Chapter 7: Security Operations (Domain 7) 391
witnesses testify about their direct observations. Real evidence consists of tangible items
brought into court as evidence. Documentary evidence consists of written records used as
evidence in court.- D. The standard methods for clearing magnetic tapes, according to the NIST Guidelines
for Media Sanitization, are overwriting the tape with nonsensitive data, degaussing, and
physical destruction via shredding or incineration. Reformatting a tape does not remove
remnant data. - B. RAID level 1, also known as disk mirroring, uses two disks that contain identical
information. If one disk fails, the other contains the data needed for the system to
continue operation. - B. The analysis of application logs is one of the core tasks of software analysis. This is the
correct answer because SQL injection attacks are application attacks. - C. Quantum may choose to use any or all of these security controls, but data encryption
is, by far, the most important control. It protects the confidentiality of data stored on the
tapes, which are most vulnerable to theft while in transit between two secure locations. - C. Data loss prevention (DLP) systems may identify sensitive information stored on
endpoint systems or in transit over a network. This is their primary purpose. Intrusion
detection and prevention systems (IDS/IPS) may be used to identify some sensitive
information using signatures built for that purpose, but this is not the primary role
of those tools and they would not be as effective as DLP systems at this task. TLS is a
network encryption protocol that may be used to protect sensitive information, but it does
not have any ability to identify sensitive information. - D. If software is released into the public domain, anyone may use it for any purpose,
without restriction. All other license types contain at least some level of restriction. - A. In a man-in-the-middle attack, attackers manage to insert themselves into a connection
between a user and a legitimate website, relaying traffic between the two parties while
eavesdropping on the connection. Although similarly named, the meet-in-the-middle
attack is a cryptographic attack that does not necessarily involve connection tampering.
Fraggle is a network-based denial of service attack using UDP packets. Wardriving is a
reconnaissance technique for discovering open or weakly secured wireless networks. - C. The two main methods of choosing records from a large pool for further analysis
are sampling and clipping. Sampling uses statistical techniques to choose a sample that
is representative of the entire pool, while clipping uses threshold values to select those
records that exceed a predefined threshold because they may be of most interest to
analysts. - C. Generators are capable of providing backup power for a sustained period of time in the
event of a power loss, but they take time to activate. Uninterruptible power supplies (UPS)
provide immediate, battery-driven power for a short period of time to cover momentary
losses of power, which would not cover a sustained period of power loss. RAID and
redundant servers are high-availability controls but do not cover power loss scenarios.