414 Appendix ■ Answers
8 7. B. During the preservation phase, the organization ensures that information related to the
matter at hand is protected against intentional or unintentional alteration or deletion. The
identification phase locates relevant information but does not preserve it. The collection
phase occurs after preservation and gathers responsive information. The processing phase
performs a rough cut of the collected information for relevance.- D. Nessus, OpenVAS, the EU-U.S. Privacy Shield scanner and manager, and SAINT are
all vulnerability scanning tools. All provide port scanning capabilities as well but are more
than simple port scanning tools. - D. In the subject/object model, the object is the resource being requested by a subject. In
this example, Harry would like access to the document, making the document the object
of the request. - C. The process of removing a header (and possibly a footer) from the data received from a
previous layer in the OSI model is known as de-encapsulation. Encapsulation occurs when
the header and/or footer are added. Payloads are part of a virus or malware package that
are delivered to a target, and packet unwrapping is a made-up term. - C. Metasploit is a tool used to exploit known vulnerabilities. Nikto is a web application
and server vulnerability scanning tool, Ettercap is a man-in-the-middle attack tool, and
THC Hydra is a password brute-force tool. - C. Service Provisioning Markup Language (SPML) uses Requesting Authorities to issue
SPML requests to a Provisioning Service Point. Provisioning Service Targets are often
user accounts, and are required to be allowed unique identification of the data in its
implementation. SAML is used for security assertions, SAMPL is an algebraic modeling
language, and XACML is an access control markup language used to describe and process
access control policies in an XML format. - D. The use of a probability/impact matrix is the hallmark of a qualitative risk assessment
It uses subjective measures of probability and impact, such as “high” and “low,” in place
of quantitative measures. - B. Mandatory access control systems can be hierarchical, where each domain is ordered
and related to other domains above and below it; compartmentalized, where there is no
relationship between each domain; or hybrid, where both hierarchy and compartments are
used. There is no concept of bracketing in mandatory access control design. - C. RAID level 5 is also known as disk striping with parity. RAID 0 is called disk striping.
RAID 1 is called disk mirroring. RAID 10 is known as a stripe of mirrors. - B. Category 5e and Category 6 UTP cable are both rated to 1000 Mbps. Cat 5
(not Cat 5e) is only rated to 100 Mbps, whereas Cat 7 is rated to 10 Gbps. There is
no Cat 4e. - A. Developing a business impact assessment is an integral part of the business continuity
planning effort. The selection of alternate facilities, activation of those facilities, and
restoration of data from backup are all disaster recovery tasks.