〇：Ensure the security of customer, company, and employee data.

The Chief Privacy Officer (CPO) is responsible for ensuring the security of customer, company, and employee data; the CPO is directly involved in setting policies regarding how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports reports and findings to the Chief Security Officer (CSO). Thus, the correct answer is “Ensure that customer, company, and employee data is protected.” The answer is “Yes.

Perhaps you did not know what a CPO is. The point of this question is to see if you can conceive of the protection of personal information from the word privacy. When you see some words you don’t know in the actual exam, don’t throw them away because you don’t know what they mean. There are always hints.

×：Ensure the protection of partner data.

CPOs are responsible for ensuring the security of customer, company, and employee data.

There can be protection of partner data, but not in the sense of a primary role.

×：Ensuring the accuracy and protection of company financial information.

This is not considered to be a protection of privacy.

×：Ensuring that security policies are defined and implemented.

This is a common objective for all personnel/responsible parties and is not focused in the context of your role as Chief Privacy Officer (CPO).

〇：Capability Maturity Model Integration

Capability Maturity Model Integration (CMMI) is a comprehensive set of integration guidelines for developing products and software. It addresses the various phases of the software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operation, maintenance, and what should happen at each stage. The model describes the procedures, principles, and practices underlying the maturation of the software development process. It was developed to help software vendors improve their development processes. It will improve software quality, shorten the development life cycle, create and meet milestones in a timely manner, and adopt a proactive approach rather than a reactive approach that is less effective.

×：Software Development Life Cycle

Incorrect because the Software Development Life Cycle (SDLC) describes how a system should be developed and maintained throughout its life cycle and does not involve process improvement.

×：ISO/IEC 27002

Incorrect because ISO/IEC 27002 is an international standard that outlines how the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) create and maintain an organizational information security management system (ISMS). ISO/IEC 27002 has a section dealing with the acquisition, development, and maintenance of information systems, but does not provide a process improvement model for software development.

×：Certification and Accreditation Process

This is incorrect because the certification and accreditation (C&A) process handles testing and evaluation of systems against predefined criteria. This has nothing to do with improving the software development process.

〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

〇：Can be the cheapest of the off-site options, but can create many security problems due to mixed operations.

Reciprocal agreements, also called mutual aid, mean that Company A agrees to allow Company B to use its facilities if Company B suffers a disaster, and vice versa. While this is a less expensive way to move than other off-site alternatives, it is not always the best choice. In most environments, the facility has reached its limits regarding the use of space, resources, and computing power. To allow different firms to come in and operate out of the same store could be detrimental to both firms. The stress of both companies working in the same environment can cause tremendous levels of tension. If that did not work out, it would provide the only short-term solution. Configuration management could be a nightmare, and mixing operations could result in many security problems. Reciprocal agreements have been known to work well for certain companies, such as newsprint. These firms require very specific technology and equipment that is not available through any subscription service. For most other organizations, reciprocity agreements are, at best, generally a secondary option for disaster protection.

×：Fully set up and ready to operate within a few hours is the most expensive of the off-site options.

This is a description of a hot site.

×：Inexpensive option, but takes the most time and effort to get up and running after a disaster.

Explanation for cold sites.

×：A good alternative for companies that rely on proprietary software, but regular annual testing is usually not available.

This is incorrect as it describes with respect to companies that depend on proprietary software. Having proprietary software in a shared space with other vendors is basically undesirable from the standpoint of license agreements involved.

VoIP uses UDP. It is real-time oriented, and it is probably better to lose one or two packets than to retransmit a few seconds later in a connectionless fashion.

〇：Identity Theft

Identity theft is a situation in which a person obtains important personal information, such as driver’s license numbers, bank account numbers, identification cards, or social security numbers, and uses that information to impersonate another person. Typically, identity thieves use personal information to obtain credit, goods, or services in the victim’s name. This can have consequences such as destroying the victim’s credit rating, creating a false criminal record, and issuing an arrest warrant to the wrong individual. Identity theft can be categorized in two ways: true name and account takeover. True name identity theft means that the thief uses your personal information to open a new account. The thief might open a new credit card account, establish cell phone service like Sam’s, or open a new checking account to obtain blank checks.

×：Phishing Scams

Incorrect because it is a type of social engineering attack intended to obtain personal information, letters of credit, credit card numbers, and financial data. Attackers use a variety of methods to entice users to divulge sensitive data. While the goal of phishing scams is to get victims to hand over their personal information, the goal of identity theft is to use that personal information for personal or financial gain. Attackers can use phishing attacks as a means of committing identity theft.

Since the specific technique is not described in the question text, it cannot be said to be a phishing scam.

×：Pharming

Incorrect, as this is a technical attack in which the victim is deceived into submitting personal information to the attacker via an unauthorized website.The victim types a web address such as “www.nicebank.com” into their browser. The victim’s system sends a request to the victimized DNS server that directs the victim to a website under the attacker’s control. The site looks like the requested Web site, and the user enters his or her personal information. The personal information can be used by the attacker for identity theft.

We cannot say that this is pharming because the specific technique is not described in the question text.

×：Account takeover

Account takeover identity theft is incorrect because it means using personal information to access a person’s existing account rather than opening a new account. Typically, the mailing address on the account is changed and a huge bill is filed before the person whose account was stolen is aware of the problem. The Internet has made it easier for identity thieves to use stolen information because they can conduct transactions without personal interaction.

Risk is the multiplication of threats and vulnerabilities. If the threat is at least as great as the vulnerability is fatal, it is a significant impact, or risk. Therefore, the best illustration of the relationship between the four rules is the multiplier.

〇：For early detection or enclosure in the event of an attack.

Attackers will conduct an investigation before launching a substantial attack. In such cases, a vulnerable network can provide preventative information such as where the attacker is accessing the network from. This is because only an attacker would have the incentive to break into the network. Vulnerable network domains, such as honeypots, make this kind of intrusion easier and clarify the attacker’s behavior. Thus, the correct answer is “to detect or enclose them early in the event of an attack.” will be

×：Debugging environment for when a system outage occurs in the current environment.

The answer is not to intentionally create a vulnerable environment. It is only the result of creating an environment that is vulnerable.

×：Aiming to prevent regressions due to old vulnerabilities.

Even if it is an old vulnerability, it should be addressed and there is no point in allowing it to remain.

×：A special environment for running a product with a low version that is no longer supported.

It is not an answer to intentionally create a vulnerable environment. It is merely the result of creating an environment that is vulnerable.

〇：CEO

Security measures should be raised together with business strategy and should be issued from the top, the CEO. Therefore, the correct answer is “CEO.

×：CIO

Abbreviation for Chief Information Officer. Certainly, security measures may be issued by the CIO. However, the CIO is not the correct answer here, because it is “more desirable” to have the CEO, who is the top manager responsible for management, issue the security measures.

×：Site Manager

The person who issues or is responsible for security measures should be the person responsible for management. This is not the correct answer.

×：CTO

Abbreviation for Chief Technology Officer. The Chief Technology Officer’s main role is to promote and protect the organization’s research and technology. This is not the correct answer here, as the CEO is “more desirable” when security measures, including organizational management and governance, are issued.

〇：SOAP allows Remote Procedure Calls to be used to exchange information between applications over the Internet.

To allow applications to exchange information over the Internet, the Simple Object Access Protocol (SOAP) was created to be used instead of Remote Procedure Call (RPC). SOAP is an XML-based protocol that encodes messages in a Web service setting. It allows programs running on different operating systems to communicate using Web-based communication methods.

×：SOAP is designed to overcome compatibility and security issues associated with remote procedure calls.

Attempting to allow communication between objects of different applications over the Internet is incorrect because SOAP was created to overcome the compatibility and security issues introduced by RPC. SOAP is designed to work with multiple operating system platforms, browsers, and servers.

