Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally
or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering
the system?

Which of the following is NOT a component of an Operations Security “triples”?

Which of the following are the two commonly defined types of covert channels?

Which of the following is an unintended communication path that is NOT protected by the system’s normal
security mechanisms?

Which of the following security controls might force an operator into collusion with personnel assigned
organizationally within a different function in order to gain access to unauthorized data?

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation forfraudulent purposes?

You are a criminal hacker and have infiltrated a corporate network via a compromised host and a
misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It
has several notable vulnerable services and it therefore seems out of place with an otherwise secured network.
(Except for the misconfigured firewall, of course)
What is it that you are likely seeing here?

Which of the following BEST describes Configuration Management controls?

Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects
Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address
and port?

Why would anomaly detection IDSs often generate a large number of false positives?