Chapter 11: Practice Test 3 441
8 7. C. The root cause analysis examines the incident to determine what allowed it to happen
and provides critical information for repairing systems so that the incident does not recur.
This is a component of the remediation step of the incident response process because the
root cause analysis output is necessary to fully remediate affected systems and processes.
- D. When using symmetric cryptography, the sender encrypts a message using a shared
secret key and the recipient then decrypts the message with that same key. Only
asymmetric cryptography uses the concept of public and private key pairs. - A. Business logic errors are most likely to be missed by automated functional testing. If a
complete coverage code test was conducted, runtime, input validation, and error handling
issues are likely to have been discovered by automated testing. Any automated system
is more likely to miss business logic errors, because humans are typically necessary to
understand business logic issues. - A. During the Lessons Learned phase, analysts close out an incident by conducting a
review of the entire incident response process. This may include making recommendations
for improvements to the process that will streamline the efficiency and effectiveness of
future incident response efforts. - B. The Digital Millennium Copyright Act (DMCA) prohibits attempts to circumvent
copyright protection mechanisms placed on a protected work by the copyright holder. - B. Linda should choose a warm site. This approach balances cost and recovery time. Cold
sites take a very long time to activate, measured in weeks or months. Hot sites activate
immediately but are quite expensive. Mutual assistance agreements depend on the support
of another organization. - A. Purchasing insurance is a way to transfer risk to another entity.
- D. Gray box testing is a blend of crystal (or white) box testing, which provides full
information about a target, and black box testing, which provides little or no knowledge
about the target. - A. Test coverage is computed using the formula test coverage = number of use cases tested/
total number of use cases. Code coverage is assessed by the other formulas, including
function, conditional, and total code coverage. - C. TCP, UDP, and other transport layer protocols like SSL and TLS operate at the
Transport layer. - C. Deterrence is the first functional goal of physical security mechanisms. If a physical
security control presents a formidable challenge to a potential attacker, they may not
attempt the attack in the first place. - A. In an automated recovery, the system can recover itself against one or more failure
types. In a manual recovery approach, the system does not fail into a secure state but
requires an administrator to manually restore operations. In an automated recovery
without undue loss, the system can recover itself against one or more failure types and
also preserve data against loss. In function recovery, the system can restore functional
processes automatically.