Chapter 7: Security Operations (Domain 7) 387
- Warm site: C. A site that relies on shared storage and backups for recovery.
- Service bureau: A. An organization that can provide onsite or offsite IT services in the
event of a disaster. - D. The image clearly contains the watermark of the US Geological Survey (USGS), which
ensures that anyone seeing the image knows its origin. It is not possible to tell from
looking at the image whether steganography was used. Sampling and clipping are data
analysis techniques and are not used to protect images. - D. The annualized rate of occurrence (ARO) is the expected number of times an incident
will occur each year. In the case of a 200-year flood plain, planners should expect a flood
once every 200 years. This is equivalent to a 1/200 chance of a flood in any given year, or
0.005 floods per year. - B. While all hackers with malicious intent pose a risk to the organization, the malicious
insider poses the greatest risk to security because they likely have legitimate access to
sensitive systems that may be used as a launching point for an attack. Other attackers do
not begin with this advantage. - C. In an electronic vaulting approach, automated technology moves database backups
from the primary database server to a remote site on a scheduled basis, typically daily.
Transaction logging is not a recovery technique alone; it is a process for generating the
logs used in remote journaling. Remote journaling transfers transaction logs to a remote
site on a more frequent basis than electronic vaulting, typically hourly. Remote mirroring
maintains a live database server at the backup site and mirrors all transactions at the
primary site on the server at the backup site. - B. Hilda’s design follows the principle of separation of duties. Giving one user the ability
to both create new accounts and grant administrative privileges combines two actions that
would result in a significant security change that should be divided among two users. - D. An audit kickoff meeting should clearly describe the scope and purpose of the audit
as well as the expected time frame. Auditors should never approach an audit with any
expectations about what they will discover because the findings should only be developed
based upon the results of audit examinations. - C. The end goal of the disaster recovery process is restoring normal business operations
in the primary facility. All of the other actions listed may take place during the disaster
recovery process, but the process is not complete until the organization is once again
functioning normally in its primary facilities. - C. A host-based intrusion detection system (HIDS) may be able to detect unauthorized
processes running on a system. The other controls mentioned, network intrusion detection
systems (NIDSs), firewalls, and DLP systems, are network-based and may not notice rogue
processes. - B. The scenario describes a privilege escalation attack where a malicious insider with
authorized access to a system misused that access to gain privileged credentials. - B. Carla’s account has experienced aggregation, where privileges accumulated over time.
This condition is also known as privilege creep and likely constitutes a violation of the
least privilege principle.