382 Appendix ■ Answers
- B. A pseudoflaw is a false vulnerability in a system that may attract an attacker.
A honeynet is a network of multiple honeypots that creates a more sophisticated
environment for intruders to explore. A darknet is a segment of unused network address
space that should have no network activity and, therefore, may be easily used to monitor
for illicit activity. A warning banner is a legal tool used to notify intruders that they are
not authorized to access a system. - B. Social media is commonly used as a command-and-control system for botnet activity.
The most likely scenario here is that Toni’s computer was infected with malware and
joined to a botnet. This accounts for both the unusual social media traffic and the slow
system activity. - D. Software-defined networking separates the control plane from the data plane. Network
devices then do not contain complex logic themselves but receive instructions from the SDN. - A. Netflow records contain an entry for every network communication session that took
place on a network and can be compared to a list of known malicious hosts. IDS logs
may contain a relevant record, but it is less likely because they would only create log
entries if the traffic triggers the IDS, as opposed to netflow records, which encompass
all communications. Authentication logs and RFC logs would not have records of any
network traffic. - B. Gary should follow the least privilege principle and assign users only the permissions
they need to perform their job responsibilities. Aggregation is a term used to describe
the unintentional accumulation of privileges over time, also known as privilege creep.
Separation of duties and separation of privileges are principles used to secure sensitive
processes. - A. The matrix shown in the figure is known as a segregation of duties matrix. It is used
to ensure that one person does not obtain two privileges that would create a potential
conflict. Aggregation is a term used to describe the unintentional accumulation of
privileges over time, also known as privilege creep. Two-person control is used when two
people must work together to perform a sensitive action. Defense in depth is a general
security principle used to describe a philosophy of overlapping security controls. - B. Before granting access, Gary should verify that the user has a valid security clearance
and a business need to know the information. Gary is performing an authorization task,
so he does not need to verify the user’s credentials, such as a password or biometric scan. - D. Gary should follow the principle of two-person control by requiring simultaneous
action by two separate authorized individuals to gain access to the encryption keys. He
should also apply the principles of least privilege and defense in depth, but these principles
apply to all operations and are not specific to sensitive operations. Gary should avoid the
security through obscurity principle, the reliance upon the secrecy of security mechanisms
to provide security for a system or process. - D. Privileged access reviews are one of the most critical components of an organization’s
security program because they ensure that only authorized users have access to perform
the most sensitive operations. They should take place whenever a user with privileged
access leaves the organization or changes roles as well as on a regular, recurring basis.