×：SOAP and remote procedure calls were created to enable application layer communication.

This is incorrect because both SOAP and RPC were created to enable application layer communication. SOAP is an XML-based protocol that encodes messages in a Web service setting. Therefore, if a Windows client needs to access a Windows server that provides a particular web service, programs on both systems can communicate using SOAP without running into interoperability problems.

×：HTTP is not designed to work with remote procedure calls, but SOAP is designed to work with HTTP.

HTTP is not designed to work with RPC, but SOAP is designed to work with HTTP. SOAP actually defines the structure of the XML schema or communication mechanism. The SOAP XML schema defines how objects communicate directly with each other. One of the advantages of SOAP is that program calls most likely get through firewalls, since HTTP communication is generally allowed. This ensures that the client/server model is not broken by getting denied by firewalls during the communication entity.

〇：Reconfiguration Phase

When a firm returns to its original or new site, the firm is ready to enter the reconfiguration phase. The firm has not entered the emergency state until it is operating at the original primary site or until it returns to the new site that was built to replace the primary site. If a firm needs to return from the replacement site to the original site, a number of logistical issues must be considered. Some of these issues include ensuring employee safety, proper communication and connection methods are working, and properly testing the new environment.

The definition of a rebuilding phase needs to be imagined and answered in the question text. It will test your language skills to see how it reads semantically rather than lexically correct.

×：Recovery Phase

Incorrect because it involves preparing an off-site facility (if needed), rebuilding networks and systems, and organizing staff to move to the new facility. To get the company up and running as quickly as possible, the recovery process needs to be as structured as possible. Templates should be developed during the planning phase. It can be used by each team during the recovery phase to take the necessary steps and document the results. The template keeps the team on task and quickly communicates to the team leader about progress, obstacles, and potential recovery time.

×：Project Initiation Phase

This is incorrect because it is how the actual business continuity plan is initiated. It does not occur during the execution of the plan. The Project Initiation Phase includes obtaining administrative support, developing the scope of the plan, and securing funding and resources.

×：Damage Assessment Phase

Incorrect because it occurs at the start of the actual implementation of the business continuity procedures. The damage assessment helps determine if the business continuity plan should be implemented based on the activation criteria predefined by the BCP coordinator and team. After the damage assessment, the team will move into recovery mode if one or more of the situations listed in the criteria occur.

A captive portal is a mechanism that restricts communication with the outside world until user authentication, user registration, and user consent are performed when a terminal connects to the network.

〇：TOGAF

The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.

×：Department of Defense Architecture Framework (DoDAF)

In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.

×：Capability Maturity Model Integration (CMMI) during software development.

It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.

×：ISO/IEC 42010

Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.

〇：Intercept anti-malware calls to the operating system for file system information.

This is a “no” question. Polymorphic viruses attempt to fool anti-malware scanners. In particular, they use methods to generate operational copies. Even if the anti-malware software detects and disables one or two copies, the other copies remain active in the system.

This problem must be solved by process of elimination. What definitions are polymorphic viruses? If you remember the word list “what is a polymorphic virus,” you may not understand what makes a polymorphic virus unique. The most striking feature of polymorphic viruses is that they repeatedly change entities.

×：Using noise, mutation engines, or random number generators to change the sequence of instructions.

Polymorphic-type viruses may change the sequence of instructions by including noise or false instructions along with other useful instructions. They can also use mutation engines and random number generators to alter the sequence of instructions in the hope that they will not be detected. The original functionality remains intact, but the code is altered, making it nearly impossible to identify all versions of the virus using a fixed signature.

×：Different encryption schemes that require different decryption routines can be used.

Polymorphic-type viruses can use different encryption schemes that require different decryption routines. This requires an anti-malware scan to identify all copies of this type of virus, one for each possible decryption method. Polymorphic virus creators hide the encrypted virus payload and add decryption methods to the code. Once encrypted, the code becomes meaningless, but that does not necessarily mean that the encrypted virus is a polymorphic virus and thus escapes detection.

×：Create multiple and various copies.

Polymorphic viruses generate multiple, varied copies in order to avoid detection by anti-malware software.

〇：Reviewing and evaluating against security documentation.

Provisioning refers to the management of account information. Reviewing documents is not part of provisioning. Therefore, the correct answer is: “Review and evaluate security documentation.” The answer will be

×：When an employee leaves the company, the account should be deactivated as soon as possible.

This is proper provisioning for users and account usage that belong to the organization.

×：Periodic review and adherence to the principle of least privilege.

This is appropriate provisioning for account access privileges.

×：Appropriate deletion of accounts that are no longer needed.

This is appropriate provisioning for the management of minimum account information.

The expected annual loss amount is the value of losses that could occur in the future, equalized on an annual basis based on the frequency of occurrence. Therefore, it is the Single Loss Expectancy (SLE) multiplied by the annual frequency of occurrence (ALO).

〇：The security kernel implements and executes the reference monitor

The Trusted Computing Base (TCB) is a complete combination of protection mechanisms for a system. These are in the form of hardware, software, and firmware. These same components also comprise the security kernel. Reference monitors are access control concepts implemented and enforced by the security kernel via hardware, software, and firmware. In doing so, it ensures that the security kernel, the subject, has the proper permissions to access the object it is requesting. The subject, be it a program, user, or process, cannot access the requesting file, program, or resource until it is proven that it has the proper access rights.

×：The reference monitor is the core of the Trusted Computing Base (TCP), which is comprised of the security kernel.

This is incorrect because the reference monitor is not the core of the TCB. The core of the TCB is the security kernel, and the security kernel implements the concepts of the reference monitor. The reference monitor is a concept about access control. It is often referred to as an “abstract machine” because it is not a physical component.

×：The reference monitor implements and executes the security kernel.

The reference monitor does not implement and execute the security kernel, which is incorrect. On the contrary, the security kernel implements and executes the reference monitor. The reference monitor is an abstract concept, while the security kernel is a combination of hardware, software, and firmware in a trusted computing base.

×：The security kernel, i.e., the abstract machine, implements the concept of a reference monitor.

This is incorrect because abstract machine is not another name for security kernel. Abstract machine is another name for the reference monitor. This concept ensures that the abstract machine acts as an intermediary between the subject and the object, ensuring that the subject has the necessary rights to access the object it is requesting and protecting the subject from unauthorized access and modification. The security kernel functions to perform these activities.

〇：How routers are centrally managed and control packets based on the controller’s instructions 

Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.

×：Mapping between MAC and IP addresses.

ARP table.

×：Updating the routing table in a dynamic way.

Explanation of dynamic routing.

×：A method in which routers communicate with each other to update the routing table when an event occurs.

This is an explanation of routing control in case of communication failure.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

Compromise is when what used to be secure encryption becomes insecure due to the evolution of computers. Cryptography is based on the sharing of a single answer, a key, among those communicating. The key is generated by computer calculations, and a third party must solve a difficult problem that would take several years to derive. However, as the computational power of computers has evolved, it is now possible to solve difficult problems that could not be solved before. In this case, encryption is meaningless. This is the compromise caused by evolution. Therefore, the correct answer is “Compromise.

〇：Restore the virus unpatched file version from the backup media.

The best practice is to install an unpatched, uninfected version of the file from the backup media. It is important to restore files that are known to be clean, as attempts to remove the files may corrupt them. The most important thing is not to spread the impact, but attempting to unilaterally delete files may make them unavailable for later investigation.

×：Replace the file with the file saved the previous day.

The file saved the previous day may also contain the virus.

×：Delete the file and contact the vendor.

This is an incorrect answer because the condition of this question is that if the file is deleted, the normal file content itself may be damaged.

×：Back up the data and delete the file.

This is an incorrect answer because backing up the data that contains the virus and deleting the file does not result in a clean situation.

