428 Appendix ■ Answers
9 1. C. Since Lauren wants to monitor her production server, she should use passive
monitoring by employing a network tap, span port, or other means of copying actual
traffic to a monitoring system that can identify performance and other problems. This will
avoid introducing potentially problematic traffic on purpose while capturing actual traffic
problems. Active monitoring relies on synthetic or previously recorded traffic, and both
replay and real time are not common industry terms used to describe types of monitoring.- B. For web applications, input validation should always be performed on the web
application server. By the time the input reaches the database, it is already part of a SQL
command that is properly formatted and input validation would be far more difficult, if it
is even possible. Input validation controls should never reside in the client’s browser, as is
the case with JavaScript, because the user may remove or tamper with the validation code. - A. RSA is an asymmetric encryption algorithm that requires only two keys for each user.
IDEA, 3DES, and Skipjack are all symmetric encryption algorithms and would require a
key for every unique pair of users in the system. - D. The image clearly shows a black magnetic stripe running across the card, making this
an example of a magnetic stripe card. - D. The log entries contained in this example show the allow/deny status for inbound and
outbound TCP and UDP sessions. This is, therefore, an example of a firewall log. - D. Zero-day vulnerabilities remain in the dangerous zero-day category until the release
of a patch that corrects the vulnerability. At that time, it becomes the responsibility of
IT professionals to protect their systems by applying the patch. Implementation of other
security controls, such as encryption or firewalls, does not change the nature of the zero-
day vulnerability. - A. All of the techniques listed are hardening methods, but only patching the leaky roof is
an example of physical infrastructure hardening. - C. Using a virtual machine to monitor a virtual span port allows the same type of
visibility that it would in a physical network if implemented properly. Installing Wireshark
would allow monitoring on each system but doesn’t scale well. A physical appliance would
require all traffic to be sent out of the VM environment, losing many of the benefits of the
design. Finally, netcat is a network tool used to send or receive data, but it isn’t a tool that
allows packet capture of traffic between systems. - C. The sender of a message encrypts the message using the public key of the message
recipient. - D. The recipient of a message uses his or her own private key to decrypt messages that
were encrypted with the recipient’s public key. This ensures that nobody other than the
intended recipient can decrypt the message. - D. Digital signatures enforce nonrepudiation. They prevent an individual from denying
that he or she was the actual originator of the message. - B. An individual creates a digital signature by encrypting the message digest with his or
her own private key.