- (Exam Topic 4)
Which of the following is the correct order of volatility from most to least volatile?
Correct Answer:
B
The order of volatility is the order of how quickly data can be lost or changed in a system. The order of volatility is important for digital forensics and evidence collection, as it determines the priority and sequence of data preservation. The correct order of volatility from most to least volatile is cache, memory, temporary filesystems, disk, archival media. Cache is the fastest and most volatile type of memory that stores frequently used data. Memory is the main memory or RAM that stores data for active processes. Temporary filesystems are files that are created and deleted during normal system operations, such as swap files, print spool files, etc. Disk is the permanent storage device that stores data on magnetic or solid-state media. Archival media are devices that store data for long-term preservation, such as optical disks, tapes, etc.
- (Exam Topic 2)
A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?
Correct Answer:
D
A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed12. This can allow an attacker to compromise a host by resending a previously captured message, such as a password or a session token, that looks legitimate to the receiver1. A replay attack can be prevented by using methods such as random session keys, timestamps, or one-time passwords that expire after use12. A replay attack is different from an integer overflow, which is a type of software vulnerability that occurs when an arithmetic operation attempts to create a numeric value that is too large to be represented within the available storage space3. A race condition is another type of software vulnerability that occurs when multiple processes access and manipulate the same data concurrently, and the outcome depends on the order of execution3. A memory leak is a type of software defect that occurs when a program fails to release memory that is no longer needed, causing the program to consume more memory than necessary and potentially affecting the performance or stability of the system3.
- (Exam Topic 1)
Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?
Correct Answer:
A
Time-based One-Time Password (TOTP) is a type of authentication method that sends out a unique password to be used within a specific number of seconds. It uses a combination of a shared secret key and the current time to generate a one-time password. TOTP is commonly used for two-factor authentication (2FA) to provide an additional layer of security beyond just a username and password.
- (Exam Topic 2)
A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?
Correct Answer:
D
A VPN (virtual private network) is a secure tunnel used to encrypt traffic and prevent unauthorized access to the internal network. It is a secure way to extend a private network across public networks, such as the Internet, and can be used to allow remote users to securely access resources on the internal network. Additionally, a VPN can be used to prevent malicious traffic from entering the internal network.
- (Exam Topic 1)
Which of the following involves the inclusion of code in the main codebase as soon as it is written?
Correct Answer:
D
Detailed explanation
Continuous Integration (CI) is a practice where developers integrate code into a shared repository frequently, preferably several times a day. Each integration is verified by an automated build and automated tests. CI allows for the detection of errors early in the development cycle, thereby reducing overall development costs.