P.A.S.T.A. is a seven-step process to find ways to protect the value of your assets while analyzing your compliance and business. P.A.S.T.A. provides a roadmap. Threat management processes and policies can be discovered. The main focus is on finding threats, which is where risk-centric thinking and simulation come into play.

Type 1 authentication treats what you know as credentials. This is accomplished through passwords, passphrases, PINs, etc., and is also referred to as the knowledge factor.

Awareness is to inform the organization’s members of the information they already have in order to make them more vigilant again. Tranning is the input of information that is unknown to the members of the organization. Therefore, the difference between awareness-raising and tranning is whether the target audience is already aware of the information.

〇：Database Migration

The movement of accessible data from one repository to another may be required over its lifetime, but is generally not as important as the other phases provided in response to this question.

×：Data specification and classification

This is incorrect because the determination of what the data is and its classification is the first essential phase that can provide the appropriate level of protection.

×：Continuous monitoring and auditing of data access

Incorrect because without continuous monitoring and auditing of access to sensitive data, breaches cannot be identified and security cannot be guaranteed.

×：Data Archiving

Incorrect as even the most sensitive data is subject to retention requirements. This means that it must be archived for an appropriate period of time and with the same level of security as during actual use.

〇：Social Engineering

Social engineering is an attack that invites human error rather than system. It occurs regardless of system architecture and installed software.

×：DDoS Attacks

A DDoS attack is a mass DoS attack against a target website or server from multiple computers.

×：Ransomware

Ransomware is malware that freezes data by encrypting it and demands a ransom from the owner.

×：Zero-day attacks

A zero-day attack is an attack on a vulnerability that was disclosed before it was fixed.

Level 2 of the software functional maturity model is reproducible. It is a maturity level where some processes are reproducible and produce constant results. The process discipline is not rigorous, but it helps to maintain existing processes. Therefore, the correct answer is Level 2.

At Level 1, the process is usually undocumented and dynamic. It tends to be driven by users and events in an ad hoc, uncontrolled, reactive manner. As a result, the process is chaotic and unstable.

At Level 2, at maturity, some processes are repeatable and will produce consistent results. Process discipline will not be rigid, but where it exists it will help ensure that existing processes are maintained.

At Level 3, a documented set of standard processes has been established and has improved somewhat over time.

At Level 4, the process is being evaluated to ensure that it is achieving its goals. Process users experience the process under multiple and varied conditions to demonstrate competence.

Level 5 focuses on continuous improvement of process performance through incremental and innovative technical changes/improvements.

〇：Keys will need to be distributed via a secure transmission channel.

For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.

×：Computation is more intensive than in asymmetric systems.

That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.

×：Much faster operation than asymmetric systems

Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.

×：Mathematically intensive tasks must be performed

Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.

〇：Password authentication and secret questions

Passwords are a memory-based authentication method. The secret question is also a memory-based authentication method, and is not a combination of two-factor authentication methods. Therefore, the correct answer is “password authentication and secret question.

×：Password authentication and fingerprint authentication

It is memory authentication information x body authentication information. This is a multi-factor authentication.

×：Password authentication and one-time password authentication using a token machine.

This is memory authentication information x possession authentication information. This is a multi-factor authentication.

×：Password authentication and IC card authentication

This is memory authentication information × possession authentication information. This is a multi-factor authentication.

〇：Council of Europe Convention on Cybercrime

The Council of Europe (CoE) Convention on Cybercrime is an example of an attempt to create a standard international response to cybercrime. It is the first international treaty to address computer crime by coordinating national laws and improving investigative techniques and international cooperation. The treaty’s objectives include creating a framework to bind the jurisdiction of the accused and the perpetrators of the crimes. For example, extradition is possible only if the case is a crime in both countries.

×：World Congress Council on Cybercrime

The World Congress Council on Cybercrime is misleading and therefore wrong. The official name of the Convention is the Council of Europe’s Convention on Cybercrime. It establishes comprehensive legislation against cybercrime and serves as a framework for international cooperation among the signatories to the Convention to guide all countries.

×：Organization for Economic Cooperation and Development (OECD)

Image C is wrong because the Organization for Economic Cooperation and Development (OECD) is an international organization that brings together different governments to help address the economic, social, and governance challenges of a globalized economy. For this reason, the OECD has developed national guidelines to ensure that data is properly protected and that everyone adheres to the same kinds of rules.

×：Organization for Cooperation and Development in Cybercrime

Organization for Cooperation and Development of Cybercrime is the wrong answer. There is no formal entity of this name.

The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.

The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.

〇：PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a framework to avoid personal information leakage when making electronic payments. Therefore, the correct answer is “PCI DSS.

By the way, if you were to ask, “Which of the following are possible?” I am tempted to argue that other frameworks may be used as well. However, in the CISSP exam, you may have to choose “the most plausible” option in some cases. Therefore, we have used this phrase.

×：HITECH

The Health Information Technology for Economic and Clinical Health Act (HITECH) is an enhanced version of HIPPA that applies not only to data management but also to health care business associates.

×：OCTAVE

OCTAVE is one of the risk assessment frameworks introduced in CERT.

×：COBIT

COBIT is a framework for measuring the maturity of a company’s IT governance. It was proposed by the Information Systems Control Association of America (ISACA) and the IT Governance Institute (ITGI).

〇：Trademarks

Intellectual property can be protected by several different laws, depending on the type of resource. Trademarks are used to protect words, names, symbols, sounds, shapes, colors, or combinations of these, such as logos. The reason a company registers one of these trademarks, or a combination of these trademarks, is to represent their company (brand identity) to the world. Therefore, the correct answer is “trademark”.

×：Patent

A patent is a monopoly right to use a technology for something that is very difficult to invent, such as a medicine.

×：Copyright

A copyright is a right to something that is not technical, such as music or a book, but something that is thought up and created.

×：Trade Secrets

Trade secrets are information that is useful and confidential as a business activity, such as customer information, product technology and manufacturing methods.

The 2001 terrorist attacks triggered the development of various laws against terrorism. Therefore, the correct answer is “2001,September 11 attacks”.

〇：(A) Web Service Description Language – (B) Universal Description, Discovery and Integration

Services in service-oriented architectures (SOA) are typically provided via Web services, which enable Web-based communication to occur seamlessly using Web-based standards such as Simple Object Access Protocol (SOAP), HTTP, Web Service Description Language (WSDL), Universal Description, Discovery, and Integration （WSDL provides a machine-readable description of the specific operations provided by a service; UDDI is an XML-based registry that lists available services UDDI provides a way for services to be registered by service providers and deployed by service consumers.

×：(A) generic description, discovery and integration – (B) web service description language

Incorrect because the terms are not in the correct order and do not map to the definitions provided within the question.

×：(A) Web Service Description Language – (B) Simple Object Access Protocol

SOAP (Simple Object Access Protocol) is incorrect because it is an XML-based protocol that encodes messages in a Web services environment. SOAP defines an XML schema for how communication is actually going to take place. SOAP XML schema defines how objects communicate directly.

×：(A) Simple Object Access Protocol (B) Universal Description, Discovery and Integration

SOAP (Simple Object Access Protocol) is incorrect because it is an XML-based protocol that encodes messages in a Web services environment. SOAP defines the XML schema of how communication is actually going to take place. SOAP XML Schema defines how objects communicate directly.

Each IPSec VPN device will have at least one security association (SA) for each secure connection it uses; the SA, which is critical to the IPSec architecture, is the device’s need to support IPSec connections over VPN connections This is a record of the configuration that needs to be in place.

Within the U.S. military complex and national security apparatus, the most common names for data classification become unclassified and classified. “Classified” information includes classified, critical secret, and top secret (Top Secret). Classified data is data that, if improperly disclosed, could harm national security. Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security. Finally, Top Secret data is data that, if improperly disclosed, could cause “serious” harm to national security.

