406 Appendix ■ Answers
13. D. Clipping is an analysis technique that only reports alerts after they exceed a set
threshold. It is a specific form of sampling, which is a more general term that describes
any attempt to excerpt records for review. Thresholding is not a commonly used term.
Administrators may choose to configure automatic or manual account lockout after failed
login attempts but that is not described in the scenario.- B. RADIUS is a common AAA technology used to provide services for dial-up, wireless
networks, network devices, and a range of other systems. OAuth is an authentication
protocol used to allow applications to act on a user’s behalf without sharing the password,
and is used for many web applications. While both XTACACS and TACACS+ provide the
functionality Sally is looking for, both are Cisco proprietary protocols. - C. In an inference attack, the attacker uses several pieces of generic nonsensitive
information to determine a specific sensitive value. - A. The take rule allows a subject to take the rights belonging to another object. If
Alice has take rights on Bob, she can give herself the same permissions that Bob already
possesses. - B. Brute-force attacks try every possible password. In this attack, the password is
changing by one letter at each attempt, which indicates that it is a brute-force attack. A
dictionary attack would use dictionary words for the attack, whereas a man-in-the-middle
or pass-the-hash attack would most likely not be visible in an authentication log except as
a successful login. - B. Isolation requires that transactions operate separately from each other. Atomicity
ensures that if any part of a database transaction fails, the entire transaction must be
rolled back as if it never occurred. Consistency ensures that all transactions are consistent
with the logical rules of the database, such as having a primary key. Durability requires
that once a transaction is committed to the database it must be preserved. - B. Worms have built-in propagation mechanisms that do not require user interaction,
such as scanning for systems containing known vulnerabilities and then exploiting those
vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction
to spread. Logic bombs do not spread from system to system but lie in wait until certain
conditions are met, triggering the delivery of their payload. - D. PCI DSS, the Payment Card Industry Data Security Standard, is an industry standard
for credit card operations and handling. HIPAA, SOX, and FERPA are all US laws. - C. The TCP three-way handshake consists of initial contact via a SYN, or synchronize
flagged packet; which receives a response with a SYN/ACK, or synchronize and
acknowledge flagged packet; which is acknowledged by the original sender with an ACK,
or acknowledge packet. RST is used in TCP to reset a connection, PSH is used to send
data immediately, and FIN is used to end a connection. - B. MDM products do not have the capability of assuming control of a device not currently
managed by the organization. This would be equivalent to hacking into a device owned by
someone else and might constitute a crime.