76 Chapter 3 ■ Security Architecture and Engineering (Domain 3)
- During a system audit, Casey notices that the private key for her organization’s web server
has been stored in a public Amazon S3 storage bucket for more than a year. What should
she do?
A. Remove the key from the bucket
B. Notify all customers that their data may have been exposed
C. Request a new certificate using a new key
D. Nothing, because the private key should be accessible for validation - Joanna wants to review the status of the industrial control systems her organization uses
for building control. What type of systems should she inquire about access to?
A. SCADA
B. DSS
C. BAS
D. ICS-CSS - After scanning all of the systems on his wireless network, Mike notices that one system is
identified as an iOS device running a massively out-of-date version of Apple’s mobile oper-
ating system. When he investigates further, he discovers that the device is an original iPad
and that it cannot be updated to a current secure version of the operating system. What
should Mike recommend?
A. Retire or replace the device
B. Isolate the device on a dedicated wireless network
C. Install a firewall on the tablet
D. Reinstall the OS - During a third-party vulnerability scan and security test, Danielle’s employer recently
discovered that the embedded systems that were installed to manage her company’s new
buildings have a severe remote access vulnerability. The manufacturer has gone out of
business, and there is no patch or update for the devices. What should Danielle recom-
mend that her employer do about the hundreds of devices that are vulnerable?
A. Identify a replacement device model and replace every device
B. Turn off all of the devices
C. Move the devices to a secured network segment
D. Reverse engineer the devices and build an in-house patch - Alex’s employer creates most of their work output as PDF files. Alex is concerned about
limiting the audience for the PDF files to those individuals who have paid for them. What
technology can he use to most effectively control the access to and distribution of these
files?
A. EDM
B. Encryption
C. Digital signatures
D. DRM