434 Appendix ■ Answers
2 1. A. Susan is performing passive monitoring, which uses a network tap or span port to
capture traffic to analyze it without impacting the network or devices that it is used
to monitor. Synthetic, or active, monitoring uses recorded or generated traffic to test
for performance and other issues. Signature-based technologies include IDS, IPS, and
antimalware systems.- A. While the differences between rights, permissions, and roles can be confusing,
typically permissions include both the access and actions that you can take on an object.
Rights usually refer to the ability to take action on an object and don’t include the access
to it. Privileges combine rights and permissions, and roles describe sets of privileges based
on job tasks or other organizational artifacts. - C. One of the core capabilities of infrastructure as a service is providing servers on
a vendor-managed virtualization platform. Web-based payroll and email systems are
examples of software as a service. An application platform managed by a vendor that runs
customer code is an example of platform as a service. - D. The exposure factor is the percentage of the facility that risk managers expect will
be damaged if a risk materializes. It is calculated by dividing the amount of damage by
the asset value. In this case, that is $750,000 in damage divided by the $2 million facility
value, or 37.5%. - C. The annualized rate of occurrence is the number of times each year that risk analysts
expect a risk to happen. In this case, the analysts expect fires will occur once every 50
years, or 0.02 times per year. - A. The annualized loss expectancy is calculated by multiplying the single loss expectancy
(SLE) by the annualized rate of occurrence (ARO). In this case, the SLE is $750,000, and
the ARO is 0.02. Multiplying these numbers together gives you the ALE of $15,000. - A. Congestion Window Reduced (CWR) and ECN-Echo (ECE) are used to manage
transmission over congested links and are rarely seen in modern TCP networks. - C. API keys, or application programming interface keys, are passed to services
and identify the program, developer, or user. With this information, Mike can
programmatically control API usage per user. Of course, if the keys are inadvertently
exposed, the API keys themselves could be abused. Session IDs are typically used to
identify users of an application, not an API. API firewalls and API buffers were made up
for this question. - A. An application programming interface (API) allows external users to directly call
routines within Fran’s code. They can embed API calls within scripts and other programs
to automate interactions with Fran’s company. A web scraper or call center might facilitate
the same tasks, but they do not do so in a direct integration. Data dictionaries might
provide useful information, but they also do not allow direct integration. - A. A fault is a momentary loss of power. Blackouts are sustained complete losses of
power. Sags and brownouts are not complete power disruptions but rather periods of
low-voltage conditions.