436 Appendix ■ Answers
4 0. D. During a tabletop exercise, team members come together and walk through a scenario
without making any changes to information systems. The checklist review is the least
disruptive type of disaster recovery test. During a checklist review, team members each
review the contents of their disaster recovery checklists on their own and suggest any
necessary changes. During a parallel test, the team actually activates the disaster recovery
site for testing but the primary site remains operational. During a full interruption test, the
team takes down the primary site and confirms that the disaster recovery site is capable of
handling regular operations. The full interruption test is the most thorough test but also
the most disruptive.- C. OpenID is a widely supported standard that allows a user to use a single account to log
into multiple sites, and Google accounts are frequently used with OpenID. - D. Risk acceptance occurs when an organization determines that the costs involved in
pursuing other risk management strategies are not justified and they choose not to pursue
any action. - The cable types match with the maximum lengths as follows:
- Category 5e: B. 3 00 feet.
- Coaxial (RG-58): A. 5 00 feet.
- Fiber optic: C. 1 + kilometers.
- C. Decentralized access control makes sense because it allows local control over access.
When network connectivity to a central control point is a problem or if rules and
regulations may vary significantly from location to location, centralized control can be
less desirable than decentralized control despite its challenges with consistency. Since the
problem does not describe specific control needs, mandatory access control and rule-based
access controls could fit the need but aren’t the best answer. - B. The US government classifies data that could reasonably be expected to cause
damage to national security if disclosed, and for which the damage can be identified
or described, as Secret. The US government does not use Classified in its formal four
levels of classification. Top Secret data could cause exceptionally grave damage, whereas
Confidential data could be expected to cause damage. - A. The purpose of a digital certificate is to provide the general public with an
authenticated copy of the certificate subject’s public key. - D. The last step of the certificate creation process is the digital signature. During this step,
the certificate authority signs the certificate using its own private key. - C. When an individual receives a copy of a digital certificate, he or she verifies the
authenticity of that certificate by using the CA’s public key to validate the digital signature
contained on the certificate. - A. Mike uses the public key that he extracted from Renee’s digital certificate to encrypt
the message that he would like to send to Renee.