CISSP 2021 SYBEX TEST PREP 475 QUESTIONS AND ANSWERS

NIST SP800-53 discusses a set of security controls as what type of security tool? A. A configuration list B. A threat management strategy C. A baseline D. The CIS standard Correct answer- C Ed has been tasked with identifying a service that will provide a low-latency, highperformance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer's customers around the world can access their content quickly, easily, and reliably? A. A hot site B. A CDN C. Redundant servers D. A P2P CDN Correct answer- B Which one of the following is not a function of a forensic disk controller? A. Preventing the modification of data on a storage device B. Returning data requested from the device C. Reporting errors sent by the device to the forensic host D. Blocking read commands sent to the device Correct answer- D Mike is building a fault-tolerant server and wishes to implement RAID 1. How many physical disks are required to build this solution? A. 1 B. 2 C. 3 D. 5 Correct answer- B Which Kerberos service generates a new ticket and session keys and sends them to the client? A. KDC B. TGT C. AS D. TGS Correct answer- D Communication systems that rely on start and stop flags or bits to manage data transmission are known as what type of communication? A. Analog B. Digital C. Synchronous D. Asynchronous Correct answer- D What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders? A. Infrared B. Heat-based C. Wave pattern D. Capacitance Correct answer- C Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using? A. A static packet filtering firewall B. An application-level gateway firewall C. A stateful packet inspection firewall D. A circuit-level gateway firewall Correct answer- C Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes? A. WPA2 PSK B. A captive portal C. Require customers to use a publicly posted password like "BensCoffee." D. Port security Correct answer- B Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices? A. Run WPA2 on the same SSID. B. Set up a separate SSID using WPA2. C. Run the open network in Enterprise mode. D. Set up a separate wireless network using WEP. Correct answer- B Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers' web traffic, including using their usernames and passwords. How is this possible? A. The password is shared by all users, making traffic vulnerable. B. A malicious user has installed a Trojan on the router. C. A user has ARP spoofed the router, making all traffic broadcast to all users. D. Open networks are unencrypted, making traffic easily sniffable. Correct answer- D Which one of the following is not a mode of operation for the Data Encryption Standard? A. CBC B. CFB C. OFB D. AES Correct answer- D Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using? A. Thresholding B. Sampling C. Account lockout D. Clipping Correct answer- D Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization and needs to avoid using proprietary technology. What technology should she select? A. OAuth B. RADIUS C. XTACACS D. TACACS+ Correct answer- B An accounting clerk for Christopher's Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual's salary. What type of attack occurred? A. Aggregation B. Data diddling C. Inference D. Social engineering Correct answer- C Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the TakeGrant protection model would allow her to complete this operation if the relationship exists between Alice and Bob? A. Take rule B. Grant rule C. Create rule D. Remote rule Correct answer- A During a log review, Danielle discovers a series of logs that show login failures: Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaae What type of attack has Danielle discovered? A. A pass-the-hash attack B. A brute-force attack C. A man-in-the-middle attack D. A dictionary attack Correct answer- B What property of a relational database ensures that two executing transactions do not affect each other by storing interim results in the database? A. Atomicity B. Isolation C. Consistency D. Durability Correct answer- B Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with? A. Virus B. Worm C. Trojan horse D. Logic bomb Correct answer- B Which of the following is an industry standard for data security? A. FERPA B. HIPAA C. SOX D. PCI DSS Correct answer- D Which of the following sequences properly describes the TCP three-way handshake? A. SYN, ACK, SYN/ACK B. PSH, RST, ACK C. SYN, SYN/ACK, ACK D. SYN, RST, FIN Correct answer- C Which one of the following technologies is NOT normally a capability of mobile device management (MDM) solutions? A. Remotely wiping the contents of a mobile device B. Assuming control of a nonregistered BYOD mobile device C. Enforcing the use of device encryption D. Managing device backups Correct answer- B Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place? A. Identity as a service B. Employee ID as a service C. Intrusion detection as a service D. OAuth Correct answer- A Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation? A. Advance and protect the profession. B. Act honorably, honestly, justly, responsibly, and legally. C. Protect society, the common good, necessary public trust and confidence, and the infrastructure. D. Provide diligent and competent service to principals Correct answer- A Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified? A. ALE B. ARO C. SLE D. EF Correct answer- A Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation? A. Blacklisting B. Graylisting C. Whitelisting D. Bluelisting Correct answer- C Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place? A. Denial of service B. Reconaissance C. Compromise D. Malicious insider Correct answer- A In the database table shown here, which column would be the best candidate for a primary key? 1 2 3 234 Main Street 1024 Sample Street 913 Sorin Street MD FL IN 46556 (301) 555-1212 (305) 555-1995 (574) Columbia Miami South Bend Acme Widgets Abrams Consulting Dome Widgets Company ID Company Name Address City State ZIP Code Telephone Sales Rep A. Company ID B. Company Name C. ZIP Code D. Sales Rep Correct answer- A Information about an individual like their name, Social Security number, date and place of birth, or their mother's maiden name is an example of what type of protected information? A. PHI B. Proprietary data C. PII D. EDI Correct answer- C Bob is configuring