Remote journaling means that a transaction log file, not the file itself, is sent remotely. A transaction is one or more update operations performed on a file. In other words, it is a history of updates to a file. This means that if the original file is lost, it can be reconstructed from the transaction log.

〇：A Comprehensive Executive Summary

No matter how technically comprehensive a report to management may be, it is not always desirable to be too informative; IT security professionals must understand that the risk to the enterprise from a data breach is only one of many concerns that senior management must understand and prioritize. C-level executives must be attentive to many risks and may have difficulty properly categorizing the often unfamiliar, highly technical threats. In short, the IT security professional’s primary job is to summarize the risks in as short a time as possible in a way that suits the management.

×：List of Threats, Vulnerabilities, and Likelihood of Occurrence

This is incorrect because it is not the most important element to report to management. Such a list is essential to a comprehensive security report, but providing it to senior management is unlikely to result in effective action without a skillful executive summary.

×：A comprehensive list of the probability and impact of expected adverse events

This is incorrect because it is not the most important element of the report to management. Such lists are important in technical reports, but summaries are critical to achieving risk mitigation goals.

×：A comprehensive list of threats, vulnerabilities, and likelihood of occurrence, a comprehensive list of the probability and impact of expected adverse events, and a written summary thereof to meet technical comprehensiveness

incorrect because it describes the most common and significant obstacles to reporting to management.

〇：Buffer overflow

A buffer is an area reserved by an application to store something in it, like some user input. After the application receives input, the instruction pointer is put into the buffer. A buffer overflow occurs when the application accidentally allows the input to overwrite the instruction pointer in the code and write it to the buffer area. Once the instruction pointer is overwritten, it can be executed under the application’s security context.

×：Traffic Analysis

Traffic Analysis is incorrect because it is a method of revealing information by looking at traffic patterns on the network.

×：Race Condition

Incorrect because it does not indicate a race condition attack; if two different processes need to perform their tasks on a resource, they need to follow the correct order.

×：Covert Storage

Incorrect because in a covert storage channel, processes are capable of communicating through some type of storage space on the system.

〇：Dynamic Testing

Dynamic testing is testing that is performed by actually running the developed program. Compared to static testing, it is a practical test in which the program is actually run and checked. Therefore, the correct answer is “dynamic testing.

×：Static Testing

Static testing is testing that is performed without running the developed program.

×：White box testing

White box testing is a test to confirm the operation of a program after understanding the contents of the program.

×：Black box testing

Black box testing is testing to confirm that the program does not behave unexpectedly without understanding the contents of the program.

〇：Softphones are safer than IP phones. 

IP softphones should be used with caution. A softphone is a software application that allows users to make calls via computer over the Internet. Replacing dedicated hardware, a softphone works like a traditional telephone. Skype is an example of a softphone application. Compared to hardware-based IP phones, softphones are more receptive to IP networks. However, softphones are no worse than other interactive Internet applications because they do not separate voice traffic from data, as IP phones do, and also because data-centric malware can more easily enter the network through softphones. network.

×：VoIP networks should be protected with the same security controls used on data networks.

The statement is incorrect because it correctly describes the security of an IP telephony network. an IP telephony network uses the same technology as a traditional IP network, which allows it to support voice applications. Therefore, IP telephony networks are susceptible to the same vulnerabilities as traditional IP networks and should be protected accordingly. This means that IP telephony networks should be designed to have adequate security.

×：As an endpoint, IP telephony can be a target of attack.

Incorrect because true: An IP phone on an IP telephony network is equivalent to a workstation on a data network in terms of vulnerability to attack. Thus, IP phones should be protected with many of the same security controls implemented on traditional workstations. For example, the default administrator password must be changed. Unnecessary remote access functions need to be disabled. Logging should be enabled and the firmware upgrade process should be secured.

×：The current Internet architecture in which voice is transmitted is more secure than physical phone lines.

True and therefore incorrect. In most cases, the current Internet architecture in which voice is transmitted is more secure than physical telephone lines. Physical phone lines provide a point-to-point connection, which is difficult to leverage over the software-based tunnels that make up the bulk of the Internet. This is an important factor to consider when protecting IP telephony networks because the network is now transmitting 2 valuable asset data and voice. It is not unusual for personal information, financial information, and other sensitive data to be spoken over the phone; intercepting this information over an IP telephony network is as easy as intercepting regular data. Currently voice traffic should also be encrypted.

〇：Crime Prevention by Environmental Design (CPTED)

Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.

×：Multi-layered defense model  

The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.

×：Hiding by Ambiguity

Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.

×：Access Control

Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.

RPO (Recovery Point Objective) is the target value for recovering data at a point in the past when a failure occurs. When a failure occurs, the data currently handled is lost. The lost data must be recovered from backups, but it is important to know how far in the past the backups are from the current point in time.

RTO (Recovery Time Objective) is a target value that defines when the data should be recovered in the event of a failure. In the event of a failure, the service must not be unavailable indefinitely. Failure response procedures and disaster drills must be implemented to establish a target value for the time from the occurrence of a failure to the startup of service.

〇：To allow the database to execute transactions as a single unit without interruption.

Online transaction processing (OLTP) is used when databases are clustered to provide high fault tolerance and performance. It provides a mechanism to monitor and address problems as they occur. For example, if a process stops functioning, the monitoring function within OLTP will detect and attempt to restart the process. If the process cannot be restarted, the transaction that occurred is rolled back to ensure that no data has been corrupted or that only a portion of the transaction occurred; OLTP records when the transaction occurred (in real time). Usually multiple databases in a distributed environment are updated.

This classification by the extent to which transaction processing is appropriate is very complex. Therefore, database software must implement ACID characteristics. Among them is atomicity, which means that the transaction is either executed entirely or not executed at all. It is the property that a transaction must either be executed completely or not at all.

When a question like this is answered incorrectly, judging that you could not solve it because you did not know OLTP will hinder your future study methods. Although the question text is worded in a complicated way, it is more important to understand what atomicity is in ACID than to memorize the definition of OLTP to solve the actual question.

×：To be able to establish database consistency rules.

It enforces the consistency rules as stated in the database security policy, but does not imply transaction atomicity.

×：To prevent rollbacks from occurring.

Transaction atomicity does not refer to suppressing rollbacks.

×：To prevent concurrent processes from interacting with each other.

This falls under independence, isolation, and segregation. Independence, isolation, and quarantine (isolation) means that the processes are hidden from other operations during processing. It is the property that even if multiple transactions are executed simultaneously, they must not produce the same processing results as if they were executed alone.

〇：SMTP lacks proper authentication mechanisms.

Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.

×：The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.

If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.

×：Technically abolished by keyword filtering.

Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.

×：The blacklist function is not technically reliable.

If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.

〇：3-tier architecture

The 3-tier architecture clearly distinguishes the three layers: the client has the user interface responsible for input and displaying results, and the server has the functional process logic responsible for data processing and data storage for accessing the database. The user interface role is generally handled by the front-end web server with which the user interacts. It can handle both static and cached dynamic content. The functional process logic is where requests are reformatted and processed. It is typically a dynamic content processing and generation level application server. Data storage is where sensitive data is held. It is the back-end database and holds both the data and the database management system software used to manage and provide access to the data.

×：2-tier architecture

Two-tier, or client/server, is incorrect because it describes an architecture in which a server serves one or more clients that request those services.

×：Screened Subnets

A screen-subnet architecture is for one firewall to protect one server (basically a one-tier architecture). The external, public-side firewall monitors requests from untrusted networks like the Internet. If one layer, the only firewall, is compromised, an attacker can access sensitive data residing on the server with relative ease.

×：Public and Private DNS Zones

Separating DNS servers into public and private servers provides protection, but this is not the actual architecture.

