390 Appendix ■ Answers
8 2. C. SSH uses TCP port 22, so this attack is likely an attempt to scan for open or weakly
secured SSH servers. FTP uses ports 20 and 21. Telnet uses port 23, and HTTP uses
port 80.- C. The ping of death attack placed more data than allowed by the specification in
the payload of an ICMP echo request packet. This is similar to the modern-day buffer
overflow attack where attackers attempt to place more data in a targeted system’s memory
that consumes more space than is allocated for that data. - C. In an infrastructure as a service environment, the vendor is responsible for hardware-
and network-related responsibilities. These include configuring network firewalls,
maintaining the hypervisor, and managing physical equipment. The customer retains
responsibility for patching operating systems on its virtual machine instances. - B. Sandboxing is a technique where application developers (or the recipients of an
untrusted application) may test the code in a virtualized environment that is isolated from
production systems. White box testing, black box testing, and penetration testing are all
common software testing techniques but do not require the use of an isolated system. - C. While it may not immediately seem like the obvious answer, many firewalls have a
built-in anti–SYN flood defense that responds to SYNs on behalf of protected systems.
Once the remote system proves to be a legitimate connection by continuing the three-way
handshake, the rest of the TCP session is passed through. If the connection proves to be an
attack, the firewall handles the additional load using appropriate mitigation techniques.
Blocking SYNs from known or unknown IP addresses is likely to cause issues with systems
that should be able to connect, and turning off TCP will break most modern network
services!
8 7. A. Transitive trusts go beyond the two domains directly involved in the trust relationship
and extend to their subdomains.- C. In a platform as a service solution, the customer supplies application code that the
vendor then executes on its own infrastructure. - A. Companies have an obligation to preserve evidence whenever they believe that the
threat of litigation is imminent. The statement made by this customer that “we will
have to take this matter to court” is a clear threat of litigation and should trigger the
preservation of any related documents and records. - B. The Fourth Amendment states, in part, that “the right of the people to be secure in
their persons, houses, papers and effects, against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue, but upon probable cause, supported by
Oath or affirmation, and particularly describing the place to be searched, and the persons
or things to be seized.” The First Amendment contains protections related to freedom of
speech. The Fifth Amendment ensures that no person will be required to serve as a witness
against themselves. The Fifteenth Amendment protects the voting rights of citizens. - A. Expert opinion evidence allows individuals to offer their opinion based upon the facts
in evidence and their personal knowledge. Expert opinion evidence may be offered only
if the court accepts the witness as an expert in a particular field. Direct evidence is when