General
-
Target
Glen E. Clarke - CompTIA Security+ Certification Bundle (Exam SY0-601)-McGraw-Hill Education (2022).epub
-
Size
46.7MB
-
MD5
70851ed702492e8ef4eee89009d72c34
-
SHA1
5c390f482e64d1912112e916b03250540792692d
-
SHA256
c3d3734cf815fed75abf414b872e75515d5f2edbbb6af048f11982e540cddc45
-
SHA512
c6f93d960a7a03900e6b73c701bb0e020fafe86b1909cea904e2aba42fc13874acdd649051da5183d4ac73ac7cef35b1d79ce11848001a2c5b20468d0e3f96da
-
SSDEEP
786432:F4HuBYsIN8Iaq8Wn98T1oQcQ+2xc0SFxjO7asKt/N7vXciVkSturqHGt8w4qyx1r:FguesILQWn9kcQtC0SFxCDWdVkSZGt8j
Score
10/10
Malware Config
Extracted
Ransom Note
Chapter 11
Authorization and Access Control
CERTIFICATION OBJECTIVES
11.01 Identity and Resource Providers
11.02 Access Control Methods
11.03 Security Controls
QUESTIONS
Modern web applications have the ability to authenticate users directly with a username and password or by trusting providers such as Google and Facebook, where users may already have login credentials and potentially multifactor authentication settings.
Granting permissions to access resources can be done using many methods, including role membership, conditional rule access, or security policies, and can be enforced by a specialized, secure operating system.
IT technicians can use a variety of security control types to protect assets. Some controls are preventative in nature, such as firewalls, whereas others are detective in nature, such as log file analysis. The proper security control must be put in place and its efficacy periodically assessed, especially if security controls are required by laws or regulations.
1. Which identity federation component authenticates users?
A. Identity provider
B. Resource provider
C. OAuth
D. SAML
2. After successful authentication, which SAML component contains claim information?
A. Resource provider
B. Security token service
C. PKI certificate
D. Token
3. You are configuring file system security such that Microsoft Active Directory user accounts with a specific manager configured in their user account properties are granted file system access. What type of access control configuration is this?
A. Role-based
B. Discretionary
C. Attribute-based
D. Time-based
4. Which of the following constitutes multifactor authentication?
A. Username, password
B. Username, PIN
C. Smartcard, PIN
D. Smartcard, key fob
5. You are configuring SSH public key authentication for a Linux host. Which statements about this configuration are correct? (Choose two.)
A. The public key is stored with the user.
B. The private key is stored with the user.
C. The public key is stored with the Linux host.
D. The private key is stored with the Linux host.
6. After configuring SSH public key authentication for a Linux host, users complain that they are prompted for a passphrase when using SSH to connect to the host. Why is this happening?
A. SSH is configured incorrectly on the Linux host.
B. SSH is configured incorrectly on the client device.
C. A passphrase has been configured to protect the private key.
D. A passphrase has been configured to protect the public key.
7. Which configuration limits the use of a mobile device to a specific area?
A. Geotagging
B. Geolocation
C. GPS
D. Geofencing
8. While scrolling through social media posts, you come across a friend’s post stating that he had recently boarded a flight from Las Vegas en route to Toronto. What is this an example of?
A. Geotagging
B. Geolocation
C. GPS
D. Geofencing
9. Which user password setting will prevent the reuse of old passwords?
A. Password complexity
B. Account lockout
C. Password history
D. Time-based login
10. You have configured user workstations so that upon a user’s login, a message states that the system may be used only to conduct business in accordance with organizational security policies, and that noncompliance could result in disciplinary action. Which type of security control is this?
A. Detective
B. Corrective
C. Deterrent
D. Compensating
11. Which type of access control model uses a hardened specialized operating system with resource labeling and security clearance levels to control resources access?
A. Discretionary access control
B. Role-based access control
C. Attribute-based access control
D. Mandatory access control
12. Your cloud-based virtual machine runs a custom application workload that requires access to resources running within on-premises virtual machines. What should you do to enable secure connectivity between the virtual machines? (Choose two.)
A. Configure HTTP connectivity between the virtual machines.
B. Configure a guest account for the application.
C. Configure a service account for the application.
D. Configure a VPN tunnel between the virtual machines.
13. Which term is the most closely related to the “impossible travel time” security feature?
A. Chain of trust
B. Security token
C. Geofencing
D. Anomaly detection
14. You are configuring file servers in the enterprise to allow read-only access to files labeled as “PII” for users accessing files from the corporate network if they have been assigned to a project named “ProjectA.” Which type of access control mechanism is being used?
A. Discretionary
B. Conditional
C. Mandatory
D. Role-based
15. The IT department has been tasked with conducting a risk assessment related to the migration of a line-of-business app to the public cloud. To which security control category does this apply?
A. Operational
B. Managerial
C. Technical
D. Physical
16. You have been tasked with the weekly tape backup rotation for backing up on-premises database servers. To which security control category does this apply?
A. Operational
B. Managerial
C. Technical
D. Physical
17. Organizational security policies require that customers’ personal information be encrypted when stored. To which security control category does this apply?
A. Operational
B. Managerial
C. Technical
D. Physical
18. You are configuring a hardware firewall to allow traffic only from a jump box in the DMZ to internal Linux hosts. Which type of security control is this?
A. Physical
B. Compensating
C. Preventative
D. Detective
19. To achieve regulatory compliance, your organization must encrypt all fixed disks to protect data at rest on each station. Your company plans on using the Microsoft Windows BitLocker drive encryption feature. None of your computers has a TPM chip, so you have configured Group Policy such that decryption keys can be stored on a removable USB thumb drive. Which type of security control is this?
A. Physical
B. Compensating
C. Detective
D. Corrective
20. You have configured a network-based intrusion prevention system (NIPS) hardware appliance to block traffic from IP addresses that send excessive traffic to your network. Which type of security control is this?
A. Physical
B. Compensating
C. Deterrent
D. Corrective
21. You are a consultant helping a retail client with app geofencing. Which type of tracking mechanisms can you use to enable geofencing for customers with the retail app installed on their smartphones?
A. GPS, Wi-Fi
B. Wi-Fi, NFC
C. GPS, NAC
D. NAC, Bluetooth
22. Your identity federation configuration creates digitally signed tokens for authenticated users that contain the user date of birth and security clearance level. Which term is used to describe this extra data added to the token?
A. PKI certificate
B. Cookie
C. SAML
D. Claim
23. Why is the SSH authentication error in Figure 11-1 occurring?
A. The incorrect public key is being used.
B. The incorrect private key is being used.
C. The username is incorrect.
D. The password is incorrect.
FIGURE 11-1
SSH authentication error
24. You are viewing the contents of the Linux authorized_keys file. Which type of key is stored here?
A. Public
B. Private
C. Secret
D. Symmetric
25. You need to assess whether Linux servers in the screened subnet need to be hardened. The servers are currently configured with SSH public key authentication. What should you check that should be in place? (Choose two.)
A. Password protection for the public key
B. Private key password protection
C. Default SSH port number TCP 22 has been changed to an unreserved port number
D. Default SSH port number TCP 25 has been changed to an unreserved port number
26. Which statements regarding SSH public key authentication are correct? (Choose two.)
A. A user password is not required.
B. A user password is required.
C. A public and private key pair is required.
D. A symmetric key is required.
27. You are an IT technician for FakeCorp1. You have configured your on-premises Microsoft Active Directory domain controller server, Dc1, as a federated identity provider during the acquisition phase of a competitor, FakeCorp2. The IT team at FakeCorp2 must configure web app servers to trust tokens issued by FakeCorp1. What should you provide to the technicians?
A. The private key for DC1
B. The administrative username for DC1
C. The public key for DC1
D. The administrative password for DC1
28. What is normally required when using smartcard authentication? (Choose two.)
A. Smartcard reader
B. PIN
C. TPM
D. HSM
29. Where are virtual smartcards stored?
A. Windows registry
B. RADIUS server
C. Identity provider
D. TPM
30. Your organization plans on issuing smartcards to users for the purposes of digitally signing and decrypting e-mail messages. What must be deployed to the smartcards?
A. Server public key
B. User public key
C. Server private key
D. User private key
31. What is one disadvantage of using a virtual smartcard in a Microsoft Windows environment?
A. It is available only on a single Android smartphone at a time.
B. It cannot be used for remote management.
C. It requires a virtual smartcard reader.
D. It is available only on a host with TPM.
32. A user account lockout configuration helps mitigate which type of attack?
A. Denial of service
B. Ransomware
C. Phishing
D. Brute-force password attacks
QUICK ANSWER KEY
1. A
2. D
3. C
4. C
5. B, C
6. C
7. D
8. A
9. C
10. C
11. D
12. C, D
13. D
14. B
15. B
16. A
17. C
18. C
19. B
20. D
21. A
22. D
23. B
24. A
25. B, C
26. A, C
27. C
28. A, B
29. D
30. D
31. D
32. D
IN-DEPTH ANSWERS
1. A. Identity providers (IdPs) contain user accounts and perform authentication, and along with federated identify environments, they will generate a security token that may contain assertions (claims) about the user such as date of birth, department, and so on. The security token is then digitally signed by the IdP with its private key. Applications that trust the IdP signature (using the IdP public key) accept tokens and allow user access.
