CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 112-51

Free 112-51 Exam Braindumps (page: 4)

Page 3 of 19
PDF with 75 Questions

In an organization, employees are restricted from using their own storage devices, and only the company's portable storage devices are allowed. As employees are carrying the company's portable device outside their premises, the data should be protected from unauthorized access.
Which of the following techniques can be used to protect the data in a portable storage device?

  1. Data retention
  2. Data encryption
  3. Data resilience
  4. Disk mirroring

Answer(s): B

Explanation:

Data encryption is the technique that can be used to protect the data in a portable storage device. Data encryption is the process of transforming data into an unreadable format using a secret key or algorithm. Only authorized parties who have the correct key or algorithm can decrypt and access the data. Data encryption provides security and privacy for the data stored on a portable storage device, such as a USB flash drive or an external hard drive, by preventing unauthorized access, modification, or disclosure. If the device is lost or stolen, the data will remain protected and inaccessible to the unauthorized user. Data encryption can be implemented using software or hardware solutions, such as BitLocker, VeraCrypt, or encrypted USB drives. Data encryption is one of the best practices for securely storing data on portable devices123.


Reference:

7 Ways to Secure Sensitive Data on a USB Flash Drive, UpGuard, August 17, 2022 How to Protect Data on Portable Drives, PCWorld, January 10, 2011 Securely Storing Data, Security.org, December 20, 2022



Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?

  1. MD5
  2. SHA-2
  3. SHA-3
  4. MD6

Answer(s): C

Explanation:

SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge construction, which is a simple iterated construction that can produce variable-length output from a fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing phase and the squeezing phase. In the absorbing phase, the input message is padded and divided into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is transformed by the permutation function f. This process continues until all the input blocks are processed. In the squeezing phase, the output is generated by repeatedly applying the permutation function f to the state and extracting the first r bits as output blocks. The output can be truncated to the desired length. SHA-3 uses a permutation function f that is based on a round function that consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations, permutations, and additions on the state. The permutation function f is invertible, meaning that it can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths:
SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes:
SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length output.


Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-25 SHA-3 - Wikipedia, Wikipedia, March 16, 2021
The sponge and duplex constructions - Keccak Team, Keccak Team, 2020



Below are the various steps involved in the creation of a data retention policy. 1.Understand and determine the applicable legal requirements of the organization

2.Ensure that all employees understand the organization's data retention policy 3.Build a data retention policy development team
4.ldentify and classify the data to be included in the data retention policy 5.Develop the data retention policy
Identify the correct sequence of steps involved.

  1. 3 -- >2 -- >5 -- >4 -- >1
  2. 3 -- >1 -- >4 -- >5 -- >2
  3. 1 -- >3 -- >4 -- >2 -- >5
  4. 1 -- >5 -- >4 -- >2 -- >3

Answer(s): B

Explanation:

The correct sequence of steps involved in the creation of a data retention policy is 3 -> 1 -> 4 -> 5 ->
2. This is based on the following description of the data retention policy creation process from the web search results:
Build a team: To design a data retention policy, you need a team of industry experts, such as legal, IT, compliance, and business representatives, who can contribute their knowledge and perspectives to the policy. The team should have a clear leader who can coordinate the tasks and communicate the goals and expectations1.
Determine legal requirements: The team should research and understand the applicable legal and regulatory requirements for data retention that affect the organization, such as GDPR, HIPAA, PCI DSS, etc. The team should also consider any contractual obligations or industry standards that may influence the data retention policy2134.
Identify and classify the data: The team should inventory and categorize all the data that the organization collects, stores, and processes, based on their function, subject, or type. The team should also assess the value, risk, and sensitivity of each data category, and determine the appropriate retention period, format, and location for each data category2134. Develop the data retention policy: The team should draft the data retention policy document that outlines the purpose, scope, roles, responsibilities, procedures, and exceptions of the data retention policy. The policy should be clear, concise, and consistent, and should reflect the legal and business requirements of the organization. The policy should also include a data retention schedule that specifies the retention period and disposition method for each data category2134. Ensure that all employees understand the organization's data retention policy: The team should communicate and distribute the data retention policy to all the relevant employees and stakeholders, and provide training and guidance on how to comply with the policy. The team should also monitor and enforce the policy, and review and update the policy regularly to reflect any changes in the legal or business environment2134.


Reference:

How to Create a Data Retention Policy | Smartsheet, Smartsheet, July 17, 2019 What Is a Data Retention Policy? Best Practices + Template, Drata, November 29, 2023 Data Retention Policy: What It Is and How to Create One - SpinOne, SpinOne, 2020 How to Develop and Implement a Retention Policy - SecureScan, SecureScan, 2020



Cibel.org, an organization, wanted to develop a web application for marketing its products to the public. In this process, they consulted a cloud service provider and requested provision of development tools, configuration management, and deployment platforms for developing customized applications.
Identify the type of cloud service requested by Cibel.org in the above scenario.

  1. Security-as-a-service (SECaaS)
  2. Platform-as-a-service
  3. Infrastructure-as-a-service {laaS)
  4. ldentity-as-a-service {IDaaS)

Answer(s): B

Explanation:

The type of cloud

The type of cloud service requested by Cibel.org in the above scenario is Platform-as-a-service (PaaS). PaaS is a cloud-based service that delivers a range of developer tools and deployment capabilities. PaaS provides a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications. PaaS customers do not need to install, configure, or manage the underlying infrastructure, such as servers, storage, network, or operating system. Instead, they can focus on the application development and deployment process, using the tools and services provided by the cloud service provider. PaaS solutions support cloud-native development technologies, such as microservices, containers, Kubernetes, serverless computing, that enable developers to build once, then deploy and manage consistently across private cloud, public cloud and on-premises environments. PaaS also offers features such as scalability, availability, security, backup, and monitoring for the applications. PaaS is suitable for organizations that want to develop customized applications without investing in or maintaining the infrastructure123.


Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-40 to 3-41 What is PaaS? A Beginner's Guide to Platform as a Service - G2, G2, February 19, 2020 Cloud Service Models Explained: SaaS, IaaS, PaaS, FaaS - Jelvix, Jelvix, July 14, 2020






Post your Comments and Discuss EC-Council 112-51 exam with other Community members:

112-51 Discussions & Posts