〇：Differential Backup

Backups can be taken in full, differential, or incremental. Most files are not changed daily to save very much time and resources, and it is better to develop a backup plan that does not back up for data that is not continually changing. In backup software, when a file is modified or created, the file system sets the archive bit and the backup software determines if that file should be backed up. A differential backup backs up files that have changed since the last full backup.

×：Incremental Backup

An incremental backup backs up all data that has changed since the last backup.

×：Full Backup

A full backup backs up the entire database or the entire system.

×：Partial Backup

Not in the backup category.

〇：The sender encrypts the message digest with his/her private key.

A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.

×：The sender encrypts the message digest with his/her public key.

The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.

×：The receiver encrypts the message digest with his/her private key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

×：The receiver encrypts the message digest with his/her public key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

〇：Software Configuration Management

Products that provide software configuration management (SCM) identify software attributes at various points in time and provide systematic control of change to maintain software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release. During a software development project, it is stored in a system that can be managed as a centralized code repository and perform SCM functions to track revisions made by multiple people to a single master set.

×：Software Change Control Management

This is incorrect as it is not an official term for this type of function. Software Change Control Management is only part of Software Configuration Management. Software configuration management systems provide concurrency management, version control, and synchronization.

×：Software Escrow

A software escrow framework in which a third party holds a copy of the source code that will be released to the customer in the event of certain circumstances, such as bankruptcy of the vendor who developed the code.

×：Software Configuration Management Escrow

Incorrect, as this is not an official term for this type of functionality.

〇：MTTR

Mean Time to Repair (MTTR) is the average time it takes to repair a device and return it to pre-failure production. Using a redundant array as an example, MTTR is the time it takes to replace the failed drive after the actual failure is noticed and the time the redundant array has completed rewriting the information on the new drive. Therefore, the correct answer is MTTR.

×：SLA

Service Level Agreements (SLA) are agreements on service quality, such as usage volume and failure recovery.

×：Hot Swap

Hot swapping refers to replacing, attaching, or disconnecting parts, cables, etc. while equipment is still in operation.

×：MTBF

Mean Time Between Failures (MTBF) is the average time it takes for a device to fail after repair.

Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.

Ethernet is a way of communication used for local area networks; LANs and such communicate over Ethernet. In other words, most communication is now done over Ethernet.

Disaster Recovery Planning includes the Mitigation, Preparedness, Response, and Recovery life cycles.

• Mitigation: Reduces the impact and likelihood of a disaster.
• Prepare: Create programs, procedures, and tools for response.
• Response: follow procedures and how to respond to a disaster.
• Recovery: re-establish basic functionality and return to a full production environment.

〇：IGRP

The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.

×：RIP  

Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.

×：BGP

Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.

×：OSPF  

OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.

The Health Insurance Interoperability and Accountability Act (HIPAA) has three rules: the Privacy Rule, the Security Rule, and the Breach Notification Rule. The rules mandate administrative, physical, and technical safeguards.

〇：Disk Redundancy

Information that is required to be available at all times must be mirrored or duplexed. In both mirroring (also called RAID 1) and duplexing, all data write operations are performed simultaneously or nearly simultaneously at multiple physical locations.

×：Direct Access Storage

Direct access storage is incorrect because it is a general term for magnetic disk storage devices traditionally used in mainframe and minicomputer (midrange computer) environments. RAID is a type of direct access storage device (DASD).

×：Striping

Incorrect because the technique of striping is used when data is written to all drives. This activity splits the data and writes it to multiple drives. Write performance is not affected, but read performance is greatly improved because multiple heads are getting data at the same time. Parity information is used to reconstruct lost or corrupted data. Striping simply means data; parity information may be written to multiple disks.

×：Parallel Processing

Parallel processing is incorrect because a computer has multiple processing units built into it to execute multiple streams of instructions simultaneously. While mirroring may be used to implement this type of processing, it is not a requirement.

〇：Organization for Economic Cooperation and Development

Almost every country has its own set of rules regarding what constitutes private data and how it should be protected. With the advent of the digital and information age, these different laws have begun to adversely affect business and international trade. Thus, the Organization for Economic Cooperation and Development (OECD) created guidelines for different countries to ensure that data is properly protected and that everyone follows the same rules.

×：COSO

An organization that studies fraudulent financial reporting and which elements lead to them is fraudulent because the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was established in 1985. The acronym COSO refers to a model of corporate governance that addresses IT at the strategic level, corporate culture, and financial accounting principles.

×：COBIT (Control Objectives for Information and Related Technology)

Incorrect, as this framework defines control objectives to ensure that IT is properly managed and that IT is responsive to business needs. It is an international open standard that provides control and security requirements for sensitive data and reference frameworks.

×：International Organization for Standardization (ISO)

Incorrect because it is an international standards organization composed of representatives of national standards bodies. Its purpose is to establish global standardization. But its standardization goes beyond the privacy of data moving across international borders. For example, some standards address quality control; others address assurance and security.

CIA stands for Confidentiality, Integrity, and Availability.

〇：RAID Level 3

RAID redundant arrays provide fault tolerance capability for hard drives and can improve system performance. Redundancy and speed are provided by splitting data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve requested information. At this time, recovery data is also created. This is called parity; if one disk fails, the parity data can be used to reconstruct the corrupted or lost information. Different levels of RAID systems experience different activities that provide fault tolerance or improved performance. RAID level 3 is a method that uses byte-level striping and dedicated parity disks.

×：RAID Level 0

Wrong because only striping occurs at level 0.

×：RAID Level 5

RAID 5 is incorrect because it uses block-level striping and interleaved parity on all disks.

×：RAID Level 10

Level 10 is incorrect because it is associated with striping and mirroring.

〇：Level of insurance required to cover assets.

This question is about choosing what is not used. There are several ways to calculate asset value (AV, Asset Value): the market approach, which refers to similar assets in the market, the income approach, which measures it by the profit it will earn in the future, and the cost approach, which measures it by the cost spent on the asset. The level of insurance needed to cover an asset is a decision made after identifying the asset value and conducting an appropriate risk analysis, allowing the organization to more easily determine the level of insurance coverage to purchase for that asset. Therefore, the correct answer is “level of insurance required to cover the asset”.

×：Value of the asset in the external market.

The technique of referring to similar assets in the market is known as the market approach.

×：Initial costs and outlay for purchasing, licensing, and supporting the asset.

The method of measuring by the cost spent on an asset is known as the cost approach.

×：The value of the asset to the organization’s production operations.

The method of measuring by the profit that will be earned in the future is known as the revenue approach.

〇：Continuity of Operations Plan

A continuity of operations plan (COOP) establishes senior management and post-disaster headquarters. It also outlines roles and authorities and individual role tasks.Creating a COOP begins with an assessment of how the organization operates to identify mission-critical staff, resources, procedures, and equipment. Suppliers, partners, and contractors identify other companies with whom they routinely interact and create a list of these companies. Therefore, the correct answer is the Continuity of Operations Plan.

×：Cyber Incident Response Plan

Cyber Incident Recovery is a plan for recovery from a cyber attack.

×：Crew Emergency Plan

A Crew Emergency Plan is a plan for the smooth transition of a facility’s staff to a secure environment.

×：IT Contingency Plan

A contingency plan is a plan that outlines the measures to be taken in the event of an accident, disaster, or other emergency.

〇：COBIT defines IT goals, ITIL provides process-level procedures

COBIT is a framework developed by ISACA (formerly the Information Systems Audit and Controls) and the IT Governance Institute (ITGI). It defines goals for controls, not just security needs, to ensure that IT is properly managed and that IT is responsive to business needs. The IT Infrastructure Library (ITIL) is the de facto standard for IT service management best practices. A customizable framework, ITIL provides goals, the general activities required to achieve these goals, and the input and output values for each process required to achieve these determined goals. In essence, COBIT addresses “what needs to be accomplished” and ITIL addresses “how to accomplish”.