egress filtering on his network, examining traffic destined for the Internet. His organization uses the public address range 12.8.195.0/24. Packets with which one of the following destination addresses should Bob permit to leave the network? A. 12.8.195.15 B. 10.8.15.9 C. 192.168.109.55 D. 129.53.44.124 Correct answer- D How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys? A. 12 B. 16 C. 32 D. 64 Correct answer- D What problem drives the recommendation to physically destroy SSD drives to prevent data leaks when they are retired? A. Degaussing only partially wipes the data on SSDs. B. SSDs don't have data remanence. C. SSDs are unable to perform a zero fill. D. The built-in erase commands are not completely effective on some SSDs. Correct answer- D GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy? A. Encrypting the files B. Deleting the files C. Purchasing cyber-liability insurance D. Taking no action Correct answer- A How should samples be generated when assessing account management practices? A. They should be generated by administrators. B. The last 180 days of accounts should be validated. C. Sampling should be conducted randomly. D. Sampling is not effective, and all accounts should be audited. Correct answer- C The EU-U.S. Privacy Shield Framework relies on seven principles. Which of the following correctly lists all seven? A. Awareness, selection, control, security, data integrity, access, recourse and enforcement B. Notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse and enforcement C. Privacy, security, control, notification, data integrity and purpose, access, enforcement D. Submission, editing, updates, confidential, integrity, security, access Correct answer- B Alex works for the United States (U.S.) federal government and is required to ensure that the devices and components he acquires are not compromised. What program will he participate in to help ensure this? A. TEMPEST B. Trusted foundry C. GovBuy D. MITRE Correct answer- B When an attacker calls an organization's help desk and persuades them to reset a password for them due to the help desk employee's trust and willingness to help, what type of attack succeeded? A. A human Trojan B. Social engineering C. Phishing D. Whaling Correct answer- B When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this? A. Knowledge-based authentication B. Dynamic knowledge-based authentication C. Out-of-band identity proofing D. Risk-based identity proofing Correct answer- C If availability of authentication services is the organization's biggest priority, what type of identity platform should Ben recommend? A. Onsite B. Cloud based C. Hybrid D. Outsourced Correct answer- C If Ben needs to share identity information with the business partner shown, what should he investigate? A. Single sign-on B. Multifactor authentication C. Federation D. IDaaS Correct answer- C What technology is likely to be involved when Ben's organization needs to provide authentication and authorization assertions to their cloud e-commerce application? A. Active Directory B. SAML C. RADIUS D. SPML Correct answer- B Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables? A. Password expiration policies B. Salting C. User education D. Password complexity policies Correct answer- B Which one of the following is a single system designed to attract attackers because it seemingly contains sensitive information or other attractive resources? A. Honeynet B. Darknet C. Honeypot D. Pseudoflaw Correct answer- C When evaluating biometric devices, what is another term used to describe the equal error rate? A. FAR B. FRR C. CER D. ERR Correct answer- C Sean suspects that an individual in his company is smuggling out secret information despite his company's careful use of data loss prevention systems. He discovers that the suspect is posting photos, including the one shown here, to public Internet message boards. What type of technique may the individuals be using to hide messages inside this image? A. Watermarking B. VPN C. Steganography D. Covert timing channel Correct answer- C Roger is concerned that a third-party firm hired to develop code for an internal application will embed a backdoor in the code. The developer retains rights to the intellectual property and will only deliver the software in its final form. Which one of the following languages would be least susceptible to this type of attack because it would provide Roger with code that is human-readable in its final form? A. JavaScript B. C C. C++ D. Java Correct answer- A Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file? A. Plaintext passwords B. Encrypted passwords C. Hashed passwords D. x Correct answer- D SYN floods rely on implementations of what protocol to cause denial of service conditions? A. IGMP B. UDP C. TCP D. ICMP Correct answer- C What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner? A. Least privilege B. Separation of duties C. Due care D. Due diligence Correct answer- D Cable modems, ISDN, and DSL are all examples of what type of technology? A. Baseband B. Broadband C. Digital D. Broadcast Correct answer- B What penetration testing technique can best help assess training and awareness issues? A. Port scanning B. Discovery C. Social engineering D. Vulnerability scanning Correct answer- C Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data? A. 0 B. 1 C. 2 D. 3 Correct answer- B Data is sent as bits at what layer of the OSI model? A. Transport B. Network C. Data Link D. Physical Correct answer- D Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario? A. Maintaining the hypervisor B. Managing operating system security settings C. Maintaining the host firewall D. Configuring server access control Correct answer- A When Ben records data and then replays it against his test website to verify how it performs based on a real production workload, what type of performance monitoring is he undertaking? A. Passive B. Proactive C. Reactive D. Replay Correct answer- B What technology ensures that an operating system allocates separate memory spaces used by each application on a system? A. Abstraction B. Layering C. Data hiding D. Process isolation Correct answer- D Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this? A. Smart card B. Proximity card C. Magnetic stripe D. Phase-two card Correct answer- B Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose? A. Full interruption test B. Checklist review C. Parallel test D. Tabletop exercise Correct answer- C Which one of the following is not a principle of the Agile approach to software development? A. The best architecture, requirements, and designs emerge from self-organizing teams. B. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines. C. Welcome changing requirements, even late in the development process. D. Simplicity is essential. Correct answer- B During a security audit, Susan discovers that the organization is using hand geometry scanners as the access control mechanism for their secure data center. What recommendation should Susan make about the use of hand geometry scanners? A. They have a high FRR and should be replaced. B. A second factor should be added because they are not a good way to reliably distinguish individuals. C. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas. D. They may create accessibility concerns, and an alternate biometric system should be considered. Correct answer- B Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm? A. MTD B. ALE C. RPO D. RTO Correct answer- A An attack that changes a symlink on a Linux system between the time that an account's rights to the file are verified and the file is accessed is an example of what type of attack? A. Unlinking B. Tick/tock C. setuid D. TOCTOU Correct answer- D An authentication factor that is "something you have," and that typically includes a microprocessor and one or more certificates, is what type of authenticator? A. A smart card B. A token C. A Type I validator D. A Type III authenticator Correct answer- A What term best describes an attack that relies on stolen or falsified authentication credentials to bypass an authentication mechanism? A. Spoofing B. Replay C. Masquerading D. Modification Correct answer- C Lisa wants to integrate with a cloud identity provider that uses OAuth 2.0, and she wants to select an appropriate authentication framework. Which of the following best suits her needs? A. OpenID Connect B. SAML C. RADIUS D. Kerberos Correct answer- A Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What principle is Owen enforcing? A. Two-person control B. Least privilege C. Separation of duties D. Job rotation Correct answer- C Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense? A. Real evidence rule B. Best evidence rule C. Parol evidence rule D. Testimonial evidence rule Correct answer- C While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border? A. NAT B. VLANs C. S/NAT D. BGP Correct answer- A Which of the following statements about SSAE-18 is not true? A. It mandates a specific control set. B. It is an attestation standard. C. It is used for external audits. D. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports. Correct answer- A What does a constrained user interface do? A. It prevents unauthorized users from logging in. B. It limits the data visible in an interface based on the content. C. It limits the access a user is provided based on what activity they are performing. D. It limits what users can do or see based on privileges. Correct answer- D Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating? A. MTD B. RTO C. RPO D. SLA Correct answer- B What business process typically requires sign-off from a manager before modifications are made to a system? A. SDN B. Release management C. Change management D. Versioning Correct answer- C What type of fire extinguisher is useful against liquid-based fires? A. Class A B. Class B C. Class C D. Class D Correct answer- B The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of controls best describes this? A. Detective B. Physical C. Preventive D. Directive Correct answer- D Which one of the following principles is not included in the seven EU-U.S. Privacy Shield provisions? A. Access B. Security C. Recourse D. Nonrepudiation Correct answer- D What group is eligible to receive safe harbor protection under the terms of the Digital Millennium Copyright Act (DMCA)? A. Music producers B. Book publishers C. Internet service providers D. Banks Correct answer- C Alex is the system owner for the HR system at a major university. According to NIST SP 800-18, what action should he take when a significant change occurs in the system? A. He should develop a data confidentiality plan. B. He should update the system security plan. C. He should classify the data the system contains. D. He should select custodians to handle day-to-day operational tasks. Correct answer- B If Alex hires a new employee and the employee's account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred? A. Discretionary account provisioning B. Workflow-based account provisioning C. Automated account provisioning D. Self-service account provisioning Correct answer- C When Alex changes roles, what should occur? A. He should be de-provisioned and a new account should be created. B. He should have his new rights added to his existing account. C. He should be provisioned for only the rights that match his role. D. He should have his rights set to match those of the person he is replacing. Correct answer- C Robert is reviewing a system that has been assigned the EAL2 evaluation assurance level under the Common Criteria. What is the highest level of assurance that he may have about the system? A. It has been functionally tested. B. It has been structurally tested. C. It has been formally verified, designed, and tested. D. It has been semiformally designed and tested. Correct answer- B Adam is processing an access request for an end user. What two items should he verify before granting the access? A. Separation and need to know B. Clearance and endorsement C. Clearance and need to know D. Second factor and clearance Correct answer- C During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion? A. Identification B. Preservation C. Collection D. Production Correct answer- B Nessus, OpenVAS, and SAINT are all examples of what type of tool? A. Port scanners B. Patch management suites C. Port mappers D. Vulnerability scanners Correct answer- D Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request? A. Harry B. Sally C. File server D. Document Correct answer- D What is the process that occurs when the Session layer removes the header from data sent by the Transport layer? A. Encapsulation B. Packet unwrapping C. De-encapsulation D. Payloading Correct answer- C Which of the following tools is best suited to testing known exploits against a system? A. Nikto B. Ettercap C. Metasploit D. THC Hydra Correct answer- C What markup language uses the concepts of a Requesting Authority, a Provisioning Service Point, and a Provisioning Service Target to handle its core functionality? A. SAML B. SAMPL C. SPML D. XACML Correct answer- C What type of risk assessment uses tools such as the one shown with 4 boxes of risk using probability and level of impact as variables? A. Quantitative B. Loss expectancy C. Financial D. Qualitative Correct answer- D MAC models use three types of environments. Which of the following is not a mandatory access control design? A. Hierarchical B. Bracketed C. Compartmentalized D. Hybrid Correct answer- B What level of RAID is also called disk striping with parity? