A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies
upon terminating. What sort of security breach is this policy attempting to mitigate?

While performing online banking using a Web browser, a user receives an email that contains a link to an
interesting Web site. When the user clicks on the link, another Web browser session starts and displays a
video of cats playing a piano. The next business day, the user receives what looks like an email from his bank,
indicating that his bank account has been accessed from a foreign country. The email asks the user to call his
bank and verify the authorization of a funds transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of
the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s
access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted
the contents of the tarball and ran the script using a function provided by the FTP server’s software. The ps
command shows that the nc file is running as process, and the netstat command shows the nc process is
listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will
require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore
the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the
SLE, ARO, and ALE. Assume the EF = 1 (100%).
What is the closest approximate cost of this replacement and recovery operation per year?

In Risk Management, how is the term “likelihood” related to the concept of “threat?”

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion
Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security.
When the investigator attempts to correlate the information in all of the logs, the sequence of many of the
logged events do not match up.
What is the most likely cause?

Which of the following is the greatest threat posed by backups?

Which of the following is assured by the use of a hash?

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Which of the following is a design pattern based on distinct pieces of software providing application functionality
as services to other applications?