email servers, and on each system. More than one anti-malware
                    application on a single system isn’t recommended. A single

                    solution for the whole organization is often ineffective because
                    malware can get into the network in more than one way. Content
                    filtering at border gateways (boundary between the internet and
                    the internal network) is a good partial solution, but it won’t catch
                    malware brought in through other methods.

               11.  B. Penetration testing should be performed only with the

                    knowledge and consent of the management staff. Unapproved
                    security testing could result in productivity loss, trigger emergency
                    response teams, and result in legal action against the tester
                    including loss of employment. A penetration test can mimic
                    previous attacks and use both manual and automated attack
                    methods. After a penetration test, a system may be reconfigured to
                    resolve discovered vulnerabilities.


               12.  B. Accountability is maintained by monitoring the activities of
                    subjects and objects as well as monitoring core system functions
                    that maintain the operating environment and the security
                    mechanisms. Authentication is required for effective monitoring,
                    but it doesn’t provide accountability by itself. Account lockout
                    prevents login to an account if the wrong password is entered too
                    many times. User entitlement reviews can identify excessive

                    privileges.

               13.  B. Audit trails are a passive form of detective security control.
                    Administrative controls are management practices. Corrective
                    controls can correct problems related to an incident, and physical
                    controls are controls that you can physically touch.

               14.  B. Auditing is a methodical examination or review of an
                    environment to ensure compliance with regulations and to detect

                    abnormalities, unauthorized occurrences, or outright crimes.
                    Penetration testing attempts to exploit vulnerabilities. Risk
                    analysis attempts to analyze risks based on identified threats and
                    vulnerabilities. Entrapment is tricking someone into performing an
                    illegal or unauthorized action.

               15.  A. Clipping is a form of nonstatistical sampling that reduces the