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10 Correct answer- C Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users? A. Cat 5 and Cat 6 B. Cat 5e and Cat 6 C. Cat 4e and Cat 5e D. Cat 6 and Cat 7 Correct answer- B Which one of the following is typically considered a business continuity task? A. Business impact assessment B. Alternate facility selection C. Activation of cold sites D. Restoration of data from backup Correct answer- A Robert is the network administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, he checked his intrusion detection system, which reported that a smurf attack was under way. What firewall configuration change can Robert make to most effectively prevent this attack? A. Block the source IP address of the attack. B. Block inbound UDP traffic. C. Block the destination IP address of the attack. D. Block inbound ICMP traffic Correct answer- D Which one of the following types of firewalls does not have the ability to track connection status between different packets? A. Stateful inspection B. Application proxy C. Packet filter D. Next generation Correct answer- C Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest? A. TKIP B. AES C. 3DES D. RSA Correct answer- A What type of fuzzing is known as intelligent fuzzing? A. Zzuf B. Mutation C. Generational D. Code based Correct answer- C Matthew is experiencing issues with the quality of network service on his organization's network. The primary symptom is that packets are occasionally taking too long to travel from their source to their destination. The length of this delay changes for individual packets. What term describes the issue Matthew is facing? A. Latency B. Jitter C. Packet loss D. Interference Correct answer- B Which of the following multifactor authentication technologies provides both low management overhead and flexibility? A. Biometrics B. Software tokens C. Synchronous hardware tokens D. Asynchronous hardware tokens Correct answer- B What type of testing would validate support for all the web browsers that are supported by a web application? A. Regression testing B. Interface testing C. Fuzzing D. White box testing Correct answer- B Kathleen is implementing an access control system for her organization and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files What type of access control system has Kathleen implemented? A. Role-based access control B. Task-based access control C. Rule-based access control D. Discretionary access control Correct answer- A Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? A. Likelihood B. RTO C. RPO D. Impact Correct answer- D Alan's Wrenches recently developed a new manufacturing process for its product. They plan to use this technology internally and not share it with others. They would like it to remain protected for as long as possible. What type of intellectual property protection is best suited for this situation? A. Patent B. Copyright C. Trademark D. Trade secret Correct answer- D . Ben wants to interface with the National Vulnerability Database using a standardized protocol. What option should he use to ensure that the tools he builds work with the data contained in the NVD? A. XACML B. SCML C. VSML D. SCAP Correct answer- D Which of the following is not one of the three components of the DevOps model? A. Software development B. Change management C. Quality assurance D. Operations Correct answer- B Harry's request to read the data file is blocked. Harry has a Secret security clearance, and the data file has a Top Secret classification. What principle of the Bell-LaPadula model blocked this request? A. Simple Security Property B. Simple Integrity Property C. *-Security Property D. Discretionary Security Property Correct answer- A Norm is starting a new software project with a vendor that uses an SDLC approach to development. When he arrives on the job, he receives a document that has the sections shown here. What type of planning document is this? Executive Summary section with a high-level schedule of key activities and milestones Detailed project tasks for the applicable SDLC phases Special interest areas tracked outside the SDLC phase areas as required A. Functional requirements B. Work breakdown structure C. Test analysis report D. Project plan Correct answer- B Kolin is searching for a network security solution that will allow him to help reduce zeroday attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement? A. A firewall B. A NAC system C. An intrusion detection system D. Port security Correct answer- B Gwen comes across an application that is running under a service account on a web server. The service account has full administrative rights to the server. What principle of information security does this violate? A. Need to know B. Separation of duties C. Least privilege D. Job rotation Correct answer- C Which of the following is not a type of structural coverage in a code review process? A. Statement B. Trace C. Loop D. Data flow Correct answer- B Which of the following tools is best suited to the information gathering phase of a penetration test? A. Whois B. zzuf C. Nessus D. Metasploit Correct answer- A Ursula believes that many individuals in her organization are storing sensitive information on their laptops in a manner that is unsafe and potentially violates the organization's security policy. What control can she use to identify the presence of these files? A. Network DLP B. Network IPS C. Endpoint DLP D. Endpoint IPS Correct