392 Appendix ■ Answers
1 01. D. The benefits of additional discovery must be proportional to the additional costs that
they will require. This prevents additional discovery requests from becoming inordinately
expensive, and the requester will typically have to justify these requests to the judge
presiding over the case.- A. System Center Configuration Manager (SCCM) provides this capability and is designed
to allow administrators to evaluate the configuration status of Windows workstations and
servers, as well as providing asset management data. SCOM is primarily used to monitor
for health and performance, Group Policy can be used for a variety of tasks including
deploying settings and software, and custom PowerShell scripts could do this but should
not be required for a configuration check. - C. Physical destruction, an appropriate contract with certification, and secure wiping
are all reasonable options. In each case, a careful inventory and check should be done to
ensure that each drive is handled appropriately. Reformatting drives can leave remnant
data, making this a poor data lifecycle choice for drives that contain sensitive data. - A. A lessons learned document is often created and distributed to involved parties after a
postmortem review to ensure that those who were involved in the incident and others who
may benefit from the knowledge are aware of what they can do to prevent future issues
and to improve response in the event that one occurs. - B. While it may be tempting to tell her staff to simply not connect to any network, Susan
knows that they will need connectivity to do their work. Using a VPN to connect their
laptops and mobile devices to a trusted network and ensuring that all traffic is tunneled
through the VPN is her best bet to secure their Internet usage. Susan may also want to
ensure that they take “clean” laptops and devices that do not contain sensitive information
or documents and that those systems are fully wiped and reviewed when they return. - B. Quality of service is a feature found on routers and other network devices that can
prioritize specific network traffic. QoS policies define which traffic is prioritized, and
traffic is then handled based on the policy. - A. John’s design provides multiple processing sites, distributing load to multiple regions.
Not only does this provide business continuity and disaster recovery functionality, but it
also means that his design will be more resilient to denial of service attacks. - C. A whitelist of allowed applications will ensure that Lauren’s users can run only the
applications that she preapproves. Blacklists would require her to maintain a list of every
application that she doesn’t want to allow, which is an almost impossible task. Graylisting
is not a technology option, and configuration management can be useful for making sure
the right applications are on a PC but typically can’t directly prevent users from running
undesired applications or programs. - B. Duress, or being under threat of violence or other constraints, is a concern for
organizations such as banks, jewelry stores, or other organizations where an attacker may
attempt to force an employee to perform actions. Organizations that expect that a scenario
like this may occur will often use duress code words that let others know that they are
performing actions under threat.