402 Appendix ■ Answers
8 2. C. In the Establishing phase of the IDEAL model, the organization takes the general
recommendations from the Diagnosing phase and develops a specific plan of action that
achieves those changes.- D. Messages similar to the one shown in the figure are indicative of a ransomware attack.
The attacker encrypts files on a user’s hard drive and then demands a ransom, normally
paid in Bitcoin, for the decryption key required to restore access to the original content.
Encrypted viruses, on the other hand, use encryption to hide themselves from antivirus
mechanisms and do not alter other contents on the system. - D. Despite many organizations moving to Agile, DevOps, or other more responsive
development methodologies, waterfall remains a strong contender when clear objectives
and stable requirements are combined with a need to prevent flaws and to have a high level
of control over the development process and output. - D. Neural networks attempt to use complex computational techniques to model the
behavior of the human mind. Knowledge banks are a component of expert systems, which
are designed to capture and reapply human knowledge. Decision support systems are
designed to provide advice to those carrying out standard procedures and are often driven
by expert systems. - B. In level 2, the Repeatable level of the SW-CMM, an organization introduces basic
lifecycle management processes. Reuse of code in an organized fashion begins, and
repeatable results are expected from similar projects. The key process areas for this level
include Requirements Management, Software Project Planning, Software Project Tracking
and Oversight, Software Subcontract Management, Software Quality Assurance, and
Software Configuration Management.
8 7. C. The key to this question is that Lucas suspects the tampering took place before the
employee departed. This is the signature of a logic bomb: malicious code that lies dormant
until certain conditions are met. The other attack types listed here—privilege escalation,
SQL injection, and remote code execution—would more likely take place in real time.- A. The Agile approach to software development embraces four principles. It values
individuals and interactions over processes and tools, working software over
comprehensive documentation, customer collaboration over contract negotiation, and
responding to change over following a plan. - C. API developers commonly use API keys to limit access to authorized users and
applications. Encryption provides for confidentiality of information exchanged using
an API but does not provide authentication. Input validation is an application security
technique used to protect against malicious input. IP filters may be used to limit access to
an API, but they are not commonly used because it is difficult to deploy an API with IP
filters since the filters require constant modification and maintenance as endpoints change. - C. Signature detection is extremely effective against known strains of malware because
it uses a very reliable pattern matching technique to identify known malware. Signature
detection is, therefore, the most reliable way to detect known malware. This technique is
not, however, effective against the zero-day malware typically used by advanced persistent