Correct answer:

Confidentiality prevents unauthorized disclosure of data. Encryption and access controls help provide confidentiality.

Incorrect answers:

While encryption and access controls help ensure confidentiality, they are the methods, not the goals.

Integrity helps protect against unauthorized modification of data.

Correct answers:

Effective malicious activity countermeasures include hardening systems, increasing user awareness, and patching systems.

Incorrect answer:

Virtualization refers to replacing hardware with software, such as hosting 20 virtual servers on a single hardware server. This isn’t a malicious activity countermeasure.

Correct answer:

A failure of the business continuity plan (BCP) is typically due to a lack of support by senior management personnel. This is a good example of the need to understand common acronyms. If you read the question as “What does a failure of the business continuity plan usually indicate?” the answer is clearer. Senior management is responsible major business decisions.

Incorrect answers:

Administrators and IT management personnel will do what’s required by senior management.

An organization is responsible for ensuring a third-party vendor can meet its obligations.

If the vendor can’t meet its obligations, it’s often a result of the organization not performing due diligence.

Correct answer:

The business impact analysis (BIA) identifies the maximum acceptable outage (MAO) time and the recovery time objective (RTO) is derived from the MAO.

Incorrect answers:

The BIA determines the MAO first and administrators use it to determine the RTO.

The recovery point objective (RPO) is related to databases instead of time, so it is not related to the MAO.

Correct answer:

The last step in a vulnerability assessment is to remediate the vulnerabilities discovered by the assessment. The assessment would include recommendations of fixes to eliminate or reduce the vulnerabilities, and management would approve or reject these fixes. While not mentioned as an answer, remediation validation is done after implementing the fixes to verify that they have eliminated or reduced the vulnerabilities as desired.

Incorrect answers:

The first step (not the last step) is to obtain permission from management.

A vulnerability assessment will identify vulnerabilities and recommend methods to reduce the vulnerabilities, but these steps occur before remediation in the assessment.

Correct answer:

Hashing is a common method used to verify that a copy of evidence is the same as the original evidence. If both the copy and the original have the same hashes, it proves that they are the same and the copy hasn’t lost integrity.

Incorrect answers:

Encryption scrambles the data, instead of authenticating it.

Bit-copy tools are used to copy the data, but the hashing proves the copy is a forensically sound copy.

Labeling is relevant for identifying the classification of data, but is not relevant in this context.

Correct answer:

With the forensic team on the way, it’s important to preserve the scene, which includes protecting the evidence. The actions identified in the other answers will destroy potential evidence.

Incorrect answers:

Powering down the system will erase data in volatile RAM.

Any system access (including disabling accounts or copying logs or files) modifies the original evidence.

Correct answer:

In a white box test (also known as a full knowledge test), testers have full access to the internal network and know the network infrastructure, including what systems it hosts.

Incorrect answers:

In a black box test, testers don’t have any knowledge of the internal network prior to starting the testing.

External consultants hired to test an organization’s security vulnerabilities often do black box testing.

In a gray box test, testers have at least some level of knowledge about the network. Zero knowledge testing isn’t an actual term, but it refers to black box testing where the testers have zero knowledge.

Correct answer:

Scareware is software that alerts the user that their system is infected with malware, but won’t remove the malware unless the user pays for the full version of the software.

Incorrect answers:

Ransomware restricts the user’s access to the system or user data unless the user pays a fee or ransom.

A trapdoor is code that is embedded in an application and provides access to the application, its code, and/or data.

A remote access Trojan (RAT) allows an attacker access to a system from a remote location.

Correct answer:

User Datagram Protocol (UDP) is a connectionless protocol and gives a best effort to send data.

Incorrect answers:

Transmission Control Protocol (TCP) uses a three-way handshake to establish a session.

File Transport Protocol (FTP) and Hypertext Transfer Protocol (HTTP) both use TCP.