Several invalid password attempts for multiple users is an example of an incident. All the other examples are events.

Containerization is a newer feature of most mobile device management (MDM) software that creates an encrypted “container” to hold and quarantine corporate data separately from that of the users. This allows for MDM policies to be applied only to that container and not the rest of the device.

The principle of least privilege should be implemented for all positions, not just high-level positions.

Due care means that an organization takes all the actions it can reasonably take to prevent security issues or to mitigate damage if security breaches occur.

You should provide mean time to repair (MTTR) and mean time between failures (MTBF) to provide management with metrics regarding availability.

Malicious individuals use RFID tools to steal proximity badge information from an unsuspecting employee who physically walks near the concealed device.

The formula given in the scenario is used to calculate the aggregate CIA score. To calculate ALE, you should multiply SLE × ARO. To calculate SLE, you should multiply AV × EF. Quantitative risk involves using SLE and ALE.

Malware sandboxing aims to detect malware code by running it in a computer-based system of some type to analyze it for behavior and traits that indicate of malware. One of its goals is to spot zero-day malware—that is, malware that has not yet been identified by commercial anti-malware systems and for which there is not yet a cure.

There is a trade-off when a decision must be made between the two architectures. A private solution provides the most control over the safety of your data but also requires staff and knowledge to deploy, manage, and secure the solution.

In this example of a buffer overflow, 16 characters are being sent to a buffer that is only 8 bytes. With proper input validation, this will cause an access violation.

When you are collecting and comparing metrics on a day-today basis, you are performing daily workloads.

In a blind test, the testing team is provided with limited knowledge of the network systems and devices and performs the test using publicly available information only. The organization’s security team knows that an attack is coming. This test requires more effort from the testing team.

A web application firewall (WAF) applies rule sets to an HTTP conversation. These sets cover common attack types to which these session types are susceptible.

Simple Certificate Enrollment Protocol (SCEP) is used to provision certificates to network devices, including mobile devices.

Usability means making a security solution or device easier to use and matching the solution or device more closely to organizational needs and requirements.

Port scanners can be used to scan a network for open ports. Open ports indicate services that may be running and listening on a device that may be susceptible to being used for an attack. These tools basically ping every address and port number combination and keep track of which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.

First, you should develop the policy for NAC. A policy should be written first, and then the process, and then the procedures.

Teredo assigns addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 network address translators.

Secure by default means that without changes, the application is secure. For example, some server products have certain capabilities (such as FTP), but the service has to be enabled. This ensures that the port is not open if it is not being used.

ALE = SLE × ARO = $1,200 × 5% = $60 SLE = AV × EF = $12,000 × 10% = $1,200

Protocol analyzers, or sniffers, collect raw packets from the network and are used by both legitimate security professionals and attackers. Using such a tool, you could tell if the traffic of interest is encrypted.

OllyDbg is a reverse engineering tool. Specifically, it is a 32- bit, assembler-level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where the source is unavailable.

Downstream liability refers to liability that an organization accrues due to partnerships with other organizations and customers.

The product release information (PRI) is the connection between a mobile device and a radio. From time to time, this may need to be updated, and such updates may add features or increase data speed.

Attestation services allow an authorized party to detect changes to an operating system. Attestation services involve generating a certificate for the hardware that states what software is currently running. The computer can use this certificate to attest that unaltered software is currently executing.

Cross-Site Request Forgery (CSRF) is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website’s trust of the browser rather than the other way around. The website thinks that the request came from the user’s browser and is made by the user when actually the request was planted in the user’s browser.

Extensible Authentication Protocol (EAP) is not a single protocol but a framework for port-based access control that uses the same three components as RADIUS.

A request for proposal (RFP) requires that a vendor reply with a formal bid proposal.

Pharming is similar to phishing, but pharming actually pollutes the contents of a computer’s DNS cache so that requests to a legitimate site are routed to an alternate site.

Virtual network computing (VNC) technology is a graphical desktop sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer. There is a mobile version of VNC that can be installed for this purpose.

In over-the-shoulder code review, coworkers review the code while the author explains his reasoning.

Security Content Automation Protocol (SCAP) is a standard that the security automation community uses to enumerate software flaws and configuration issues. It standardized the nomenclature and formats used. A vendor of security automation products can obtain a validation against SCAP, demonstrating that it will interoperate with other scanners and express the scan results in a standardized way.

In a double blind test, the testing team is provided with limited knowledge of the network systems and devices using publicly available information. The organization’s security team does not know that an attack is coming.

The inherent limitation of ACLs is their inability to detect whether IP spoofing is occurring. IP address spoofing is a technique hackers use to hide their trail or to masquerade as other computers. A hacker alters the IP address as it appears in a packet to attempt to allow the packet to get through an ACL that is based on IP addresses.