×：COBIT is a model of IT governance, ITIL is a model of corporate governance.

While COBIT can be used as a model for IT governance, ITIL is wrong because it is not a model for corporate governance. In fact, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a model of corporate governance. COBIT is derived from the COSO framework. COBIT can be thought of as a way to accomplish many COSO goals, but only from an IT perspective. To achieve many of the goals addressed in COBIT, organizations can use ITIL, which provides process-level steps to achieve IT service management goals.

×：COBIT is a model for corporate governance, ITIL is customizable for IT service management.

As mentioned above, COBIT is incorrect because it can be used as a model for IT governance, not corporate governance. COSO is a model of corporate governance. The second half of the answer is correct. ITIL is a customizable framework and is available as either a series of books or online for IT service management.

×：COBIT provides a business objectives framework, ITIL provides an IT service level objectives framework.

This is inappropriate because COBIT defines the control objectives that should be used to properly manage IT, enabling IT to address business needs as well as IT security needs. ITIL provides steps to achieve IT service management goals related to business needs. ITIL was created because of the increased reliance on information technology to meet business needs.

〇：Review labeling and treat as critical confidential information.

Labeling is the process of sorting data according to its level of confidentiality. Labeling helps clarify the confidentiality level of data management. If the labeling is incorrect, it should be corrected at any time to manage the data in accordance with the confidentiality level. Therefore, “Review the labeling and treat it as critical confidential information.” is the correct answer.

×：The entire sentence should be treated as confidential information because the business should be flexible.

This is not an appropriate operation because the text containing critical confidential information is treated as confidential information.

×：As supplemental information to the document, state that “a part of the text contains material confidential information.

This is not a fundamental solution because stating this as supplementary information is in effect treating the information as different confidential levels.

×：Destroy the document because it is impossible for different confidential information to be crossed.

Destroying the document is not an appropriate operation because it is a damage to one’s own assets.

Translated with www.DeepL.com/Translator (free version)

〇：Ensure that some systems are executed at the alternate site.

Parallel testing compares how some systems run at the alternate site and how the results are processed at the primary site. This is to assure that systems run at the alternate site and does not affect service productivity.

×：All departments will be sent a copy of the disaster recovery plan for completeness.

This alternative is incorrect because it describes a checklist test.

×：Representatives from each department meet to validate the plan.

This option is incorrect because it describes a structured walk-through test.

×：The normal operation system is taken down.

This option is incorrect because it describes a full interruption test.

Unfortunately, security components usually affect system performance but go unnoticed by the user. If system performance is significantly slower, security controls may be enforced. The reason controls must be transparent is so that users and intruders do not know enough to disable or bypass them.

While it is important to understand the term “transparent” in the realm of security, there is another way to answer the question in terms of solving it. If there is only one answer to a four-answer question, then answers that mean the same thing cannot be correct. Therefore, by grouping, the only answer that is correct is the one that does not belong to a group.

And the key point in this question is whether the user knows. The other choices indicate that the situation is communicated on the server side as an outsider, whether a legitimate user or an attacker, whereas only one is acknowledged on the server administrator’s side.

〇：Execution Domain Switching

Execution domain switching occurs when the CPU needs to move between executing instructions for a more trusted process versus a less trusted process. Trusted Computing Base (TCB) allows processes to switch domains in a secure manner to access different levels of information based on sensitivity. Execution domain switching occurs when a process needs to invoke a process in a higher protection ring. The CPU executes the user-mode instruction back into privileged mode.

At first glance, this is a geeky problem that does not make sense. But don’t give up. Since there is no such thing as skipping, you can only get a right or wrong answer when the question is posed, so it is preferable to answer the question with some degree of prediction.

From this point on, let’s consider how to answer the questions. If you look at the question text and read it to the point where it reads, “You moved from one area to the other, and that was a security breach?” If you can read to that point, then you have two choices: deny or “stop the process,” or change or “switch the domain of execution. Next, the question text reads “if you need to access it,” which is asking how to accomplish this objective, not whether or not you should.

×：Execution of I/O operations

This is incorrect because input/output (I/O) operations are not initiated to ensure security when a process in one domain needs to access another domain in order to retrieve sensitive information. I/O operations are performed when input devices (such as a mouse or keyboard) and output devices (such as a monitor or printer, etc.) interact with an application or applications.

×：Stopping a Process

A process deactivation is one that occurs when a process instruction is fully executed by the CPU or when another process with a higher priority calls the CPU, which is incorrect. When a process is deactivated, new information about the new requesting process must be written to a register in the CPU. The TCB component must ensure that this is done, since the data replaced in the registers may be confidential.

×：Mapping from virtual memory to real memory

Incorrect because memory mapping occurs when a process needs its instructions and data processed by the CPU. The memory manager maps logical addresses to physical addresses so that the CPU knows where to place the data. This is the responsibility of the operating system’s memory manager.

Archive bits are those that have been updated since the previous backup point in time. Full backups are full backups, so there is no need to be aware of where changes have occurred. Incremental backups also do not require awareness of change points because the backup portion is predetermined. Therefore, both clear the archive bit. However, differential backups do not clear the archive bit because only the changed part is known to be backed up.

Scoping determines which parts of a standard will be deployed to the organization. It selects the standards that apply to the request or industry and determines which are within the organizational scope and which are outside of it.

War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.

〇：TOC/TOU

Certain attacks can take advantage of the way a system processes requests and performs tasks. A TOC/TOU attack handles a series of steps that the system uses to complete a task. This type of attack takes advantage of the reliance on the timing of events occurring in a multitasking operating system; TOC/TOU is a software vulnerability that allows the use of condition checking (i.e., credential verification) and the results from that condition checking function. In the scenario in this question, the fact that the web application is likely correctly configured indicates that the programming code of this application has this type of vulnerability embedded in the code itself.

×：Buffer overflow

When too much data is accepted as input to a particular process, a buffer overflow occurs. This is incorrect because it does not match the event in the problem statement. A buffer is an allocated segment of memory. A buffer can overflow arbitrarily with too much data, but to be used by an attacker, the code inserted into the buffer must be of a specific length and require a command to be executed by the attacker. These types of attacks are usually exceptional in that the fault is segmented, or sensitive data is provided to the attacker.

×：Blind SQL Injection

Blind SQL injection attacks are wrong because they are a type of SQL injection attack that sends true or false questions to the database. In a basic SQL injection, the attacker sends specific instructions in SQL format to query the associated database. In a blind SQL attack, the attacker is limited to sending a series of true-false questions to the database in order to analyze the database responses and gather sensitive information.

×：Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) is incorrect because it is an attack type that attempts to trick the victim into loading a web page containing malicious requests or operations. The attack operation is performed within the context of the victim’s access rights. The request inherits the victim’s identity and performs undesirable functions for the victim. In this type of attack, the attacker can cause the victim’s system to perform unintended actions such as changing account information, retrieving account data, or logging out. This type of attack could be related to the scenario described in this question, but focuses on how the user can bypass the locking mechanism built into the web application. The logic in the programming code is incorrectly developed and the locking function is bypassed because a rigorous series of checks and usage sequences are not performed correctly.

〇：Increasing database security controls and providing more granularity.

The best approach to protecting the database in this situation would be to increase controls and assign detailed permissions. These measures would ensure that users cannot abuse their permissions and that the confidentiality of the information is maintained. The granularity of permissions would give network administrators and security professionals additional control over the resources they are charged with protecting, and the granular level would allow them to give individuals just the exact level of access they need.

×：Implement an access control where each user’s privileges are displayed each time they access the database.

