Correct Answer:

To ensure the malware runs at every login to the OS is correct.

This key indicates an application that should run as soon as the user logs in to the system.

Incorrect Answers:

To ensure the malware runs at every boot, to make the malware invisible to antivirus systems on the machine, and all applications must have an entry in this key to run are incorrect.

An application found in this key does not run at every boot, and an entry here does nothing to hide it from antivirus software on the system. All applications do not need to appear in this registry key.

Correct Answer:

PCI DSS is correct.

If you knew that PCI stood for “Payment Card Industry” and DSS stood for “Data Security Standard,” this one was a piece of cake. PCI DSS is actually an evaluation standard developed by the Payment Card Industry Security Standards Council (PCI SSC, which includes American Express, Discover, MasterCard, and Visa, by the way) to secure networks and storage environments for credit card consumer data.

Incorrect Answers:

TCSEC, TNIEG, Common Criteria, and ITSEC are incorrect.

The Trusted Computer System Evaluation Criteria (TCSEC) security evaluation standard is also known as the Orange Book and was created by the DoD to define different types of access controls.

The Trusted Network Interpretation Environments Guideline (TNIEG) outlines minimum security protections required in networking environments.

Common Criteria was designed to help remove vulnerabilities in products before they’re released, and it’s an international standard.

ITSEC is an encryption standard.

Correct Answer:

Cloud consumer is correct. The cloud consumer is the individual or organization that acquires and uses cloud products and services.

Incorrect Answer:

Cloud carrier, cloud auditor, and cloud broker are incorrect.

The cloud carrier is the organization that has the responsibility of transferring the data, akin to the power distributor for the electric grid.

The cloud auditor is the independent assessor of cloud service and security controls.

The cloud broker acts to manage the use, performance, and delivery of cloud services as well as the relationships between providers and subscribers.

Correct Answer:

Use encryption throughout the network is correct.

Of the choices provided, encrypting communications between endpoints on your network does the best job of preventing successful sniffing. Someone may find a way to connect and sniff traffic, but if it’s all encrypted, they won’t receive much of value.

Incorrect Answer:

Implement MAC filtering on wireless access points, use static IP addressing, and ensure strong physical security controls prevent unauthorized access to the server room are incorrect.

MAC filtering is a good idea on a WAP; however, anyone can spoof a MAC address and sniff anyway.

Static IP addressing won’t do a thing to prevent sniffing. Strong security measures throughout your organization will definitely make it harder to pull off a sniffing attack, but on its own this answer protects just the server room—sniffing can be carried out from nearly any available port.

Correct Answer:

Pcap is used on Windows. Libpcap is used on Linux is correct.

Pcap (for Windows) and its Linux-based brother libpcap are the packet capture libraries/drives used by virtually every sniffing and scanning tool you can think of—nmap, Snort, Wireshark, tcpdump, kismet, and L0phtCrack, for example. For extra fun—and possibly a _Jeopardy_-type question on your exam—libpcap was written in C/C++.

Incorrect Answer:

Pcap is an encryption algorithm, Pcap is used on Linux. Libpcap is used on Windows, and Pcap is a command-line tool for sniffing are incorrect.

The other answers provided are not true regarding Pcap.

Correct Answer:

BIA is correct. Business impact analysis (BIA) best matches this description.

A BIA is the actual process that identifies and evaluates the potential effects that man-made or natural events will have on business operations, and it identifies the critical systems that would be affected by them.

Incorrect Answers:

BCP, MTD, and DRP are incorrect.

A business continuity plan (BCP) is a procedure for maintaining business during any event.

Maximum tolerable downtime (MTD) is how much time an asset can be down or unavailable.

Disaster recovery plan (DRP) is exactly what it sounds like.

Correct Answer:

The organization is mitigating the risk is correct.

The actions taken and controls put in place are deigned to mitigate the risk—reducing greatly the likelihood it will ever happen.

Incorrect Answers:

The organization is accepting the risk, the organization is transferring the risk, and the organization is avoiding the risk are incorrect.

Accepting the risk equates to not doing anything at all.

Transferring the risk occurs when a company shifts the risk to another party.

Avoiding the risk is removing it altogether.

Correct Answer:

195.62.18.77 is correct.

The /28 subnet mask tells you the first 28 bits of the address belong to the network ID. In this case, it’s 11000011.00111110.00010010.0100xxxx (where x marks the bits remaining for hosts). To find the network ID, change all host bits to zero (0000). To find the first useable address, change the last host bit to a one (0001). To find the last useable address, change all but the last bit to a one (1110). Finally, to find the broadcast address, change all bits to one (1111). This means your network ID is 64, the useable address range is 65–78, and the broadcast address for the subnet is 79.

Incorrect Answers:

195.62.18.64, 195.62.18.79, and 195.62.18.80 are incorrect.

These represent the network ID, broadcast ID, and the next subnet ID, respectively.

Correct Answer:

It is a Layer 2 protocol is correct. Spanning Tree Protocol is considered a Layer 2 protocol. It prevents switching loops (sending packets whizzing about forever in a perpetual broadcast loop) by killing connecting ports along the way.

Incorrect Answers:

It is a Layer 7 protocol, It is a Layer 5 protocol, and It is a Layer 4 protocol are incorrect.

These statements are not true regarding STP.

Correct Answer:

Windows is correct. For whatever reason, many wireless NICs don’t have good support for monitor mode in Windows. They seem to be okay catching general traffic, but the control packets are hard to come by.

Incorrect Answers:

MacOS, Linux, and FreeBSD 5.2 are incorrect.

Linux variants and macOS wireless NICs provide better support for monitor mode.