You are leading the continuous monitoring program, which will periodically assess its information security awareness. A security training program designs and delivers security training at all levels of the organization. A risk mitigation program attempts to identify risks and select and deploy mitigating controls. A threat identification identifies all threats to an organization as part of risk management.

Autorun should be disabled.

Runtime debugging is the process of using a programming tool to not only identify syntactic problems in code but also discover weaknesses that can lead to memory leaks and buffer overflows. Runtime debugging tools operate by examining and monitoring the use of memory.

Confidentiality and integrity have been violated. Changing the data violates integrity, and accessing patented design plans violates confidentiality. Availability has not been violated in this scenario.

When HTTPS is used, port 80 is not used. Rather, HTTPS uses port 443.

Input validation is the process of checking all input for things such as proper format and proper length.

An MDM configuration profile is used to control the use of a device and, when applied to a device, make changes to settings such as the passcode settings, Wi-Fi passwords, VPN configurations, and more.

A microSD HSM is an HSM that connects to the microSD port on a device that has such a port. The card is specifically suited for mobile apps written for Android and is supported by most Android phones and tablets with a microSD card slot.

SLE indicates the monetary impact of each threat occurrence. ARO is the estimate of how often a given threat might occur annually. ALE is the expected risk factor of an annual threat event. EF is the percent value or functionality of an asset that will be lost when a threat event occurs.

A publicly traded corporation is most likely to be affected by the Sarbanes-Oxley (SOX) Act.

Management interfaces are used for accessing a device remotely. Typically, a management interface is disconnected from the in-band network and is connected to the device’s internal network. Through a management interface, you can access the device over the network by using utilities such as SSH and Telnet. SNMP can use the management interface to gather statistics from the device.

Common Platform Enumerations (CPE) are methods for describing and classifying operating systems applications and hardware devices.

Bluesnarfing involves unauthorized access to a device using a Bluetooth connection. In this case, the attacker is trying to access information on the device.

The following are all components of hardening an OS: Unnecessary applications should be removed. Unnecessary services should be disabled. Unrequired ports should be blocked. The connecting of external storage devices and media should be tightly controlled, if allowed at all.

An SLA lists all the guaranteed performance levels of a new connection.

You should perform a cost/benefit analysis for the new security control before deploying the control.

All changes should be formally requested. The following are some change management guidelines: Each request should be analyzed to ensure that it supports all goals and policies. Prior to formal approval, all costs and effects of the methods of implementation should be reviewed. After changes are approved, the change steps should be developed. During implementation, incremental testing should occur, and it should rely on a predetermined fallback strategy, if necessary. Complete documentation should be produced and submitted with a formal report to management.

A configuration item (CI) is a uniquely identifiable subset of the system that represents the smallest portion to be subject to an independent configuration control procedure. When an operation is broken into individual CIs, the process is called configuration identification.

Secure Shell (SSH) is an application and protocol that is used to remotely log in to another computer using a secure tunnel. After a session key is exchanged and the secure channel is established, all communication between the two computers is encrypted over the secure channel.

The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block again with the first key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key.

You should recommend customer relationship management (CRM), which involves identifying customers and storing all customer-related data, particularly contact information and data on any direct contact with customers.

A CRL contains a list of all the certificates that have been revoked. A CA is the entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary. An RA verifies the requestor’s identity, registers the requestor, and passes the request to the CA. The OCSP is an Internet protocol that obtains the revocation status of an X.509 digital certificate.

For Linux, passwords are stored in the /etc/passwd or /etc/shadow file. Because the /etc/passwd file is a text file that can be easily accessed, you should ensure that any Linux servers use the /etc/shadow file, where the passwords in the file can be protected using a hash.

A symmetric algorithm uses a private, or secret, key that must remain secret between the two parties. A running key cipher uses a physical component, usually a book, to provide the polyalphabetic characters. A concealment cipher occurs when plaintext is interspersed somewhere within other written material. An asymmetric algorithm uses both a public key and a private, or secret, key.

Data isolation ensures that tenant data in a multitenant solution is isolated from other tenants’ data via tenant IDs in the data labels.

Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions (SIMPLE) is designed to secure presence traffic.

securiCAD focuses on threat modeling of IT infrastructures using a CAD-based approach where assets are automatically or manually placed on a drawing pane.

The IETF is responsible for creating requests for comments (RFCs) that describe research and innovations on the Internet and its systems. Most RFCs are submitted for peer review, and, once approved, are published as Internet standards.

Unified communication combines voice, video, email, instant messaging, personal assistant, and other communication features.

ECC is not a hash function. It is an asymmetric algorithm. All the other options are hash functions.

A data custodian should be responsible for implementing the controls.