C is correct. Encryption is the best choice to provide confidentiality of

any type of information, including data stored in a database. Hashing

supports a use case of supporting integrity. Disk redundancies provide

resilience and increase availability. Patching systems increases availability

and reliability.

B is correct. He is most likely using a use case of supporting integrity. By

verifying that the hashes are the same on the configuration files, he is

verifying that the files have not changed. Confidentiality is enforced with

encryption, access controls, and steganography. Encryption is a method of

enforcing confidentiality, and it doesn’t use hashes. Availability ensures

systems are up and operational when needed.

A is correct. Message Digest 5 (MD5) is a hashing algorithm that creates

a fixed-length, irreversible output. Hashing algorithms cannot re-create the

original data file from just the hash. Advanced Encryption Standard (AES)

is an encryption algorithm, and you can re-create the original data file by

decrypting it. An intrusion detection system (IDS) is not a cryptographic

algorithm but is a detective control. A security information and event

management (SIEM) system provides centralized logging.

A is correct. Elasticity is the best choice because it allows the server to

dynamically scale up or out as needed in response to high resource usage.

Scalability isn’t the best answer because it is done manually, however, the

high resource usage is random and manually adding resources can’t respond

to the random spikes quick enough. Normalization refers to organizing

tables and columns in a database to reduce redundant data and improve

overall database performance. Stored procedures are a group of SQL

statements that execute as a whole and help prevent SQL injection attacks.

D is correct. An intrusion detection system (IDS) is a detective control. It

can detect malicious traffic after it enters a network. A preventive control,

such as an intrusion prevention system (IPS), prevents malicious traffic

from entering the network. An IDS uses technology and is not a physical

control. Deterrent controls attempt to discourage a threat, but attackers

wouldn’t know if a system had an IDS, so the IDS can’t deter attacks.

C is correct. Monitoring security logs, analyzing trend reports from a

security information and event management (SIEM), and validating alerts

from a SIEM are detective controls. Detective controls try to detect security

incidents after they happened. A compensating control is an alternative

control used when a primary security control is not feasible or is not yet

deployed. Preventive controls attempt to prevent incidents, but the scenario

doesn’t specifically describe any preventive controls. A corrective control

attempts to reverse the impact of a security incident after it has happened.

C is correct. The netstat command can be used to display a list of open

connections, including both the IP address and the port (or a socket). None

of the other commands display active connections. The tracert command

lists the routers between two systems. The arp command shows the

contents of the Address Resolution Protocol (ARP) cache. The dig

command can be used on Linux systems to query Domain Name System

(DNS) servers.