162 Chapter 7 ■ Security Operations (Domain 7)
- What type of attack is shown in the following figure?
Attacker
SYN
SYN/ACK
SYN/ACK
SYN/ACK
SYN
SYN
Victim
A. SYN flood
B. Ping flood
C. Smurf
D. Fraggle
- Florian is building a disaster recovery plan for his organization and would like to deter-
mine the amount of time that a particular IT service may be down without causing serious
damage to business operations. What variable is Florian calculating?
A. RTO
B. MTD
C. RPO
D. SLA - Which one of the following statements best describes a zero-day vulnerability?
A. An attacker who is new to the world of hacking
B. A database attack that places the date 00/00/0000 in data tables in an attempt to
exploit flaws in business logic
C. An attack previously unknown to the security community
D. An attack that sets the operating system date and time to 00/00/0000 and 00:00:00 - Which one of the following is not a canon of the (ISC)^2 code of ethics?
A. Protect society, the common good, necessary public trust and confidence, and the
infrastructure.
B. Promptly report security vulnerabilities to relevant authorities.
C. Act honorably, honestly, justly, responsibly, and legally.
D. Provide diligent and competent service to principals. - During an incident investigation, investigators meet with a system administrator who may
have information about the incident but is not a suspect. What type of conversation is
taking place during this meeting?
A. Interview
B. Interrogation