Chapter 7 ■ Security Operations (Domain 7) 153
- What type of evidence consists entirely of tangible items that may be brought into a court
of law?
A. Documentary evidence
B. Parol evidence
C. Testimonial evidence
D. Real evidence - Which one of the following trusted recovery types does not fail into a secure operating
state?
A. Manual recovery
B. Automated recovery
C. Automated recovery without undue loss
D. Function recovery - Which one of the following might a security team use on a honeypot system to consume
an attacker’s time while alerting administrators?
A. Honeynet
B. Pseudoflaw
C. Warning banner
D. Darknet - Toni responds to the desk of a user who reports slow system activity. Upon checking out-
bound network connections from that system, Toni notices a large amount of social media
traffic originating from the system. The user does not use social media, and when Toni
checks the accounts in question, they contain strange messages that appear encrypted.
What is the most likely cause of this traffic?
A. Other users are relaying social media requests through Toni’s computer.
B. Toni’s computer is part of a botnet.
C. Toni is lying about her use of social media.
D. Someone else is using Toni’s computer when she is not present. - Under what virtualization model does the virtualization platform separate the network
control plane from the data plane and replace complex network devices with simpler
devices that simply receive instructions from the controller?
A. Virtual machines
B. VSAN
C. VLAN
D. SDN