Implementing an access control that displays each user’s permissions is incorrect because they are an example of one control each time they access the database. This is not the overall way of dealing with user access to a database full of information. This may be an example of better database security control, but it needs to be limited to the right places.

×：Change the classification label of the database to a higher security status.

The classification level of the information in the database should previously be determined based on its level of confidentiality, integrity, and availability. This option implies that a higher level of authorization should be given, but there is no indication in the question text that the security level is inappropriate.

×：Reduce security. Allow all users to access information as needed.

The answer to reduce security is incorrect.

Disaster Recovery Planning (DRP) is the process of creating short-term plans, policies, procedures, and tools to enable the recovery or continuation of critical IT systems in the event of a disaster. It focuses on the IT systems that support critical business functions and how they will be restored after a disaster. For example, it considers what to do if you suffer a distributed denial of service (DDOS) attack, if your servers are compromised, if there is a power outage, etc. BCP is more focused on what should happen and does not necessarily include system requirements.

〇：Replay attacks

Replay attacks occur when an intruder stores the acquired information and uses it to gain unauthorized access later. In this case, Emily uses a technique called electronic monitoring (sniffing) to retrieve passwords sent over the wire to an authentication server. She can later use the password to access network resources. Even if the password is encrypted, resending valid credentials can be enough to gain access.

×：Brute force attacks

Brute force attacks are incorrect because the cycle is done through many possible combinations of letters, numbers, and symbols, using tools to discover the password.

×：Dictionary attacks

Dictionary attacks are incorrect because they involve an automatic comparison of a user’s password to a file of thousands of words.

×：Social Engineering attack

A social engineering attack is incorrect because in a social engineering attack, the attacker mistakenly convinces an individual that she has the necessary permissions to access certain resources.

Diameter is an authentication protocol that implements the AAA (Authentication, Authorization, Accounting) service, the successor to RADIUS. This can cause performance degradation and data loss. This can lead to performance degradation and data loss.

A security document documents the security to be achieved.” To achieve “strong security” a clear definition is needed. Since the definition varies from organization to organization, it is necessary to put it in writing. There are five documents, with policy at the top, each of which is mandatory or optional.

〇：OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

×：TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

×：Data link model

There is no such model.

×：Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

To test the application, normal user behavior must be emulated. However, common loads of user activity are not available in the testing environment. Therefore, common user transaction scripts can be built to facilitate different forms of testing.

〇：To create an overview of business functions and systems

Outlining business functions and systems is not a reason to create and execute a disaster recovery plan. While these tasks are likely to be accomplished as a result of the disaster recovery plan, they are not a valid reason to implement the plan compared to other answers to the question. Usually occurring during the planning process, simply outlining business functions and systems is not enough to develop and implement a disaster recovery plan.

×：To create post-disaster recovery procedures

It is not correct to develop and implement a disaster recovery plan because providing post-disaster recovery procedures is a good reason to do so. In fact, this is exactly what a disaster recovery plan provides. The goal of disaster recovery is to take the necessary steps to minimize the impact of a disaster and ensure that resources, personnel, and business processes can resume operations in a timely manner. The goal of a disaster recovery plan is to handle the disaster and its consequences in the immediate aftermath.

×：To back up data and create backup operating procedures

Inappropriate, because not only backing up data but also extending backup operations is a good way to develop and implement a disaster recovery plan. When considering a disaster recovery plan, some companies focus primarily on backing up data and providing redundant hardware. While these items are very important, they are only a small part of a company’s overall operations. Hardware and computers need people to configure and operate them, and data is usually not useful unless it can be accessed by other systems or outside entities. All of these may require backups as well as data.

×：To establish emergency response procedures

This is incorrect because there are good reasons to establish and implement a disaster recovery plan, and providing emergency response procedures is a valid reason. Disaster recovery plans are implemented when everything is in emergency mode and everyone is scrambling to get all critical systems back online. Carefully written procedures will make this entire process much more effective.

Translated with www.DeepL.com/Translator (free version)

〇：Conduct a risk analysis.

The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.

×：Create a performance metric for the countermeasure.  

The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.

×：Design program.  

Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.

×：Implement countermeasures.  

Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.

Distributed Denial of Service (DDoS) attacks usually do not provide financial gain to the attacker. Often, the motivation is revenge, disagreement with the organization’s policy decisions, or the attacker proving the extent of his or her animosity toward the organization. Certainly, it can be used to bloat the cost of a pay-as-you-go cloud service by causing it to consume more resources than expected by accessing it in large volumes, but it is a mistake in that it is not the financial objective of the parties involved.

〇：Normalization

Normalization is the process of efficiently organizing data by eliminating redundancy, reducing the potential for anomalies during data manipulation, and improving data consistency within a database. It is a systematic method of ensuring that database structures are correctly designed so that undesirable characteristics (insert, update, and delete anomalies) do not occur and data integrity is lost.

×：Polymorphism

Polymorphism is incorrect because different objects are given the same input and react differently.

×：Database View Implementation

A database view is a logical access control, implemented so that one group or specific user can see certain information and another group is restricted from seeing it completely, which is incorrect. For example, a database view could be implemented so that middle management can see the profits and expenses of a department without seeing the profits of the entire enterprise. Database views do not minimize duplicate data. Rather, it manipulates how the data is displayed by a particular user/group.

×：Schema Construction

Schemas in database systems are incorrect because they are structures described in a formal language. In a relational database, a schema defines tables, fields, relationships, views, indexes, procedures, queues, database links, directories, etc. A schema describes the database and its structure, but not the data that exists in the database itself.

〇：Stateful Inspection

Stateful Inspection detects abnormal communication in which the request and response are linked and only the response is returned from a different server. Therefore, the correct answer is “Stateful Inspection.

×：Application Gateway

Commonly referred to as WAF, this is used when filtering is performed based on strings in telegrams, such as SQL injection.

×：Packet Filtering

Used for filtering by IP address or port.

×：Session Gateway

There is no such firewall category.

〇：Representatives from each department meet and undergo validation.

Structured walk-through testing allows functional personnel to review the plan as it is fulfilled to ensure its accuracy and validity.

×：Ensures that some systems will run at alternate sites.

This is incorrect because it describes parallel testing.

×：Send a copy of the disaster recovery plan to all departments to verify its completeness.

This is incorrect because it describes a checklist test.

×：Take down the normal operation system.

This is incorrect because it describes a full interruption test.

〇：Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.

This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.

In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.

There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.

×：If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.

If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.

×：Restrict processes to interact only with the memory segments allocated to them.

The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.

×：Swap contents from RAM to hard drive as needed.

This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.

〇：SIEM

Many organizations have implemented security event management systems, called Security Information and Event Management (SIEM) systems. They attempt to correlate log data collected from various devices (servers, firewalls, routers, etc.) and provide analysis capabilities. They also have solutions with networks (IDS, IPS, anti-malware, proxies, etc.) that collect logs in various proprietary formats that require centralization, standardization, and normalization. Therefore, the correct answer is SIEM.

×：Intrusion Detection System

Intrusion Detection System (IDS, Intrusion Detection System) is a mechanism that monitors the system and leads to passive actions. It does not have the ability to collect and analyze logs.

×：SOAR

SOAR (Security Orchestration, Automation and Response) is a technology that enables efficient monitoring, understanding, decision-making and action on security incidents. It may be fulfilled by SOAR through intrinsic cause analysis, but it is not a solution used for the purpose of identifying if suspicious activity is taking place in the network.

×：Event correlation tools

The term “event correlation tool” does not exist, but may be a feature of a SIEM.

〇：All security activities shall be conducted within the security department.

When all security activities are performed within the security department, security functions within a silo and is not integrated throughout the organization. In companies that have a security governance program in place, security responsibilities are pervasive throughout the organization, from senior management down the chain of command. A common scenario is executive management with the executive director of operations responsible for risk management activities for a particular business unit. Additionally, employees are responsible for malicious or accidental security breaches.

