304 Chapter 12 ■ Practice Test 4
- Which one of the following metrics specifies the amount of time that business continuity
planners find acceptable for the restoration of service after a disaster?
A. MTD
B. RTO
C. RPO
D. MTO - Gary would like to examine the text of a criminal law on computer fraud to determine
whether it applies to a recent act of hacking against his company. Where should he go to
read the text of the law?
A. Code of Federal Regulations
B. Supreme Court rulings
C. Compendium of Laws
D. United States Code - James has opted to implement a NAC solution that uses a post-admission philosophy for
its control of network connectivity. What type of issues can’t a strictly post-admission
policy handle?
A. Out-of-band monitoring
B. Preventing an unpatched laptop from being exploited immediately after connecting to
the network
C. Denying access when user behavior doesn’t match an authorization matrix
D. Allowing user access when user behavior is allowed based on an authorization matrix - Ben has built an access control list that lists the objects that his users are allowed to access.
When users attempt to access an object that they don’t have rights to, they are denied
access, even though there isn’t a specific rule that prevents it. What access control principle
is key to this behavior?
A. Least privilege
B. Implicit deny
C. Explicit deny
D. Final rule fall-through - Mary is a security risk analyst for an insurance company. She is currently examining a
scenario where a hacker might use a SQL injection attack to deface a web server due to a
missing patch in the company’s web application. In this scenario, what is the risk?
A. Unpatched web application
B. Web defacement
C. Hacker
D. Operating system