answer- C In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer's exclusive use? A. Public cloud B. Private cloud C. Hybrid cloud D. Shared cloud Correct answer- B Which one of the following technologies is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture? A. Load balancing B. Dual-power supplies C. IPS D. RAID Correct answer- A Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve? A. Confidentiality B. Nonrepudiation C. Authentication D. Integrity Correct answer- D Monica is developing a software application that calculates an individual's body mass index for use in medical planning. She would like to include a control on the field where the physician enters an individual's weight to ensure that the weight falls within an expected range. What type of control should Monica use? A. Fail open B. Fail secure C. Limit check D. Buffer bounds Correct answer- C James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining? A. SLA B. RTO C. MTD D. RPO Correct answer- D Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device is Fred's best choice? A. A switch B. A bridge C. A gateway D. A router Correct answer- D Alex is preparing to solicit bids for a penetration test of his company's network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process? A. Black box B. Crystal box C. Gray box D. Zero box Correct answer- B Application banner information is typically recorded during what penetration testing phase? A. Planning B. Attack C. Reporting D. Discovery Correct answer- D What is the default subnet mask for a Class B network? A. 255.0.0.0 B. 255.255.0.0 C. 255.254.0.0 D. 255.255.255.0 Correct answer- B Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device? A. Record the MAC address of each system. B. Require users to fill out a form to register each system. C. Scan each system using a port scanner. D. Use device fingerprinting via a web-based registration system. Correct answer- D David works in an organization that uses a formal data governance program. He is consulting with an employee working on a project that created an entirely new class of data and wants to work with the appropriate individual to assign a classification level to that information. Who is responsible for the assignment of information to a classification level? A. Data creator B. Data owner C. CISO D. Data custodian Correct answer- B What type of inbound packet is characteristic of a ping flood attack? A. ICMP echo request B. ICMP echo reply C. ICMP destination unreachable D. ICMP route changed Correct answer- A Gabe is concerned about the security of passwords used as a cornerstone of his organization's information security program. Which one of the following controls would provide the greatest improvement in Gabe's ability to authenticate users? A. More complex passwords B. User education against social engineering C. Multifactor authentication D. Addition of security questions based on personal knowledge Correct answer- C The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept? A. MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols B. FCoE, a converged protocol that allows common applications over Ethernet C. SDN, a converged protocol that allows network virtualization D. CDN, a converged protocol that makes common network designs accessible Correct answer- C Susan is preparing to decommission her organization's archival DVD-ROMs that contain Top Secret data. How should she ensure that the data cannot be exposed? A. Degauss B. Zero wipe C. Pulverize D. Secure erase Correct answer- C What is the final stage of the Software Capability Maturity Model (SW-CMM)? A. Repeatable B. Defined C. Managed D. Optimizing Correct answer- D Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet? A. Packets with a source address from Angie's public IP address block B. Packets with a destination address from Angie's public IP address block C. Packets with a source address outside Angie's address block D. Packets with a source address from Angie's private address block Correct answer- A Matt is conducting a penetration test against a Linux server and successfully gained access to an administrative account. He would now like to obtain the password hashes for use in a brute-force attack. Where is he likely to find the hashes, assuming the system is configured to modern security standards? A. /etc/passwd B. /etc/hash C. /etc/secure D. /etc/shadow Correct answer- D Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing? A. Separation of duties B. Two-person control C. Least privilege D. Job rotation Correct answer- A Which one of the following tools may be used to achieve the goal of nonrepudiation? A. Digital signature B. Symmetric encryption C. Firewall D. IDS Correct answer- A In this diagram of the TCP three-way handshake, what should system A send to system B in step 3? A. ACK B. SYN C. FIN D. RST Correct answer- A What RADIUS alternative is commonly used for Cisco network gear and supports twofactor authentication? A. RADIUS+ B. TACACS+ C. XTACACS D. Kerberos Correct answer- B What two types of attacks are VoIP call managers and VoIP phones most likely to be susceptible to? A. DoS and malware B. Worms and Trojans C. DoS and host OS attacks D. Host OS attacks and buffer overflows Correct answer- C Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point-of-sale terminals to those packages on a preapproved list. What approach should Vivian use? A. Antivirus B. Heuristic C. Whitelist D. Blacklist Correct answer- C Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech's facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200- year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the exposure factor for the effect of a flood on DataTech's data center? A. 2% B. 20% C. 100% D. 200% Correct answer- B Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech's facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200- year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the annualized rate of occurrence for a flood at DataTech's data center? A. 0.002 B. 0.005 C. 0.02 D. 0.05 Correct answer- B Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech's facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200- year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the annualized loss expectancy for a flood at DataTech's data center? A. $40,000 B. $100,000 C. $400,000 