Chapter 10: Practice Test 2 425
- C. Password histories retain a list of previous passwords, preferably a list of salted hashes
for previous passwords, to ensure that users don’t reuse their previous passwords. Longer
minimum age can help prevent users from changing their passwords and then changing
them back but won’t prevent a determined user from eventually getting their old password
back. Length requirements and complexity requirements tend to drive users to reuse
passwords if they’re not paired with tools like single sign-on, password storage systems, or
other tools that decrease the difficulty of password management. - B. The Single Loss Expectancy (SLE) is the amount of damage that a risk is expected to
cause each time that it occurs. - B. Sanitization includes steps like removing the hard drive and other local storage
from PCs before they are sold as surplus. Degaussing uses magnetic fields to wipe
media; purging is an intense form of clearing used to ensure that data is removed and
unrecoverable from media; and removing does not necessarily imply destruction of the
drive. - D. During the Reporting phase, incident responders assess their obligations under laws
and regulations to report the incident to government agencies and other regulators. - B. Service Provisioning Markup Language (SPML) is an OASIS developed markup
language designed to provide service, user, and resource provisioning between
organizations. Security Assertion Markup Language (SAML) is used to exchange user
authentication and authorization data. Extensible Access Control Markup Language
(XACML) is used to describe access controls. Service-oriented architecture (SOA) is not a
markup language. - B. While full device encryption doesn’t guarantee that data cannot be accessed, it
provides Michelle’s best option for preventing data from being lost with a stolen device
when paired with a passcode. Mandatory passcodes and application management can
help prevent application-based attacks and unwanted access to devices, but won’t keep
the data secure if the device is lost. Remote wipe and GPS location is useful if the thief
allows the device to connect to a cellular or Wi-Fi network. Unfortunately, many modern
thieves immediately take steps to ensure that the device will not be trackable or allowed to
connect to a network before they capture data or wipe the device for resale. - D. SMTP servers that don’t authenticate users before relaying their messages are known as
open relays. Open relays that are Internet exposed are typically quickly exploited to send
email for spammers. - D. Sending logs to a secure log server, sometimes called a bastion host, is the most
effective way to ensure that logs survive a breach. Encrypting local logs won’t stop an
attacker from deleting them, and requiring administrative access won’t stop attackers who
have breached a machine and acquired escalated privileges. Log rotation archives logs
based on time or file size, and can also purge logs after a threshold is hit. Rotation won’t
prevent an attacker from purging logs.