What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?
Correct Answer: B
This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. This kind of attack was used in the past to make what is stated in the question, steal small quantities of money and transfer them to the attackers account. See "Data deddling crimes" on the Web. The most correct answer is 'Salami', but since that is not an option the most correct answer is data diddling. "A salami attack is committing several small crimes with the hope that the overall larger crime will go unnoticed. ....An example would be if an employee altered a banking software program to subtract 5 cents from each of the bank's customers' accounts once a month and moved this amount to the employee's bank account. If this happened to all of the bank's 50,000 customer accounts, the intruder could make up to $ 30,000 a year. Data diddling refers to the alteration of existing data. Many times this modification happens before it is entered into an application or as soon as it completes processing and is outputted from an application. There was an incident in 1997, in Maryland, where a Taco Bell employee was sentenced to ten years in jail because he reprogrammed the drive-up window cash register to ring up ever 42.99 order as one penny. He collected the full amount from the customer, put the penny in the till, and pocketed the other $2.98. He made $3600 before his arrest." Pg. 602-603 Shon Harris: All-In-One CISSP Certification Exam Guide
Question 927
Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
Correct Answer: A
organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34
Question 928
The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?
Correct Answer: C
The volatility of data refers to the degree to which data can be lost or altered due to various factors, such as power loss, hardware failure, software error, or human intervention. In a digital forensics investigation, the volatility of data poses a challenge because it requires the investigator to follow a specific order of volatility when collecting and preserving evidence. The order of volatility is based on the principle that the most volatile data should be collected first, before it is overwritten or destroyed by less volatile data. The order of volatility typically includes the following types of data, from most volatile to least volatile: registers, cache, random access memory (RAM), routing tables, kernel statistics, process tables, network connections, executable files, swap files, hard disk, remote logging and monitoring data, physical configuration, network topology, archival media3 . References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 693; [CISSP CBK, Fifth Edition, Chapter 8, page 1049].
Question 929
Which of the following protocols offers native encryption?
Correct Answer: C
The following answers are incorrect: IPSEC, SSH, PPTP, SSL, MPLS, and L2TP is incorrect because L2TP and PPTP does NOT offer encryption. IPSEC, SSH, SSL, TFTP is incorrect because TFTP does not offers encryption. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP is incorrect because MPLS, L2F, and L2TP do NOT offer encryption. NOTE: PPTP did not provide Encryption natively. It is MPPE from Microsoft that would provide encryption. MPPE is an encryption technology developed by Microsoft to encrypt point-to-point links. These PPP connections can be over a dialup line or over a VPN tunnel. MPPE works as a subfeature of Microsoft Point-to-Point Compression (MPPC). MPPC is a scheme used to compress PPP packets between client devices. The MPPC algorithm is designed to optimize bandwidth utilization in order to support multiple simultaneous connections. MPPE is negotiated using bits in the MPPC option within the Compression Control Protocol (CCP) MPPC configuration option (CCP configuration option number 18). MPPE uses the RC4 algorithm with either 40- or 128-bit keys. All keys are derived from the cleartext authentication password of the user. RC4 is stream cipher; therefore, the sizes of the encrypted and decrypted frames are the same size as the original frame. The Cisco implementation of MPPE is fully interoperable with that of Microsoft and uses all available options, including historyless mode. Historyless mode can increase throughput in lossy environments such as VPNs, because neither side needs to send CCP Resets Requests to synchronize encryption contexts when packets are lost. The following reference(s) were/was used to create this question: Official (ISC)2 Guide to the CISSP CBK, Third Edition , pages 874 and 355 (IPSEC), 360 (SSH), 359 (PPTP), 362 (SSL), 361 (SOCKS), 360 (L2TP). and http://www.cisco.com/en/US/products/ps6587/products_white_paper09186a008019bf38.shtml#15 190
Question 930
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
