- (Exam Topic 1)
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?
Correct Answer:
B
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.
- (Exam Topic 2)
Where is an XML firewall most commonly deployed in the environment?
Correct Answer:
D
XML firewalls are most commonly deployed in line between the firewall and application server to validate XML code before it reaches the application.
- (Exam Topic 4)
Which of the following is considered an administrative control?
Correct Answer:
B
A process is an administrative control; sometimes, the process includes elements of other types of controls (in this case, the access control mechanism might be a technical control, or it might be a physical control), but the process itself is administrative. Keystroke logging is a technical control (or an attack, if done for malicious purposes, and not for auditing); door locks are a physical control; and biometric authentication is a technological control.
- (Exam Topic 2)
Which of the following is NOT a function performed by the handshake protocol of TLS?
Correct Answer:
B
The handshake protocol negotiates and establishes the connection as well as handles the key exchange and establishes the session ID. It does not perform the actual encryption of data packets.
- (Exam Topic 3)
Along with humidity, temperature is crucial to a data center for optimal operations and protection of equipment.
Which of the following is the optimal temperature range as set by ASHRAE?
Correct Answer:
C
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommends
