386 Appendix ■ Answers
4 4. B. The scrutiny of hard drives for forensic purposes is an example of media analysis.
Embedded device analysis looks at the computers included in other large systems, such as
automobiles or security systems. Software analysis analyzes applications and their logs.
Network analysis looks at network traffic and logs.- C. Security incidents negatively affect the confidentiality, integrity, or availability of
information or assets and/or violate a security policy. The unauthorized vulnerability
scan of a server does violate security policy and may negatively affect the security of that
system, so it qualifies as a security incident. The completion of a backup schedule, logging
of system access, and update of antivirus signatures are all routine actions that do not
violate policy or jeopardize security, so they are all events rather than incidents. - C. Radio Frequency IDentification (RFID) technology is a cost-effective way to track
items around a facility. While Wi-Fi could be used for the same purpose, it would be much
more expensive to implement. - C. An attack committed against an organization by an insider, such as an employee, is
known as sabotage. Espionage and confidentiality breaches involve the theft of sensitive
information, which is not alleged to have occurred in this case. Integrity breaches involve
the unauthorized modification of information, which is not described in this scenario. - A. In a SYN flood attack, the attacker sends a large number of SYN packets to a system
but does not respond to the SYN/ACK packets, attempting to overwhelm the attacked
system’s connection state table with half-open connections. - B. The maximum tolerable downtime (MTD) is the longest amount of time that an
IT service or component may be unavailable without causing serious damage to the
organization. The recovery time objective (RTO) is the amount of time expected to return
an IT service or component to operation after a failure. The recovery point objective
(RPO) identifies the maximum amount of data, measured in time, that may be lost during
a recovery effort. Service level agreements (SLAs) are written contracts that document
service expectations. - C. Zero-day attacks are those that are previously unknown to the security community
and, therefore, have no available patch. These are especially dangerous attacks because
they may be highly effective until a solution becomes available. - B. The four canons of the (ISC)^2 code of ethics are to protect society, the common good,
necessary public trust and confidence and the infrastructure; act honorably, honestly,
justly, responsibly and legally; provide diligent and competent service to principals; and
advance and protect the profession. - A. Interviews occur when investigators meet with an individual who may have
information relevant to their investigation but is not a suspect. If the individual is a
suspect, then the meeting is an interrogation. - The terms match with the definitions as follows:
- Hot site: B. A site with dedicated storage and real-time data replication, often with
shared equipment that allows restoration of service in a very short time. - Cold site: D. A rented space with power, cooling, and connectivity that can accept
equipment as part of a recovery effort.
- Hot site: B. A site with dedicated storage and real-time data replication, often with