Chapter 12: Practice Test 4 449
- B. Record retention ensures that data is kept and maintained as long as it is needed, and
that it is purged when it is no longer necessary. Data remanence occurs when data is left
behind after an attempt is made to remove it, whereas data redaction is not a technical
term used to describe this effort. Finally, audit logging may be part of the records retained
but doesn’t describe the lifecycle of data. - D. The Authentication Header provides authentication, integrity, and nonrepudiation
for IPsec connections. The Encapsulating Security Payload provides encryption and thus
provides confidentiality. It can also provide limited authentication. L2TP is an independent
VPN protocol, and Encryption Security Header is a made-up term. - B. The attack described in the scenario is a classic example of TCP scanning, a network
reconnaissance technique that may precede other attacks. There is no evidence that the
attack disrupted system availability, which would characterize a denial of service attack;
that it was waged by a malicious insider; or that the attack resulted in the compromise of a
system. - C. Windows system logs include reboots, shutdowns, and service state changes.
Application logs record events generated by programs, security logs track events like logins
and uses of rights, and setup logs track application setup. - D. The kernel lies within the central ring, Ring 0. Ring 1 contains other operating
system components. Ring 2 is used for drivers and protocols. User-level programs and
applications run at Ring 3. Rings 0–2 run in privileged mode, whereas Ring 3 runs in
user mode. - A. RAID level 0 is also known as disk striping. RAID 1 is called disk mirroring. RAID 5
is called disk striping with parity. RAID 10 is known as a stripe of mirrors. - A. This is an example of a time of check/time of use, or TOC/TOU attack. It exploits the
difference between the times when a system checks for permission to perform an action
and when the action is actually performed. Permissions creep would occur if the account
had gained additional rights over time as the other’s role or job changed. Impersonation
occurs when an attacker pretends to be a valid user, and link swap is not a type of attack. - B. RAID 0, or disk striping, requires at least two disks to implement. It improves
performance of the storage system but does not provide fault tolerance. - B. Fred’s company needs to protect integrity, which can be accomplished by digitally
signing messages. Any change will cause the signature to be invalid. Encrypting isn’t
necessary because the company does not want to protect confidentiality. TLS can provide
in-transit protection but won’t protect integrity of the messages, and of course a hash used
without a way to verify that the hash wasn’t changed won’t ensure integrity either. - A. An attribute-based access control (ABAC) system will allow Susan to specify details
about subjects, objects, and access, allowing granular control. Although a rule-based
access control system (RBAC) might allow this, the attribute-based access control system
can be more specific and thus is more flexible. Discretionary access control (DAC) would
allow object owners to make decisions, and mandatory access controls (MACs) would use
classifications; neither of these capabilities was described in the requirements.