B, C, and D are incorrect. Resource providers accept security tokens from trusted IdPs and allow access, such as to a web application. Upon successful authentication, the Open Authorization (OAuth) protocol uses a token (and not the original credentials) that represents an authenticated user or device to grant resource access, such as to a web application. The Security Assertion Markup Language (SAML) standard is used to transmit authentication and authorization messages between users, IdPs, and resource providers that trust the IdPs.
2. D. The SAML standard is used to transmit authentication and authorization messages between users, IdPs, and resource providers. IdPs digitally sign security tokens, which can contain claims, or assertions, about a user or device, such as a date of birth, cost center, subnet address range, and so on. Claims are often derived from user or device attributes stored with the user or device account.
A, B, and C are incorrect. Resource providers accept security tokens from trusted IdPs and allow access, such as to a web application. IdPs in a federated identity configuration run as a security token service (STS), which digitally signs tokens upon successful user or device authentication; the token is then used to grant resource access. A Public Key Infrastructure (PKI) certificate is a security certificate that can be stored in a file, a network directory service, or a smartcard. It uniquely identifies a subject such as a device or user.
3. C. User accounts contain many attributes (properties) such as manager name, group membership, last login time, city, and so on. These attributes can be compared to conditional access policies to allow or block file system access.
A, B, and D are incorrect. Role-based access control (RBAC) assigns permissions to a role, such as “Virtual Machine Manager,” and users assigned to that role inherit the role permissions. Discretionary access control (DAC) places control of permissions assignments in the hands of the data custodian (the person responsible for managing data). Time-based access control uses policies to allow or deny resource access based on the date and time.
4. C. A smartcard (something you have) is the size of a credit card and is commonly used for authenticating to IT systems. Smartcards can be used for other applications such as building access or as a credit card. Modern credit cards contain an embedded microprocessor that can perform cryptographic operations. Using a smartcard normally requires entering a PIN (something you know).
A, B, and D are incorrect. The listed items are examples of single-factor authentication (something you know, something you have). Multifactor authentication must use two or more authentication categories such as something you have (smartcard) and something you know (PIN).
5. B and C. SSH public key authentication uses a public and private key pair for each user that will authenticate to the Linux host. The public key is stored in the user’s home directory in a hidden directory named .ssh (the leading dot in Linux means the file or directory is hidden). The private key is stored on the user management device and should be protected with a passphrase. When users authenticate to the Linux host, they must know the username and the passphrase for the private key.
A and D are incorrect. The public key is not stored with the user; it is stored on the Linux host. The private key is stored on the device the user will use to remotely manage the Linux host via SSH.
6. C. With SSH public key authentication, the private key is stored on the user management device. Standard security best practices dictate that private key files must be protected with a passphrase. Users are being prompted for the private key passphrase, not their user account password.
A, B, and D are incorrect. SSH is not configured incorrectly on the client or server since the user is being prompted for a private key passphrase (not a public key passphrase).
7. D. Geofencing uses device location tracking to present mobile device users with a message when they are within a specific geographic boundary.
A, B, and C are incorrect. Geotagging is used to provide detailed location information metadata to files such as photos. Geolocation uses methods such as GPS or IP addressing to determine the location of a device. The global positioning system (GPS) uses a network of satellites orbiting the Earth to track device locations using longitude and latitude coordinates.
8. A. Geotagging is used to provide detailed location information metadata to files such as photos or social media posts.
B, C, and D are incorrect. Geolocation uses methods such as GPS or IP addressing to determine the location of a device. GPS uses a network of satellites orbiting the Earth to track device locations using longitude and latitude coordinates. Geofencing uses device location tracking to present mobile device users with message when they are within a specific geographic boundary.
9. C. Configuring password history for user accounts prevents users from reusing passwords; this option can be configured according to how many passwords should be remembered.
A, B, and D are incorrect. These options will not prevent the use of old passwords. Requiring complex passwords makes it more difficult for malicious users to break into user accounts using dictionary attacks, for example. Configuring user account lockout temporarily locks (and does not permanently disable) an account after a configured number of successive failed login attempts takes place during a specific timeframe and helps mitigate against brute-force password attacks. Time-based login allows user login only during specified days and times, and user activity can be tracked through user account auditing.
10. C. Deterrent controls such as device login messages are designed to deter or discourage illegal or malicious behaviors.
