41.
Which of the following common methods is typically not used by hackers to remotely
control encryption keys which exist unencrypted in executable RAM memory?
- A.Malware downloading and installing a Trojan horse utility without the user’s knowledge
- B.Remotely gaining unencrypted access to POS/computers on the internal store LAN before encryption occurs for transmission
- C.Gaining physical access into the system using social engineering
- D.Gaining unauthorized access using static passwords in configuration files intended for program-to-program access
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Almost all commercial computers are easily compromised by malware downloads, compromised device drivers, reusing static passwords viewable in program-to-program configuration files, Plug and Play features enabled, and other remote access attacks. Social engineering, which requires being onsite, is seldom used because remote access is so easy with less chance of getting caught. |
42.
Which of the following is not one of the three major control types?
- A.Detective
- B.Deterrent
- C.Preventive
- D.Corrective
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The major control types are detective (finds), corrective (fixes), and physical (stops reoccurrence). A deterrent control is simply a very weak form of preventative control. |
43.
Which method of backup should be used on a computer hard disk or flash media prior to
starting a forensic investigation?
- A.Full
- B.Differential
- C.Bitstream
- D.Logical
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Bitstream imaging is the only backup method that records the deleted files along with the contents of the swap space and slack space. Bitstream backup is also referred to as physical imaging. All of the other choices would miss these important files that are necessary as evidence. |
44.
After presenting the report at the conclusion of an audit, the lead auditor discovers the
omission of a procedure. What should the auditor do next?
- A.Log on to CareerBuilder.com and change their current employment status to available.
- B.Cancel the report if audit alternatives cannot compensate for the deficiency.
- C.File an incident disclosure report with the audit association to minimize any liability
- D.No action is required as long as the omitted procedure is included in the next audit.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The auditor needs to review the audit alternatives to determine whether the alternatives could sufficiently compensate for the omission. The auditor should cancel their report if the omitted procedures would change the outcome and if audit alternatives cannot compensate for the deficiency. |
45.
Which of the following statements is not true regarding d t evices or systems that routinely
allow unknown or unauthenticated users access to use the CPU, memory, or hard drive
storage?
- A.Unknown/anonymous users can upload or download data from the web server database. Unintended data or configuration settings may be revealed or executable code with escalation attack commands may be uploaded.
- B.Unknown/anonymous users can access the LAN printer/multi-function device (MFP) to spool, print, fax, or receive files or remotely manipulate device settings.
- C.Unknown/anonymous users can remotely alter startup settings or boot file images without the knowledge of system administrators.
- D.Unknown/anonymous users can be sales prospects, so the risk is acceptable because security controls must be cost effective and not interrupt revenue activities.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Option D is not true. Cost-effective security controls relates to being cost effective when compared to the risk likelihood and cost consequences of system interruption, system takeover, or data breach. The other three statements are true. LAN printer/MFP devices usually lack access control lists, have no antivirus protection and no malware firewall, and are frequently overlooked by users, which make the LAN printer an excellent platform to launch additional attacks. |
|
|
||||||||||||||||||||||||||||