D. $1,000,000 Correct answer- B Which accounts are typically assessed during an account management assessment? A. A random sample B. Highly privileged accounts C. Recently generated accounts D. Accounts that have existed for long periods of time Correct answer- B Cloud computing uses a shared responsibility model for security, where the vendor and customer each bear some responsibility for security. The division of responsibility depends upon the type of service used. Place the cloud service offerings listed here in order from the case where the customer bears the least responsibility to where the customer bears the most responsibility. (Order these from LEAST to GREATEST Responsibility for the Customer) A. IaaS B. SaaS C. PaaS D. TaaS Correct answer- B, C, A What type of error occurs when a valid subject using a biometric authenticator is not authenticated? A. A Type 1 error B. A Type 2 error C. A Type 3 error D. A Type 4 error Correct answer- A Jackie is creating a database that contains the Customers table, shown here. She is designing a new table to contain Orders and plans to use the Company ID in that table to uniquely identify the customer associated with each order. What role does the Company ID field play in the Orders table? 1 2 3 234 Main Street 1024 Sample Street 913 Sorin Street MD FL IN 46556 (301) 555-1212 (305) 555-1995 (574) Columbia Miami South Bend Acme Widgets Abrams Consulting Dome Widgets Company ID Company Name Address City State ZIP Code Telephone Sales Rep A. Primary key B. Foreign key C. Candidate key D. Referential key Correct answer- B What three types of interfaces are typically tested during software testing? A. Network, physical, and application interfaces B. APIs, UIs, and physical interfaces C. Network interfaces, APIs, and UIs D. Application, programmatic, and user interfaces Correct answer- B George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George's company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George's testimony? A. Testimonial evidence rule B. Parol evidence rule C. Best evidence rule D. Hearsay rule Correct answer- D Which of the following is not a valid use for key risk indicators? A. Provide warnings before issues occur. B. Provide real-time incident response information. C. Provide historical views of past risks. D. Provide insight into risk tolerance for the organization. Correct answer- B Which one of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread? A. Trojan horse B. Worm C. Logic bomb D. Virus Correct answer- B Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? A. IaaS B. PaaS C. CaaS D. SaaS Correct answer- A In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud Correct answer- C Which one of the following is not a principle of the Agile approach to software development? A. The most efficient method of conveying information is electronic. B. Working software is the primary measure of progress. C. Simplicity is essential. D. Businesspeople and developers must work together daily Correct answer- A Harry is concerned that accountants within his organization will use data diddling attacks to cover up fraudulent activity in accounts that they normally access. Which one of the following controls would best defend against this type of attack? A. Encryption B. Access controls C. Integrity verification D. Firewalls Correct answer- C What class of fire extinguisher is capable of fighting electrical fires? A. Class A B. Class B C. Class C D. Class D Correct answer- C What important factor differentiates Frame Relay from X.25? A. Frame Relay supports multiple PVCs over a single WAN carrier connection. B. Frame Relay is a cell switching technology instead of a packet switching technology like X.25. C. Frame Relay does not provide a Committed Information Rate (CIR). D. Frame Relay only requires a DTE on the provider side. Correct answer- A Report Content Internal controls for financial reporting Users and auditors Auditors, regulators, management, partners, and others under NDA Publicly available, often used for a website seal Confidentiality, integrity, availability, security, and privacy controls Confidentiality, integrity, availability, security, and privacy controls SOC 1 SOC 2 SOC 3 Audience As they prepare to migrate their data center to an infrastructure as a service (IaaS) provider, Susan's company wants to understand the effectiveness of their new provider's security, integrity, and availability controls. What SOC report would provide them with the most detail, including input from the auditor on the effectiveness of controls at the IaaS provider? A. SOC 1. B. SOC 2. C. SOC 3. D. None of the SOC reports are suited to this, and they should request another form of report Correct answer- B Susan wants to ensure that the audit report that her organization requested includes input from an external auditor. What type of report should she request? A. SOC 2, Type 1 B. SOC 3, Type 1 C. SOC 2, Type 2 D. SOC 3, Type 2 Correct answer- C When Susan requests a SOC 2 report, she receives a SAS 70 report. What issue should Susan raise? A. SAS 70 does not include Type 2 reports, so control evaluation is only point in time. B. SAS 70 has been replaced. C. SAS 70 is a financial reporting standard and does not cover data centers. D. SAS 70 only uses a 3-month period for testing Correct answer- B What two logical network topologies can be physically implemented as a star topology? A. A bus and a mesh. B. A ring and a mesh. C. A bus and a ring. D. It is not possible to implement other topologies as a star. Correct answer- C Bell-LaPadula is an example of what type of access control model? A. DAC B. RBAC C. MAC D. ABAC Correct answer- C Martha is the information security officer for a small college and is responsible for safeguarding the privacy of student records. What law most directly applies to her situation? A. HIPAA B. HITECH C. COPPA D. FERPA Correct answer- D What US law mandates the protection of protected health information? A. FERPA B. SAFE Act C. GLBA D. HIPAA Correct answer- D Which one of the following techniques can an attacker use to exploit a TOC/TOU vulnerability? A. File locking B. Exception handling C. Algorithmic complexity D. Concurrency control Correct answer- C Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages? A. The facility code B. The log priority C. The security level D. The severity level Correct answer- D What RAID level is also known as disk mirroring? