PrepAway - Latest Free Exam Questions & Answers

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

PrepAway - Latest Free Exam Questions & Answers

A.
Zero day exploit

B.
Dumpster diving

C.
Virus outbreak

D.
Tailgating

Explanation:
A zero day vulnerability is an unknown vulnerability so there is no fix or patch for it. One way to attempt
to work around a zero day vulnerability would be to restrict the permissions by using an ACL (Access
Control List)
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
Incorrect Answers:B: Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.)
In the world of information technology, dumpster diving is a technique used to retrieve information that
could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching
through the trash for obvious treasures like access codes or passwords written down on sticky notes.
Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist
an attacker using social engineering techniques to gain access to the network. To prevent dumpster
divers from learning anything valuable from your trash, experts recommend that your company establish
a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being
recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. Using
proximity card readers instead of the traditional key punch doors would not prevent dumpster diving.
You cannot prevent dumpster diving by using an ACL. This answer is therefore incorrect.
C: A virus outbreak is a virus spreading around multiple computers. A virus can be stopped by using
antivirus software. A virus could possibly be restricted by an ACL on a single computer but it would be
difficult to configure ACLs quickly on several computers.
D: Tailgating in IT security would be an unauthorized person following and authorized person into a
building or room such as a datacenter. If a building has a card reader where an authorized person can
hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person
into the building by walking through the door before it closes and locks.
You cannot prevent tailgating by using an ACL. This answer is therefore incorrect.

http://www.pctools.com/security-news/zero-day-vulnerability/
http://searchsecurity.techtarget.com/definition/dumpster-diving


Leave a Reply