A, B, and D are incorrect. Detective controls are designed to identify security incidents such as identifying suspicious activity through log analysis. Corrective controls take active steps to contain or block suspicious activity, such as a security appliance blocking IP addresses from which excessive network traffic originates. Compensating controls are used when a preferred security control cannot be implemented because it is impractical or prohibitively expensive; compensating controls must
Extracted
Ransom Note
Chapter 14
Physical Security
CERTIFICATION OBJECTIVES
14.01 Monitoring, alarms, and sensors
14.02 Door locking mechanisms
14.03 Computing equipment and environmental factors
14.04 Secure storage media disposal
QUESTIONS
Security breaches can be perpetrated remotely across a network or physically on the premises. The effects of physical security, such as barricades, locks, and guards, must not be underestimated.
Many security breaches today are the result of poor physical security, including sensitive data stored on unencrypted storage media and the unsecure disposal of decommissioned computer equipment.
1. What can be done to protect switches and routers from physical security vulnerabilities? (Choose two.)
A. Use a cable lock.
B. Use SSH instead of Telnet.
C. Set a strong console port password.
D. Disable unused ports.
2. What can limit the data emanation from electromagnetic radio frequencies?
A. Faraday cage
B. Antistatic wrist strap
C. ESD mat
D. ESD boots
3. What methods are most commonly used by physical security teams to verify whether somebody is authorized to access a facility? (Choose two.)
A. Employee ID badge
B. Username and password
C. Access list
D. Smartcard
4. While reviewing facility entry points, you decide to replace existing doors with ones that will stay locked during power outages. Which term best describes this feature?
A. Fail-secure
B. Fault-tolerant
C. Fail-safe
D. UPS
5. A data center IT director requires the ability to analyze facility physical security breaches after they have occurred. Which of the following present the best solutions? (Choose two.)
A. Motion sensor logs
B. Laser security system
C. Access control vestibule
D. Software video surveillance system
6. Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)
A. Access control vestibule
B. Hardware lock
C. Fingerprint scan
D. Smartcard with PIN
7. Your company has moved to a new location where a server room is being built. The server room currently has a water sprinkler system in case of fire. Regarding fire suppression, what should you suggest?
A. Keep the existing water sprinkler system.
B. Purchase a smoke-detection, waterless fire suppression system.
C. Keep the existing water sprinkler system and install a raised floor.
D. Place a fire extinguisher in the server room.
8. A data center administrator uses thermal imaging to identify hot spots in a large data center. She then arranges rows of rack-mounted servers such that cool air is directed to server fan inlets and hot air is exhausted out of the building. Which of the following terms best defines this scenario?
A. HVAC
B. Form factoring
C. Hot and cold aisles
D. Data center breathing
9. Which access control method electronically logs entry into a facility?
A. Picture ID card
B. Security guard and log book
C. IPSec
D. Proximity card
10. You are consulting with a client regarding a new facility. Access to the building must be restricted only to those who know an access code. What might you suggest?
A. Cipher lock
B. Deadbolt lock
C. Store the code in a safe
D. Biometric authentication
11. Over the last month, you have added new rack-mount servers in your server room, and servers have begun mysteriously shutting down for no apparent reason. Servers restart normally only to shut down again eventually. Servers are fully patched, and virus scanners are up to date. Which of the following is the most likely reason for these failures?
A. The server room temperature is too hot.
B. The server room temperature is too cool.
C. The servers are infected with a virus.
D. The server operating systems contain programming flaws.
12. What should be done in facility parking lots to ensure employee safety?
A. Install a barricade.
B. Install proper lighting.
C. Install an exit sign.
D. Install a first-aid kit.
13. Which type of threat is mitigated by shredding paper documents?
A. Rootkit
B. Spyware
C. Shoulder surfing
D. Physical
14. You are writing code for a custom mobile device app, and for security reasons, you want to prevent tampering and the ability of others to read the code. Which technique will accomplish the requirement?
A. Obfuscation
B. Encryption
C. Hashing
D. Air gapping
15. Which of the following represent valid storage media destruction techniques? (Choose two.)
A. Air gapping
B. Shredding
C. Burning
D. Pulping
16. You are responsible for acquiring new laptop computers for employees in a branch office. What should you do to prevent sensitive data retrieval from discarded storage media used by the old laptops? (Choose two.)
A. Pulverizing
B. Degaussing
C. Air gapping
D. Reformatting of the old laptop hard disks
17. Currently, employees use a text file to store usernames and passwords they need to authenticate to a variety of web sites. You need to address this issue with a secure solution. What should you implement?
