, gates, and turnstiles.

〇：Federation Identity

A federation identity is a portable identity and associated credentials that can be used across business boundaries. It allows users to authenticate across multiple IT systems and across the enterprise. Federation Identity is based on linking otherwise distinct identities of users in two or more locations without the need to synchronize or consolidate directory information. Federated Identity is an important component of e-commerce, providing businesses and consumers with a more convenient way to access distributed resources.

×：User Provisioning

User provisioning is incorrect because it refers to the creation, maintenance, and deactivation of user objects and attributes.

×：Directory

While most companies have some type of directory that contains information about company network resources and users, generally these directories are not utilized as spread across different companies. It is true that nowadays, with open APIs and cloud computing, there is a trend to deploy services through a single directory, but the directory service itself does not include resource sharing implications. In other words, it is just used as a shared service.

×：Web Access Management

Web Access Management (WAM) software is incorrect because it controls what users can access when using a Web browser to interact with Web-based corporate assets.

〇：How to use the data

How data is used does not depend on how sensitive it is. In other words, data is sensitive no matter how it is used, even if it is not used at all.

×：Identifying who needs access to the data

Wrong. This is because data classification criteria must take into account very directly who needs access to the data and their clearance level in order to see sensitive data. If data is classified at too high a level, that user will not have access. If the level is classified too low, an unauthorized user may access the data.

×：Value of the data

This is incorrect because the intrinsic value of the data directly determines the degree of protection. This is determined by its classification. This is true regardless of whether the prioritization must be confidentiality, integrity, or availability.

×：The level of damage that could occur if the data were disclosed.

This is erroneous because the degree of damage that disclosure, modification, or destruction of the data would cause is directly related to the level of protection that must be provided.

Disk mirroring means writing the same data to multiple hard disks; a RAID (Redundant Array of Independent Disks) controller must write all data twice, requiring at least two disks. Disk striping can also be provided when parity is used, but disk striping alone cannot provide redundancy.

〇：Virtual Container for Data from Multiple Sources
Network directories are containers for users and network resources. Because one directory does not contain all the users and resources in an enterprise, a collection of directories must be used. A virtual directory collects the necessary information used from sources scattered throughout the network and stores it in a central virtual directory (virtual container). This provides a unified view of digital identity information for all users across the enterprise. The virtual directory is regularly synchronized with all identity stores (individual network directories) to ensure that up-to-date information is being used by all applications and identity management components in the enterprise.

×：Metadirectory

Virtual directories are similar to metadirectories, but incorrect because metadirectories work with one directory and virtual directories work with multiple data sources. When the Identity Management component calls the virtual directory, it can scan different directories across the enterprise, but the metadirectory only has the ability to scan one directory it is associated with.

×：User attribute information stored in the HR database

Incorrect because it describes an identity store. Much of the information stored in identity management directories is scattered throughout the enterprise. User attribute information (employee status, job description, department, etc.) is typically stored in the HR database. Authentication information can be stored in a Kerberos server, and resource-oriented authentication information can be stored in the domain controller’s Active Directory. These are commonly referred to as identity stores and are located elsewhere on the network. Many identity management products use virtual directories to call up the data in these identity stores.

×：Services that allow administrators to configure and manage the way identities are

This is incorrect because it describes a directory service. Directory services allow administrators to configure and manage how identification, authentication, permissions, and access control are performed within a network. It uses namespaces to manage objects in the directory and enforces security policies configured by performing access control and identity management functions.

〇：Normalization

Normalization is the process of efficiently organizing data by eliminating redundancy, reducing the potential for anomalies during data manipulation, and improving data consistency within a database. It is a systematic method of ensuring that database structures are correctly designed so that undesirable characteristics (insert, update, and delete anomalies) do not occur and data integrity is lost.

×：Polymorphism

Polymorphism is incorrect because different objects are given the same input and react differently.

×：Database View Implementation

A database view is a logical access control, implemented so that one group or specific user can see certain information and another group is restricted from seeing it completely, which is incorrect. For example, a database view could be implemented so that middle management can see the profits and expenses of a department without seeing the profits of the entire enterprise. Database views do not minimize duplicate data. Rather, it manipulates how the data is displayed by a particular user/group.

×：Schema Construction

Schemas in database systems are incorrect because they are structures described in a formal language. In a relational database, a schema defines tables, fields, relationships, views, indexes, procedures, queues, database links, directories, etc. A schema describes the database and its structure, but not the data that exists in the database itself.

A security document documents the security to be achieved.” To achieve “strong security” a clear definition is needed. Since the definition varies from organization to organization, it is necessary to put it in writing. There are five documents, with policy at the top, each of which is mandatory or optional.

〇：Telnet must be used to send commands and data.

Telnet sends all data, including administrator credentials, in plain text and should not be allowed for remote administration. This type of communication should be via a more secure protocol, such as SSH.

×：Only a small number of administrators should be allowed to perform remote functions.

Wrong, as it is true that only a few administrators should be able to perform remote functions. This minimizes the risk to the network.

×：Critical systems should be managed locally, not remotely.

Wrong because it is true that critical systems need to be managed locally, not remotely. It is safer to send management commands on an internal private network than over a public network.

×：Strong authentication is required.

Wrong because it is true that strong authentication is required for any management activity. Anything weaker than strong authentication, such as a password, is easy for an attacker to break in and gain administrative access.

The Clipper chip is a chipset developed by the National Security Agency (NSA) and implemented as an encryption device that protects “voice and data messages” as an embedded backdoor. It used SkipJack, a block cipher.

〇：To issue ethics-related statements on the use of the Internet.

The Internet Architecture Board (IAB) is the coordinating committee for the design, engineering, and management of the Internet. It is responsible for monitoring and appealing Internet Engineering Task Force (IETF) activities, the Internet standards process, and the architecture of Request for Comments (RFC) editors. The IAB issues ethics-related statements on the use of the Internet. The Internet is a resource that depends on availability and accessibility and is considered useful to a wide range of people. Primarily, irresponsible behavior on the Internet may threaten its existence or adversely affect others.

×：Develop guidelines for criminal sentencing.

The IAB is incorrect because it has nothing to do with the Federal Court Guidelines, which are the rules judges use in determining the appropriate punitive sentence for certain felonies or misdemeanors committed by individuals or businesses. The Guidelines serve as the uniform sentencing policy for entities committing felonies and/or gross misdemeanors in the U.S. federal court system.

×：Edit RFC.

The Internet Architecture Board is responsible for editing RFCs (Request for Comments), which is incorrect because this task is not ethics-related. This answer is a distraction.

×：Maintain the Ten Commandments of Computer Ethics.

This is incorrect because the Institute for Computer Ethics, not the IAB, develops and maintains the Ten Commandments of Computer Ethics. The Institute for Computer Ethics is a non-profit organization that works to advance technology through ethical means.