Chapter 12: Practice Test 4 447
- C. Mike should use overwriting to protect this device. While degaussing is a valid secure
data removal technique, it would not be effective in this case, since degaussing works
only on magnetic media. Physical destruction would prevent the reuse of the device.
Reformatting is not a valid secure data removal technique. - A. The single quotation mark in the input field is a telltale sign that this is a SQL injection
attack. The quotation mark is used to escape outside the SQL code’s input field and the
text that follows is used to directly manipulate the SQL command sent from the web
application to the database. - D. Procedures are formal, mandatory documents that provide detailed, step-by-step
actions required from individuals performing a task. - D. Durability requires that once a transaction is committed to the database it must be
preserved. Atomicity ensures that if any part of a database transaction fails, the entire
transaction must be rolled back as if it never occurred. Consistency ensures that all
transactions are consistent with the logical rules of the database, such as having a primary
key. Isolation requires that transactions operate separately from each other. - D. Watermarking alters a digital object to embed information about the source,
in either a visible or hidden form. Digital signatures may identify the source of a
document but they are easily removed. Hashing would not provide any indication of
the document source, since anyone could compute a hash value. Document staining is
not a security control. - C. Data centers should be located in the core of a building. Locating it on lower floors
makes it susceptible to flooding and physical break-ins. Locating it on the top floor makes
it vulnerable to wind and roof damage. - A. The due care principle states that an individual should react in a situation using the
same level of care that would be expected from any reasonable person. It is a very broad
standard. The due diligence principle is a more specific component of due care that
states that an individual assigned a responsibility should exercise due care to complete it
accurately and in a timely manner. - B. Criminal investigations have high stakes with severe punishment for the offender that
may include incarceration. Therefore, they use the strictest standard of evidence of all
investigations: beyond a reasonable doubt. Civil investigations use a preponderance-of-the-
evidence standard. Regulatory investigations may use whatever standard is appropriate
for the venue where the evidence will be heard. This may include the beyond-a-reasonable-
doubt standard, but it is not always used in regulatory investigations. Operational
investigations do not use a standard of evidence. - D. Differential backups do not alter the archive bit on a file, whereas incremental and full
backups reset the archive bit to 0 after the backup completes. Partial backups are not a
backup type. - B. Warm sites contain the hardware necessary to restore operations but do not have a
current copy of data.