442 Appendix ■ Answers
9 9. A. Skip should use SCP—Secure Copy is a secure file transfer method. SSH is a secure
command-line and login protocol, whereas HTTP is used for unencrypted web traffic.
Telnet is an unencrypted command-line and login protocol.- C. The California Online Privacy Protection Act requires that commercial websites
that collect personal information from users in California conspicuously post a
privacy policy. The act does not require compliance with the EU GDPR, nor does it
use the GDPR concepts of notice or choice, and it does not require encryption of all
personal data. - B. Callback disconnects a remote user after their initial connection and then calls them
back at a preauthorized number. CallerID can help with this but can be spoofed, making
callback a better solution. CHAP is an authentication protocol, and PPP is a dial-up
protocol. Neither will verify a phone number. - D. Ring 0 is the kernel, rings 1 and 2 are used for device drivers, and ring 3 is user
application space. The Meltdown bug allowed processes in ring 3 to read data from kernel
memory in ring 0. - B. Iris scans have a longer useful life than many other types of biometric factors because
they don’t change throughout a person’s life span (unless the eye itself is damaged). Iris
scanners can be fooled in some cases by high-resolution images of an eye, and iris scanners
are not significantly cheaper than other scanners. - B. Nondisclosure agreements (NDAs) prohibit employees from sharing sensitive
information without authorization, even after their employment ends. They may also apply
to business partners, contractors, customers and others. Service level agreements (SLAs)
and operating level agreements (OLAs) specify the parameters of service that a vendor
provides to a customer. Data loss prevention (DLP) technology prevents data loss but is a
technical rather than a policy control. - C. They need a key for every possible pair of users in the cryptosystem. The first key
would allow communication between Matthew and Richard. The second key would
allow communication between Richard and Christopher. The third key would allow
communication between Christopher and Matthew. - A. The Gramm-Leach-Bliley Act is an example of civil law. The Computer Fraud and
Abuse Act, Electronic Communications Privacy Act, and Identity Theft and Assumption
Deterrence Act are all examples of criminal law. - C. The SMTP protocol does not guarantee confidentiality between servers, making TLS
or SSL between the client and server only a partial measure. Encrypting the email content
can provide confidentiality; digital signatures can provide nonrepudiation. - D. The single quotation mark in the input field is a telltale sign that this is a SQL injection
attack. The quotation mark is used to escape outside the SQL code’s input field, and
the text following is used to directly manipulate the SQL command sent from the web
application to the database.