Chapter 9: Practice Test 1 407
- A. Identity as a service (IDaaS) provides an identity platform as a third-party service. This
can provide benefits, including integration with cloud services and removing overhead for
maintenance of traditional on-premise identity systems, but can also create risk due to
third-party control of identity services and reliance on an offsite identity infrastructure. - A. Gina’s actions harm the CISSP certification and information security community
by undermining the integrity of the examination process. While Gina also is acting
dishonestly, the harm to the profession is more of a direct violation of the code of ethics. - A. The annualized loss expectancy is the amount of damage that the organization expects
to occur each year as the result of a given risk. - C. The whitelisting approach to application control allows users to install only those
software packages specifically approved by administrators. This would be an appropriate
approach in a scenario where application installation needs to be tightly controlled. - A. This is a clear example of a denial of service attack—denying legitimate users
authorized access to the system through the use of overwhelming traffic. It goes beyond
a reconnaissance attack because the attacker is affecting the system, but it is not a
compromise because the attacker did not attempt to gain access to the system. There is no
reason to believe that a malicious insider was involved. - A. The Company ID is likely unique for each row in the table, making it the best choice
for a primary key. There may be multiple companies that share the same name or ZIP
code. Similarly, a single sales representative likely serves more than one company, making
those fields unsuitable for use as a unique identifier. - C. Personally identifiable information (PII) includes data that can be used to distinguish
or trace that person’s identity, and also includes information like their medical,
educational, financial, and employment information. PHI is personal health information,
EDI is electronic data interchange, and proprietary data is used to maintain an
organization’s competitive advantage. - D. 1 29.53.44.124 is a valid public IP address and a legitimate destination for traffic
leaving Bob’s network. 12.8.195.15 is a public address on Bob’s network and should not
be a destination address on a packet leaving the network. 10.8.15.9 and 192.168.109.55
are both private IP addresses that should not be routed to the Internet. - D. Binary keyspaces contain a number of keys equal to 2 raised to the power of the
number of bits. Two to the sixth power is 64, so a 6-bit keyspace contains 64 possible
keys. The number of viable keys is usually smaller in most algorithms due to the presence
of parity bits and other algorithmic overhead or security issues that restrict the use of
some key values. - D. Research has shown that traditional methods of sanitizing files on SSDs were not
reliable. SSDs remap data sectors as part of wear leveling, and erase commands are not
consistently effective across multiple SSD brands. Zero fills can be performed on SSDs
but may not be effective, much like erase commands. Degaussing doesn’t work on SSDs
because they are flash media, rather than magnetic media.