×：Officers will be updated quarterly on the company’s security status.

Incorrect. Security governance is providing strategic guidance, ensuring that goals are being met, risks are properly managed, and resources are used responsibly. Organizations with a security governance program have a board of directors that understands the importance of security and is aware of the organization’s security performance and breaches.

×：Deploy security products, services, and consultants in an informed manner.

Security governance is incorrect because it is a cohesive system of integrated security components that includes products, people, training, and processes. Therefore, organizations that have a security governance program in place will assist consultants with security products, management services, and consultants in an informed manner. They are also constantly reviewed to ensure they are cost effective.

×：The organization establishes metrics and goals for improving security.

inaccurate because security governance requires performance measurement and oversight mechanisms. Organizations that have a security governance program in place are continually reviewing their processes, including security, with the goal of continuous improvement. On the other hand, an organization lacking a security governance program may proceed without analyzing its performance, thus repeating the same mistakes.

〇：Verifying Data Availability

The responsibility for verifying data availability is the sole responsibility that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) controller. The data controller is also responsible for maintaining and protecting the data in accordance with the data owner’s instructions. This includes performing regular backups of data, restoring data from backup media, maintaining records of activities, and enforcing information security and data protection requirements in company policies, guidelines, and standards. Data owners work at a higher level than data managers. The data owner basically says, “This is the level of integrity, availability, and confidentiality you need to provide. Please do it now”. The data administrator is executing these permissions and following up on the installed controls to ensure they are working properly.

×：Assigning Information Classification

Incorrect as you are asking if Jim is not responsible for the assignment of information classifications because as the data owner, Jim is responsible for the assignment of information classifications.

×：Determining how to protect data

Incorrect because the data owner, such as Jim, is responsible for determining how the information is protected. The data owner has organizational responsibility for data protection and is liable for any negligence with respect to protecting the organization’s information assets. This means that Jim needs to decide how to protect the information and ensure that the data controller (a role usually occupied by IT or security) is implementing these decisions.

×：Determining how long to retain data

This is incorrect because the decision of how long to retain data is the responsibility of the data owner. The data owner is also responsible for determining who can access the information and ensuring that the appropriate access rights are used. He may approve access requests himself or delegate that function to the business unit manager. The business unit manager approves the request based on the user access criteria defined by the data owner.

〇：Primary entry doors should have controlled access via swipe card or cryptographic locks. Secondary doors should not be secured from the inside and allowed entry. 

Data centers, server rooms, and wiring closets should be located in the core areas of the facility, near wiring distribution centers. Strict access control mechanisms and procedures should be implemented for these areas. Access control mechanisms can lock smart card readers, biometric readers, or a combination of these. These restricted areas should have only one access door, but fire code requirements typically dictate that there must be at least two doors in most data centers and server rooms. Only one door should be used for daily entry and exit and the other door should be used only in case of an emergency, i.e., if a fire breaks out in a data center or server room, the door should be locked. This second door should not be an access door, meaning people should not be able to come through this door. It should be locked, but should have a panic bar that will release the lock if it is used as an exit, pushed from the inside.

×：The primary and secondary entry doors must have control access via swipe cards or cryptographic locks.  

This is incorrect because even two entry doors should not be allowed to pass through with the identification, authentication, and authorization process. There should only be one entry point into the server room. No other door should provide an entry point, but can be used for an emergency exit. Therefore, secondary doors should be protected from the inside to prevent intrusion.

×：The primary entry door should have controlled access via a guard. Two doors should not be secured from the inside and allowed entry.

The main entry door to the server room is incorrect as it requires an identification, authentication, and authorization process to be performed. Swipe cards and cryptographic locks perform these functions. Server rooms should ideally not be directly accessible from public areas such as stairways, hallways, loading docks, elevators, and restrooms. This helps prevent foot traffic from casual passersby. Those who are by the door to the area to be secured should have a legitimate reason for being there, as opposed to those on the way to the meeting room, for example.

×：The main entry door must have controlled access via swipe card or crypto lock. Two doors must have security guards.  

Two doors should not have security guards, because it is wrong. The door should be protected from the inside simply so it cannot be used as an entry. Two-door must function as an emergency exit.

〇：Conforms to the X.509 standard and assigns a namespace to each object accessed in the database by LDAP.

Most companies have directories that contain information about company network resources and users. Most directories use a hierarchical database format based on the X.500 standard (not X.509) and a type of protocol such as LDAP (Lightweight Directory Access Protocol) that allows subjects and applications to interact with the directory The application can then use LDAP to access the directory. Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a particular resource using a similar request. The directory service assigns an Distinguished Name (DN) to each object in the database based on the X.500 standard to be accessed. Each distinguished name represents a set of attributes about a particular object and is stored as an entry in the directory.

×：Namespaces are used to manage objects in the directory.

This is incorrect because objects in a hierarchical database are managed by a directory service. Directory services allow administrators to configure and manage identification, authentication, permissions, and access control for the network. Objects in the directory are labeled and identified by namespace, which is how the directory service keeps objects organized.

×：Enforce security policies by performing access control and identity management functions.

This is incorrect because directory services enforce the security policy set by performing access control and identity management functions. For example, when a user logs into a domain controller in a Windows environment, the directory service (Active Directory) determines which network resources are accessible and which are not.

×：Administrators can configure and manage how identification takes place within the network.

Directory service is incorrect because it allows the administrator to configure and manage identification within the network. It also allows for the configuration and management of authentication, authorization, and access control.

Penetration testing is an attempt to penetrate a system connected to a network. Penetration allows for any kind of manipulation and can bring the service itself to a halt. Therefore, the focus of testing is on penetration. The sequence is: planning, preliminary investigation, search for vulnerabilities, evaluation, attack, and reporting. Therefore, the correct answer is “report generation.

〇：A review by another coder after the coder has completed coding.

A static code review is a review performed by another engineer to mitigate points that were not apparent to the author. Thus, the correct answer is “Reviewed by another coder after the coder’s coding is complete.” will be.

×：To allow coders to see each other’s coding and work in parallel.

Extreme programming (XP, extreme programming) is a flexible method of developing a program while discussing it in pairs. It is not code review.

×：Ensuring that proper transaction processing is applied before check-in.

This is a statement about database commitment.

×：Ensuring that the appropriate questions and answers exist.

The presence of appropriate question and answer may be part of what is performed during the code review, but it is not a description of the code review itself.

Stored data is data that is stored on a disk or other media. Transmitted data is data flowing over a network. Used data is data that is in memory, cache, etc. and in use. Just because it is being transported by truck does not make it data that is being transferred. Therefore, “stored data” is the correct answer.

Disk mirroring means writing the same data to multiple hard disks; a RAID (Redundant Array of Independent Disks) controller must write all data twice, requiring at least two disks. Disk striping can also be provided when parity is used, but disk striping alone cannot provide redundancy.

Defense-in-Depth is the concept that protection should not be monolithic, but should be multi-layered in all aspects. The term “defense-in-depth” comes close to the alternative, as multiple layers of protection are required to protect against a single vulnerability.

〇：Only during code development.

Maintenance hoc refers to functions and tools that are temporarily used by the developer for testing purposes. In fact, in system development, tools are provided to assist in confirming that individual functions are working properly. However, if maintenance hocks are left in the production environment, they may be used by attackers and must be removed.

×：Maintenance hooks should not be used.

The use of maintenance hooks can make the work more efficient.

×：When you want to make the software available to administrators in a simplified manner.

In some cases, attackers can exploit tools that were supposed to be available only to administrators.

×：When you want users to be able to use the software in a simplified manner.

After the actual release of the software, maintenance hooks are not made available to users.