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5 Correct answer- B What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service? A. A static packet filtering firewall B. An application-level gateway firewall C. A circuit-level gateway firewall D. A stateful inspection firewall Correct answer- B Surveys, interviews, and audits are all examples of ways to measure what important part of an organization's security posture? A. Code quality B. Service vulnerabilities C. Awareness D. Attack surface Correct answer- C Tom is the general counsel for an Internet service provider, and he recently received notice of a lawsuit against the firm because of copyrighted content illegally transmitted over the provider's circuits by a customer. What law protects Tom's company in this case? A. Computer Fraud and Abuse Act B. Digital Millennium Copyright Act C. Wiretap Act D. Copyright Code Correct answer- B A Type 2 authentication factor that generates dynamic passwords based on a time- or algorithm-based system is what type of authenticator? A. A PIV B. A smart card C. A token D. A CAC Correct answer- C Fred's new employer has hired him for a position with access to their trade secrets and confidential internal data. What legal tool should they use to help protect their data if he chooses to leave to work at a competitor? A. A stop-loss order B. An NDA C. An AUP D. Encryption Correct answer- B Which one of the following computing models allows the execution of multiple processes on a single processor by having the operating system switch between them without requiring modification to the applications? A. Multitasking B. Multiprocessing C. Multiprogramming D. Multithreading Correct answer- A How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key? A. 16 B. 128 C. 256 D. 512 Correct answer- C What activity is being performed when you apply security controls based on the specific needs of the IT system that they will be applied to? A. Standardizing B. Baselining C. Scoping D. Tailoring Correct answer- C During what phase of the electronic discovery process does an organization perform a rough cut of the information gathered to discard irrelevant information? A. Preservation B. Identification C. Collection D. Processing Correct answer- D Ben's job is to ensure that data is labeled with the appropriate sensitivity label. Since Ben works for the US government, he has to apply the labels Unclassified, Confidential, Secret, and Top Secret to systems and media. If Ben is asked to label a system that handles Secret, Confidential, and Unclassified information, how should he label it? A. Mixed classification B. Confidential C. Top Secret D. Secret Correct answer- D Susan has discovered that the smart card-based locks used to keep the facility she works at secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? A. Physical B. Administrative C. Compensation D. Recovery Correct answer- C Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective? A. Longer passwords and salting B. Over-the-wire encryption and use of SHA1 instead of MD5 C. Salting and use of MD5 D. Using shadow passwords and salting Correct answer- A Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party? A. Internal auditors B. Penetration testers C. External auditors D. Employees who design, implement, and monitor the controls Correct answer- C Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower? A. Likelihood B. RTO C. MTO D. Impact Correct answer- A As part of hiring a new employee, Kathleen's identity management team creates a new user object and ensures that the user object is available in the directories and systems where it is needed. What is this process called? A. Registration B. Provisioning C. Population D. Authenticator loading Correct answer- B Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to the VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky's login attempt? A. Ricky B. VPN C. Remote file server D. Files contained on the remote server Correct answer- A Alice is designing a cryptosystem for use by six users and would like to use a symmetric encryption algorithm. She wants any two users to be able to communicate with each other without worrying about eavesdropping by a third user. How many symmetric encryption keys will she need to generate? A. 6 B. 12 C. 15 D. 30 Correct answer- C Which one of the following intellectual property protection mechanisms has the shortest duration? A. Copyright B. Patent C. Trademark D. Trade secret Correct answer- B Gordon is developing a business continuity plan for a manufacturing company's IT operations. The company is located in North Dakota and currently evaluating the risk of earthquake. They choose to pursue a risk acceptance strategy. Which one of the following actions is consistent with that strategy? A. Purchasing earthquake insurance B. Relocating the data center to a safer area C. Documenting the decision-making process D. Reengineering the facility to withstand the shock of an earthquake Correct answer- C Carol would like to implement a control that protects her organization from the momentary loss of power to the data center. Which control is most appropriate for her needs? A. Redundant servers B. RAID C. UPS D. Generator Correct answer- C Ben has encountered problems with users in his organization reusing passwords, despite a requirement that they change passwords every 30 days. What type of password setting should Ben employ to help prevent this issue? A. Longer minimum age B. Increased password complexity C. Implement password history D. Implement password length requirements Correct answer- C Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? A. ALE B. SLE C. ARO D. AV Correct answer- B The removal of a hard drive from a PC before it is retired and sold as surplus is an example of what type of action? A. Purging B. Sanitization C. Degaussing D. Destruction Correct answer- B During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident? A. Detection B. Recovery C. Remediation D. Reporting Correct answer- D What OASIS standard markup language is used to generate provisioning requests both within organizations and with third parties? A. SAML B. SPML C. XACML D. SOA Correct answer- B Michelle is in charge of her organization's mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen? A. Mandatory passcodes and application management B. Full device encryption and mandatory passcodes C. Remote wipe and GPS tracking D. Enabling GPS tracking and full device encryption Correct answer- B Susan's SMTP server does not authenticate senders before accepting and relaying email. What is this security configuration issue known as? A. An email gateway B. An SMTP relay C. An X.400-compliant gateway D. An open relay Correct answer- D The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future? A. Encrypt local logs B. Require administrative access to change logs C. Enable log rotation D. Send logs to a bastion host Correct answer- D The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization's new centralized logging? A. Deploy and use an IDS B. Send logs to a central logging server C. Deploy and use a SIEM D. Use syslog Correct answer- C The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack best ensure accountability for actions taken on systems in his environment? A. Log review and require digital signatures for each log. B. Require authentication for all actions taken and capture logs centrally. C. Log the use of administrative credentials and encrypt log data in transit. D. Require authorization and capture logs centrally. Correct answer- B Ed's organization has 5 IP addresses allocated to them by their ISP but needs to connect over 100 computers and network devices to the Internet. What technology can he use to connect his entire network via the limited set of IP addresses he can use? A. IPsec B. PAT C. SDN D. IPX Correct answer- B What type of attack would the following precautions help prevent? ■ Requesting proof of identity ■ Requiring callback authorizations on voice-only requests ■ Not changing passwords via voice communications A. DoS attacks B. Worms C. Social engineering D. Shoulder surfing Correct answer- C Fred's organization needs to use a non-IP protocol on their VPN. Which of the common VPN protocols should he select to natively handle non-IP protocols? A. PPTP B. L2F C. L2TP D. IPsec Correct answer- C Residual data is another term for what type of data left after attempts have been made to erase it? A. Leftover data B. MBR C. Bitrot D. Remnant data Correct answer- D Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility? A. Simulation test B. Tabletop exercise C. Parallel test D. Checklist review Correct answer- C What access control system lets owners decide who has access to the objects they own? A. Role-based access control B. Task-based access control C. Discretionary access control D. Rule-based access control Correct answer- C Using a trusted channel and link encryption are both ways to prevent what type of access control attack? A. Brute force B. Spoofed login screens C. Man-in-the-middle attacks D. Dictionary attacks Correct answer- C Which one of the following is not one of the canons of the (ISC)2 Code of Ethics? A. Protect society, the common good, necessary public trust and confidence, and the infrastructure. B. Act honorably, honestly, justly, responsibly, and legally. C. Provide diligent and competent service to principals. D. Maintain competent records of all investigations and assessments Correct answer- D Which one of the following components should be included in an organization's emergency response guidelines? A. Immediate response procedures B. Long-term business continuity protocols C. Activation procedures for the organization's cold sites D. Contact information for ordering equipment Correct answer- A Ben is working on integrating a federated identity management system and needs to exchange authentication and authorization information for browser-based single sign- on. What technology is his best option? A. HTML B. XACML C. SAML D. SPML Correct answer- C What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles? A. Weekly B. Monthly C. Semiannually D. Annually Correct answer- D What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? A. 1 B. 2 C. 3 D. 4 Correct answer- B Lauren wants to monitor her LDAP servers to identify what types of queries are causing problems. What type of monitoring should she use if she wants to be able to use the production servers and actual traffic for her testing? A. Active B. Real-time C. Passive D. Replay Correct answer- C Steve is developing an input validation routine that will protect the database supporting a web application from SQL injection attack. Where should Steve place the input validation code? A. JavaScript embedded in the web pages B. Backend code on the web server C. Stored procedure on the database D. Code on the user's web browser Correct answer- B Ben is selecting an encryption algorithm for use in an organization with 10,000 employees. He must facilitate communication between any two employees within the organization. Which one of the following algorithms would allow him to meet this goal with the least time dedicated to key management? A. RSA B. IDEA C. 3DES D. Skipjack Correct answer- A Grace is considering the use of new identification cards in her organization that will be used for physical access control. She comes across the sample card shown here and is unsure of the technology it uses. What type of card is this? A. Smart card B. Phase-two card C. Proximity card D. Magnetic stripe card Correct answer- D What type of log file is shown in this figure? A. Application B. Web server C. System D. Firewall Correct answer- D Which one of the following activities transforms a zero-day vulnerability into a less dangerous attack vector? A. Discovery of the vulnerability B. Implementation of transport-layer encryption C. Reconfiguration of a firewall D. Release of a security patch Correct answer- D Which one of the following is an example of a hardening provision that might strengthen an organization's existing physical facilities and avoid implementation of a business continuity plan? A. Patching a leaky roof B. Reviewing and updating firewall access control lists C. Upgrading operating systems D. Deploying a network intrusion detection system Correct answer- A Susan wants to monitor traffic between systems in a VMWare environment. What solution would be her best option to monitor that traffic? A. Use a traditional hardware-based IPS. B. Install Wireshark on each virtual system. C. Set up a virtual span port and capture