418 Appendix ■ Answers
Chapter 10: Practice Test
- D. The recovery point objective (RPO) identifies the maximum amount of data, measured
in time, that may be lost during a recovery effort. The recovery time objective (RTO) is the
amount of time expected to return an IT service or component to operation after a failure.
The maximum tolerable downtime (MTD) is the longest amount of time that an IT service
or component may be unavailable without causing serious damage to the organization.
Service level agreements (SLAs) are written contracts that document service expectations. - D. Fred should choose a router. Routers are designed to control traffic on a network while
connecting to other similar networks. If the networks are very different, a bridge can
help connect them. Gateways are used to connect to networks that use other protocols
by transforming traffic to the appropriate protocol or format as it passes through them.
Switches are often used to create broadcast domains and to connect endpoint systems or
other devices. - B. Crystal box penetration testing, which is also sometimes called white box penetration
testing, provides the tester with information about networks, systems, and configurations,
allowing highly effective testing. It doesn’t simulate an actual attack like black and
gray box testing can and thus does not have the same realism, and it can lead to attacks
succeeding that would fail in a zero- or limited-knowledge attack. - D. The discovery phase includes activities like gathering IP addresses, network ranges, and
hostnames, as well as gathering information about employees, locations, systems, and of
course, the services those systems provide. Banner information is typically gathered as part of
discovery to provide information about what version and type of service is being provided. - B. A class B network holds 2^16 systems, and its default network mask is 255.255.0.0.
- D. Device fingerprinting via a web portal can require user authentication and can gather
data like operating systems, versions, software information, and many other factors that
can uniquely identify systems. Using an automated fingerprinting system is preferable
to handling manual registration, and pairing user authentication with data gathering
provides more detail than a port scan. MAC addresses can be spoofed, and systems may
have more than one depending on how many network interfaces they have, which can
make unique identification challenging. - B. The data owner is normally responsible for classifying information at an appropriate
level. This role is typically filled by a senior manager or director, who then delegates
operational responsibility to a data custodian. - A. The ping flood attack sends echo requests at a targeted system. These pings use
inbound ICMP echo request packets, causing the system to respond with an outbound
ICMP echo reply. - C. While all of the listed controls would improve authentication security, most simply
strengthen the use of knowledge-based authentication. The best way to improve the
authentication process would be to add a factor not based on knowledge through the use
of multifactor authentication. This may include the use of biometric controls or token-
based authentication.