free
13 Which of the following tools cannot be used to make a forensic disk image?
A. xcopy
B. FTK
C. dd
D. EnCase
14 During a forensic investigation, Shelly is told to look for information in slack space on the drive. Where should she look, and what is she likely to find?
A. She should look at unallocated space, and she is likely to find file fragments from deleted files.
B. She should look at unused space where files were deleted, and she is likely to find complete files hidden there by the individual being investigated.
C. She should look in the space reserved on the drive for spare blocks, and she is likely to find complete files duplicated there.
D. She should look at unused space left when a file is written, and she is likely to find file fragments from deleted files.
15 What type of system is used to contain an attacker to allow them to be monitored?
A. A white box
B. A sandbox
C. A network jail
D. A VLAN
16 Bob’s manager has asked him to ensure that a compromised system has been completely purged of the compromise. What is Bob’s best course of action?
A. Use an antivirus tool to remove any associated malware
B. Use an antimalware tool to completely scan and clean the system
C. Wipe and rebuild the system
D. Restore a recent backup
17 What level of secure media disposition as defined by NIST SP-800-88 is best suited to a hard drive from a high-security system that will be reused in the same company by an employee of a different level or job type?
A. Clear
B. Purge
C. Destroy
D. Reinstall
18 Which of the following actions is not a common activity during the recovery phase of an incident response process?
A. Reviewing accounts and adding new privileges
B. Validating that only authorized user accounts are on the systems
C. Verifying that all systems are logging properly
D. Performing vulnerability scans of all systems
19 A statement like “Windows workstations must have the current security configuration template applied to them before being deployed” is most likely to be part of which document?
A. Policies
B. Standards
C. Procedures
D. Guidelines
20 Jim is concerned with complying with the U.S. federal law covering student educational records. Which of the following laws is he attempting to comply with?
A. HIPAA
B. GLBA
C. SOX
D. FERPA
21 A fire suppression system is an example of what type of control?
A. Logical
B. Physical
C. Administrative
D. Operational
22 Lauren is concerned that Danielle and Alex are conspiring to use their access to defraud their organization. What personnel control will allow Lauren to review their actions to find any issues?
A. Dual control
B. Separation of duties
C. Background checks
D. Cross training
23 Joe wants to implement an authentication protocol that is well suited to untrusted networks. Which of the following options is best suited to his needs in its default state?
A. Kerberos
B. RADIUS
C. LDAP
D. TACACS+
24 Which software development life cycle model uses linear development concepts in an iterative, four-phase process?
A. Waterfall
B. Agile
C. RAD
D. Spiral
Chapter 1
Defending Against Cybersecurity Threats
Domain 1: Threat Management
✓ 1.3 Given a network-based threat, implement or recommend the appropriate response and countermeasure.
✓ 1.4 Explain the purpose of practices used to secure a corporate environment.
In the first section of this chapter, you will learn how to assess the cybersecurity threats facing your organization and determine the risk that they pose to the confidentiality, integrity, and availability of your operations. In the sections that follow, you will learn about some of the controls that you can put in place to secure networks and endpoints and evaluate the effectiveness of those controls over time.
Cybersecurity Objectives
When most people think of cybersecurity, they imagine hackers trying to break into an organization’s system and steal sensitive information, ranging from Social Security numbers and credit cards to top-secret military information. Although protecting sensitive information from unauthorized disclosure is certainly one element of a cybersecurity program, it is important to understand that cybersecurity actually has three complementary objectives, as shown in Figure 1.1.
Figure 1.1 The three key objectives of cybersecurity programs are confidentiality, integrity, and availability.
Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information. Cybersecurity professionals develop and implement security controls, including firewalls, access control lists, and encryption, to prevent unauthorized access to information. Attackers may seek to undermine confidentiality controls to achieve one of their goals: the unauthorized disclosure of sensitive information.
Integrity ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally. Integrity controls, such as hashing and integrity monitoring solutions, seek to enforce this requirement. Integrity threats may come from attackers seeking the alteration