Chapter 7: Security Operations (Domain 7) 383
- D. Hotfixes, updates, and security fixes are all synonyms for single patches designed to
correct a single problem. Service packs are collections of many different updates that serve
as a major update to an operating system or application. - C. A forensic disk controller performs four functions. One of those, write blocking,
intercepts write commands sent to the device and prevents them from modifying data on
the device. The other three functions include returning data requested by a read operation,
returning access-significant information from the device, and reporting errors from the
device back to the forensic host. - A. Lydia is following the need to know principle. While the user may have the appropriate
security clearance to access this information, there is no business justification provided, so
she does not know that the user has an appropriate need to know the information. - The terms match with the definitions as follows:
- Honeypot: C. A system set up with intentional vulnerabilities.
- Honeynet: B. A network set up with intentional vulnerabilities.
- Pseudoflaw: A. An intentionally designed vulnerability used to lure in an attacker.
- Darknet: D. A monitored network without any hosts.
A darknet is a segment of unused network address space that should have no network
activity and, therefore, may be easily used to monitor for illicit activity. A honeypot is a
decoy computer system used to bait intruders into attacking. A honeynet is a network
of multiple honeypots that creates a more sophisticated environment for intruders to
explore. A pseudoflaw is a false vulnerability in a system that may attract an attacker.
- C. Job rotation and mandatory vacations deter fraud by increasing the likelihood that
it will be detected. Two-person control deters fraud by requiring collusion between two
employees. Incident response does not normally serve as a deterrent mechanism. - D. The scenario describes a mix of public cloud and private cloud services. This is an
example of a hybrid cloud environment. - A. The change log contains information about approved changes and the change
management process. While other logs may contain details about the change’s effect, the
audit trail for change management would be found in the change log. - D. In a software as a service solution, the vendor manages both the physical infrastructure
and the complete application stack, providing the customer with access to a fully managed
application. - D. The Common Vulnerability and Exposures (CVE) dictionary contains standardized
information on many different security issues. The Open Web Application Security
Project (OWASP) contains general guidance on web application security issues but does
not track specific vulnerabilities or go beyond web applications. The Bugtraq mailing list
and Microsoft Security Bulletins are good sources of vulnerability information but are not
comprehensive databases of known issues.