322 Appendix ■ Answers
4 8. C. RAID uses additional hard drives to protect the server against the failure of a single
device. Load balancing and server clustering do add robustness but require the addition of
a server. Scheduled backups protect against data loss but do not provide immediate access
to data in the event of a hard drive failure.- A. Hashing allows you to computationally verify that a file has not been modified
between hash evaluations. ACLs and read-only attributes are useful controls that may
help you prevent unauthorized modification, but they cannot verify that files were not
modified. Firewalls are network security controls and do not verify file integrity. - B. The Fourth Amendment directly prohibits government agents from searching
private property without a warrant and probable cause. The courts have expanded the
interpretation of the Fourth Amendment to include protections against other invasions of
privacy. - A. Business continuity plan documentation normally includes the continuity planning
goals, a statement of importance, statement of priorities, statement of organizational
responsibility, statement of urgency and timing, risk assessment and risk acceptance and
mitigation documentation, a vital records program, emergency response guidelines, and
documentation for maintaining and testing the plan. - D. Mandatory vacation programs require that employees take continuous periods of
time off each year and revoke their system privileges during that time. This will hopefully
disrupt any attempt to engage in the cover-up actions necessary to hide fraud and result in
exposing the threat. Separation of duties, least privilege, and defense in depth controls all
may help prevent the fraud in the first place but are unlikely to speed the detection of fraud
that has already occurred. - C. Electronic vaulting is a data backup task that is part of disaster recovery, not business
continuit y, efforts. - C. Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks try
to disrupt the availability of information systems and networks by flooding a victim with
traffic or otherwise disrupting service. - B. Baselines provide the minimum level of security that every system throughout the
organization must meet. - C. Everyone in the organization should receive a basic awareness training for the
business continuity program. Those with specific roles, such as first responders and senior
executives, should also receive detailed, role-specific training. - C. If the organization’s primary concern is the cost of rebuilding the data center, James
should use the replacement cost method to determine the current market price for
equivalent servers. - D. The Computer Security Act of 1987 gave the National Institute of Standards and
Technology (NIST) responsibility for developing standards and guidelines for federal
computer systems. For this purpose, NIST draws upon the technical advice and assistance
of the National Security Agency where appropriate.