444 Appendix ■ Answers
11 9. C. A unique salt should be created for each user using a secure generation method and
stored in that user’s record. Since attacks against hashes rely on building tables to compare
the hashes against, unique salts for each user make building tables for an entire database
essentially impossible—the work to recover a single user account may be feasible, but
large-scale recovery requires complete regeneration of the table each time. A single salt
allows rainbow tables to be generated if the salt is stolen or can be guessed based on
frequently used passwords. Creating a unique salt each time a user logs in does not allow a
match against a known salted hashed password.- D. NIST SP800-53 describes three processes:
■ (^) Examination, which is reviewing or analyzing assessment objects like specifications,
mechanisms, or activities
■ (^) Interviews, which are conducted with individuals or groups of individuals
■ (^) Testing, which involves evaluating activities or mechanisms for expected behavior
when used or exercised
Knowing the details of a given NIST document in depth can be challenging. To address
a question like this, first eliminate responses that do not make sense; here, a mechanism
cannot be interviewed, and test and assess both mean the same thing. This leaves only
one correct answer.
- B. Anomaly-based intrusion detection systems may identify a zero-day vulnerability
because it deviates from normal patterns of activity. Signature-based detection methods
would not be effective because there are no signatures for zero-day vulnerabilities. Strong
patch management would not be helpful because, by definition, zero-day vulnerabilities do
not have patches available. Full-disk encryption would not detect an attack because it is
not a detective control. - B. Credential management systems provide features designed to make using and storing
credentials secure and controllable. AAA systems are authorization, authentication, and
accounting systems. Two-factor authentication and Kerberos are examples of protocols. - A. The emergency response guidelines should include the immediate steps an organization
should follow in response to an emergency situation. These include immediate response
procedures, a list of individuals who should be notified of the emergency, and secondary
response procedures for first responders. They do not include long-term actions such
as activating business continuity protocols, ordering equipment, or activating disaster
recovery sites. - D. A mantrap uses two sets of doors, only one of which can open at a time. A mantrap is
a type of preventive access control, although its implementation is a physical control. - B. When following the separation-of-duties principle, organizations divide critical tasks
into discrete components and ensure that no one individual has the ability to perform
both actions. This prevents a single rogue individual from performing that task in an
unauthorized manner and is also known as two-person control.