Chapter 2: Technologies and Tools
247
Option C is incorrect. NTP issues should not lead to any event duplication. Option D is incorrect. NTP issues should not lead to events failing to be logged. 49. A. The -n command is used to set the number of ping packets to send—in this case, 6— and -l sets the size—in this case, 100 bytes. Option A is incorrect. IV attacks are obscure cryptographic attacks on stream ciphers. Options B, C, and D are all incorrect. This is a ping command, but these options have incorrect flags. 50. B. An insider could send out data as an email attachment. Option A is incorrect. Portable devices usually connect via USB, which is blocked, and if they don’t, they will likely be found on the exit search. Option C is incorrect. The range of Bluetooth is 10 meters. That makes it ineffective for data exfiltration. Option D is incorrect. Optical media is a type of portable media. 51. D. Phishing emails are often sent out to masses of people and a spam filter would block at least some of that, thus reducing the phishing email attacks. Option A is incorrect. Although email encryption is a good idea, it will do nothing to stop phishing. Option B is incorrect. Hardening all servers is a good security practice, but it has no impact on phishing emails. Option C is incorrect. Although digitally signing email is a good idea, it cannot stop phishing or even reduce it significantly. It might mitigate phishing emails that claim to come from a company employee, but it won’t impact other phishing emails. 52. C. A TLS accelerator is a processor that handles processing, specifically processor-intensive public-key encryption for Transport Layer Security (TLS). This should significantly improve server responsiveness. Option A is incorrect. Increasing RAM will have only a minimal effect on network responsiveness. Option B is incorrect. From the question, there is no indication that the servers were not performing fine before TLS implementation, so addressing the TLS issues is the best solution. Option D is incorrect. Setting up clustering is a rather significant step, and not the first thing that should be considered. Implementation of TLS accelerators is a better option. 53. B. An employee could hide sensitive data in files using steganography and then exfiltrate that data. Option A is incorrect. Password crackers are a separate type of tool than steganography tools. Option C is incorrect. Very few steganography tools and methods allow you to hide network traffic. Option D is incorrect. Although it is possible to hide malware in a file via steganography, this is not the greatest or most common concern.