Correct Answer:

Business impact analysis is correct. The business impact analysis (BIA) examines the loss of revenue, legal obligations, and customer service interruption that can arise as the result of a disaster.

Incorrect Answers:

Risk analysis is incorrect. A risk analysis identifies specific aspects of your organization’s business operations that are vulnerable to specific types of risks.

Contingency plan is incorrect. A contingency plan establishes the procedures that can quickly recover critical systems after a service disruption, and it defines and prioritizes specific tasks to aid in the recovery process.

Escalation plan is incorrect. An escalation plan identifies which people to notify to escalate issues during a disaster.

Correct Answer:

Known environment penetration testing is correct. Known environment penetration testing is performed in the testing cycle after the code is generated.

Incorrect Answers:

Static code review and dynamic code review are incorrect. Static and dynamic code reviews occur during the development cycle.

OS patching is incorrect. Patching the operating system on which the code is running will not prevent security bugs in the application code.

Correct Answer:

Take a picture of the screen with the error message is correct. You should immediately take a picture of the screen with the error and message on the screen because if you restart the server, you won’t be able to see this message again.

Incorrect Answers:

Restart the system to restore operations and restart the system and print out the error logs are incorrect. You will have no evidence of the message if you restart the system.

Perform a backup of the web server is incorrect. Backing up the web server will not preserve the error message on the screen.

Correct Answer:

Enable authentication with strong passwords is correct. By using a strong authentication method, you reduce the risk that a malicious user can hack into the admin account on the access point.

Incorrect Answer:

Restrict remote access to direct wired connections is incorrect. A hacker could still connect to the access point using a wired connection if he is in the facility.

Disable SSID broadcast and disable 802.11g/n mixed mode are incorrect. Disabling SSID broadcast or mixed mode does not protect against remote access attempts on the access point.

Correct Answer:

Symmetric is correct. In a symmetric encryption scheme, both parties use the same key for encryption and decryption purposes. The sender uses the key to encrypt the message and then transmits that message to the receiver. The receiver, who is in possession of the same key, uses it to decrypt the message.

Incorrect Answers:

Steganography is incorrect. Steganography is used to hide data within another medium.

Hashing is incorrect. Hashing is used for checking the integrity of a message.

Asymmetric is incorrect. Asymmetric cryptography uses a public and private key pair for encryption.

Correct Answer:

Full-disk encryption is correct. You can encrypt the contents of the laptops’ hard drives so that they can’t be accessed without a passphrase or other measure entered by the sales engineers.

Incorrect Answers:

Provide a hardware locking cable is incorrect. A hardware locking cable will only provide physical security for the laptops.

Enable a BIOS password and nnable a screensaver password are incorrect. Although the passwords secure access to the laptops, they do not secure the contents fully.

Correct Answer:

Disable the user’s account and change the admin password of all network devices and servers is correct. The network administrator’s account should be disabled as per the termination policies. The network administrator will have knowledge of the passwords for all critical network devices and servers, and these should be immediately changed.

Incorrect Answers:

Limit logon attempts on the user’s account is incorrect. Any access the network administrator had should be immediately disabled to prevent him from accessing the network.

Set time restrictions for the user’s account and disable the user’s account and change the admin password of all network devices and servers are incorrect. Setting time restrictions and retaining the account will still leave it open for access.

Correct Answer:

Watering hole attack is correct. A watering hole attack lies in wait for users to visit a particular website, where malware targeting those specific users has often been implanted. The website is often commonly visited by those users and not necessarily others.

Incorrect Answers:

Poisoned DNS server is incorrect. A poisoned Domain Name System (DNS) server could redirect to a website serving malware, but since all the systems visited the same website, it is less likely.

SQL injection is incorrect. Structured Query Language (SQL) injection is a type of command injection attack that is performed on SQL database servers.

Spoofing is incorrect. A spoofing attack occurs when a device or user is spoofed to launch an attack.

Correct Answer:

Secure authenticated zone transfers is correct. Domain Name Service (DNS) poisoning attacks can be mitigated by ensuring that your DNS server updates its information only from authoritative sources by proper authentication or the use of secure communications.

Incorrect Answers:

Encrypting host files and encrypting DNS lookups are incorrect. Encrypting host files or DNS lookups would have no effect on DNS server poisoning.

Using reverse DNS resolution is incorrect. Reverse DNS resolution is a normal practice to resolve IP addresses to host names and would not prevent DNS poisoning.

Correct Answer:

Integrity is correct. Integrity ensures that your data is consistent and never modified by unauthorized persons or manipulated in any intentional or accidental manner.

Incorrect Answers:

Confidentiality is incorrect. Confidentiality refers to making sure that data is only accessed by authorized users.

Availability is incorrect. Availability refers to making sure that data is available when authorized users need to access it.

Privacy is incorrect. Privacy refers to the control an individual has over their personal information and how it is used and disseminated.