Chapter 7: Security Operations (Domain 7) 381
- B. Once additional tools have been installed, penetration testers will typically use them
to gain additional access. From there they can further escalate privileges, search for new
targets or data, and once again, install more tools to allow them to pivot further into
infrastructure or systems. - B. Penetration testing reports often do not include the specific data captured during the
assessment, as the readers of the report may not be authorized to access all of the data,
and exposure of the report could result in additional problems for the organization. A
listing of the issues discovered, risk ratings, and remediation guidance are all common
parts of a penetration test report.
Chapter 7: Security Operations (Domain 7)
- A. The illustration shows an example of a failover cluster, where DB1 and DB2 are both
configured as database servers. At any given time, only one will function as the active
database server, while the other remains ready to assume responsibility if the first one
fails. While the environment may use UPS, tape backup, and cold sites as disaster recovery
and business continuity controls, they are not shown in the diagram. - D. The principle of least privilege should guide Joe in this case. He should apply no access
permissions by default and then give each user the necessary permissions to perform their
job responsibilities. Read only, editor, and administrator permissions may be necessary for
one or more of these users, but those permissions should be assigned based upon business
need and not by default. - C. While most organizations would want to log attempts to log in to a workstation, this is
not considered a privileged administrative activity and would go through normal logging
processes. - C. Regulatory investigations attempt to uncover whether an individual or organization
has violated administrative law. These investigations are almost always conducted by
government agents. - D. Real evidence consists of things that may actually be brought into a courtroom as
evidence. For example, real evidence includes hard disks, weapons, and items containing
fingerprints. Documentary evidence consists of written items that may or may not be in
tangible form. Testimonial evidence is verbal testimony given by witnesses with relevant
information. The parol evidence rule says that when an agreement is put into written
form, the written document is assumed to contain all the terms of the agreement. - A. In a manual recovery approach, the system does not fail into a secure state but requires
an administrator to manually restore operations. In an automated recovery, the system can
recover itself against one or more failure types. In an automated recovery without undue
loss, the system can recover itself against one or more failure types and also preserve
data against loss. In function recovery, the system can restore functional processes
automatically.