412 Appendix ■ Answers
6 8. C. Masquerading (or impersonation) attacks use stolen or falsified credentials to bypass
authentication mechanisms. Spoofing attacks rely on falsifying an identity like an IP
address or hostname without credentials. Replay attacks are a more specific type of
masquerading attack that relies on captured network traffic to reestablish authorized
connections. Modification attacks occur when captured packets are modified and replayed
to a system to attempt to perform an action.- A. OpenID Connect is an authentication layer that works with OAuth 2.0 as its
underlying authorization framework. It has been widely adopted by cloud service
providers and is widely supported. - C. This scenario describes separation of duties—not allowing the same person to hold
two roles that, when combined, are sensitive. While two-person control is a similar
concept, it does not apply in this case because the scenario does not say that either action
requires the concurrence of two users. - C. The parol evidence rule states that when an agreement between two parties is put into
written form, it is assumed to be the entire agreement unless amended in writing. The best
evidence rule says that a copy of a document is not admissible if the original document is
available. Real evidence and testimonial evidence are evidence types, not rules of evidence. - A. Network Address Translation (NAT) translates an internal address to an external
address. VLANs are used to logically divide networks, BGP is a routing protocol, and
S/nAT is a made-up term. - A. SSAE-18 does not assert specific controls. Instead, it reviews the use and application of
controls in an audited organization. It is an attestation standard, used for external audits,
and forms part of the underlying framework for SOC 1, 2, and 3 reports. - D. A constrained user interface restricts what users can see or do based on their privileges.
This can result in grayed-out or missing menu items, or other interface changes. Activity-
based controls are called context-dependent controls, whereas controls based on the
content of an object are content-dependent controls. Preventing unauthorized users from
logging in is a basic authentication function. - B. The recovery time objective (RTO) is the amount of time expected to return an IT
service or component to operation after a failure. The maximum tolerable downtime
(MTD) is the longest amount of time that an IT service or component may be unavailable
without causing serious damage to the organization. The recovery point objective (RPO)
identifies the maximum amount of data, measured in time, that may be lost during a
recovery effort. Service-level agreements (SLAs) are written contracts that document
service expectations. - C. Change management typically requires sign-off from a manager or supervisor before
changes are made. This helps to ensure proper awareness and communication. SDN stands
for software-defined networking, release management is the process that new software
releases go through to be accepted, and versioning is used to differentiate versions of
software, code, or other objects.