Chapter 9: Practice Test 1 411
- B. Proactive monitoring, aka synthetic monitoring, uses recorded or generated traffic to
test systems and software. Passive monitoring uses a network span, tap, or other device
to capture traffic to be analyzed. Reactive and replay are not industry terms for types of
monitoring. - D. Process isolation ensures that the operating system allocates a separate area of memory
for each process, preventing processes from seeing each other’s data. This is a requirement
for multilevel security systems. - B. The use of an electromagnetic coil inside the card indicates that this is a proximity
card. - C. During a parallel test, the team actually activates the disaster recovery site for testing,
but the primary site remains operational. During a full interruption test, the team takes
down the primary site and confirms that the disaster recovery site is capable of handling
regular operations. The full interruption test is the most thorough test but also the
most disruptive. The checklist review is the least disruptive type of disaster recovery
test. During a checklist review, team members each review the contents of their disaster
recovery checklists on their own and suggest any necessary changes. During a tabletop
exercise, team members come together and walk through a scenario without making any
changes to information systems. - B. The Agile approach to software development embraces 12 core principles, found in
the Agile Manifesto. One of these principles is that the best architecture, requirements,
and designs emerge from self-organizing teams. Another is that teams should welcome
changing requirements at any step in the process. A third is that simplicity is essential. The
Agile approach emphasizes delivering software frequently, not infrequently. - B. Hand geometry scanners assess the physical dimensions of an individual’s hand but do
not verify other unique factors about the individual, or even verify if they are alive. This
means that hand geometry scanners should not be implemented as the sole authentication
factor for secure environments. Hand geometry scanners do not have an abnormally high
FRR and do not stand out as a particular issue from an accessibility standpoint compared
to other biometric systems. - A. The maximum tolerable downtime (MTD) is the amount of time that a business may
be without a service before irreparable harm occurs. This measure is sometimes also called
maximum tolerable outage (MTO). - D. Attacks that change a symlink between the time that rights are checked and the file
is accessed, in order to access a file that the account does not have rights to, are time of
check to time of use (TOCTOU) attacks, a form of race condition. Unlinking removes
names from a Linux filesystem, setuid allows a user to run an executable with the
permissions of its owner, and tick/tock is not a type of attack or Linux command.
6 7. A. Smartcards are a Type II authentication factor and include both a microprocessor
and at least one certificate. Since they are something you have, they’re not a Type I or III
authentication factor. Tokens do not necessarily contain certificates.