Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?
A. Availability B. Integrity C. Accounting D. Confidentiality
Explanation: Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity.
A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?
A. Integrity B. Confidentiality C. Steganography D. Availability
Explanation: Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Which of the following concepts defines the requirement for data availability?
A. Authentication to RADIUS B. Non-repudiation of email messages C. Disaster recovery planning D. Encryption of email messages
Explanation: A disaster-recovery plan, or scheme, helps an organization respond effectively when a disaster occurs. Disasters may include system failure, network failure, infrastructure failure, and natural disaster. The primary emphasis of such a plan is reestablishing services and minimizing losses.
Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?
A. Subnetting B. NAT C. Quality of service D. NAC
Explanation: Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.
It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?
A. Integrity B. Safety C. Availability D. Confidentiality
Explanation: Integrity means that the messages/ data is not altered. PII is personally identifiable information that can be used to uniquely identify an individual. PII can be used to ensure the integrity of data/messages.
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?
A. Increased availability of network services due to higher throughput B. Longer MTBF of hardware due to lower operating temperatures C. Higher data integrity due to more efficient SSD cooling D. Longer UPS run time due to increased airflow
Explanation: The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component’s anticipated lifetime. If the MTBF of a cooling system is one year, you can anticipate that the system will last for a one-year period; this means that you should be prepared to replace or rebuild the system once a year. If the system lasts longer than the MTBF, your organization receives a bonus. MTBF is helpful in evaluating a system’s reliability and life expectancy. Thus longer MTBF due to lower operating temperatures is a definite advantage
Which of the following is the BEST concept to maintain required but non-critical server availability?
A. SaaS site B. Cold site C. Hot site D. Warm site
Explanation: Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Another term for a warm site/reciprocal site is active/active model.
A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?
A. Secure coding B. Fuzzing C. Exception handling D. Input validation
Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.