A. HTTPS
B. PKI
C. Air gap
D. Password vault
18. A private company conducting top-secret research for the military has headquarters in a rural location, with multiple buildings spread across a 30-acre property. Which solutions should be put in place to monitor and secure the property? (Choose two).
A. DMZ
B. Air gap
C. Fencing
D. Drones
19. In Figure 14-1, match the terms on the left with the descriptions on the right. Note that not all terms on the left have a matching description on the right.
FIGURE 14-1
Physical security terms and definitions
20. Computers in your organization’s finance department are equipped with a TPM chip, and TPM-enabled full disk encryption of all disks attached to each computer has been enabled. How does this configuration mitigate physical security threats?
A. The contents of stolen encrypted disks are read-only.
B. When removed from the TPM-enabled device, the disks’ contents are securely deleted.
C. The stolen disks cannot be placed in Faraday cages.
D. The contents of stolen encrypted disks are inaccessible.
21. Which class of fire extinguisher should be used to extinguish fires related to electrical equipment?
A. Class A
B. Class B
C. Class C
D. Class D
22. A top-secret local network must not allow connectivity from any other network. What can be done to address this security concern?
A. Deploy a NAT router at the network perimeter.
B. Configure a screened subnet.
C. Configure ACL rules to block traffic on the network perimeter router.
D. Air gap the network.
23. Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this change?
A. Hoaxes
B. Tailgating
C. Dumpster diving
D. Shoulder surfing
24. Your manager has implemented a policy that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?
A. Tailgating
B. Denial of service
C. Social engineering
D. Dumpster diving
25. Trinity uses her building access card to enter a work facility after hours. She has access to only the second floor. What is this an example of?
A. Authorization
B. Authentication
C. Accountability
D. Confidentiality
26. You are installing an IP-based CCTV surveillance system throughout your company’s facilities. What should you do to harden the CCTV environment? (Choose two).
A. Change default credentials.
B. Place CCTV equipment on an air-gapped network.
C. Configure a hot aisle.
D. Configure a cold aisle.
27. Which technology enables security robot sentries to interpret their environments to make security decisions?
A. Faraday cages
B. Degaussing
C. Air gapping
D. Artificial intelligence
28. You are planning the network cable distribution for one floor of your office building. What should you do to minimize the risk of wiretaps reading network transmissions?
A. Deploy Network Access Control switches.
B. Deploy twisted-pair copper wiring.
C. Deploy IPSec.
D. Deploy fiber-optic cabling.
29. After reviewing facility access logs, you notice that two on-duty security guards worked together to allow late-night building access to thieves. Which term best describes this situation?
A. Collusion
B. Access control vestibule
C. Degaussing
D. Shredding
30. Which solution prevents malware infections through charging mobile devices?
A. Air gapping
B. USB data blocker
C. Degaussing
D. Faraday cage
31. What is being depicted in Figure 14-2?
A. Hot aisle
B. Air gap
C. Cold aisle
D. Degaussing
FIGURE 14-2
Data center layout
32. Degaussing is a secure disposal mechanism that applies to _________________.
A. Faraday cages
B. Paper documents
C. Hard disks
D. Solid state drives
QUICK ANSWER KEY
1. C, D
2. A
3. A, C
4. A
5. A, D
6. A, B
7. B
8. C
9. D
10. A
11. A
12. B
13. D
14. A
15. B, C
16. A, B
17. D
18. C, D
19. See “In-Depth Answers.”
20. D
21. C
22. D
23. D
24. D
25. A
26. A, B
27. D
28. D
29. A
30. B
31. C
32. C
IN-DEPTH ANSWERS
1. C and D. A console port enables a local user to plug a cable into the router or switch to administer the device locally, so a strong password is recommended. Disabling unused switch ports and router interfaces prevents unauthorized people from plugging devices into those ports and gaining access to the device or the network.
A and B are incorrect. Cable locks are used to secure devices such as laptops or projection units and not switches and routers, which should be in locked server rooms or locked data center equipment racks. Secure Shell (SSH) is an encrypted remote command-line administrative tool. Telnet passes data across the network in clear text.
2. A. Data emanation results from the electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data. Faraday cages are used to enclose electronic equipment to prevent data emanation and to protect components from external static charges.
B, C, and D are incorrect. The listed items are designed to put the user and the equipment at equal electrical charge to prevent the flow of electrons from causing personal injury and equipment damage, but they do not prevent data emanation.
3. A and C. An employee ID badge enables physical verification that somebody is allowed to access a building. An access list defines who is allowed to access a facility or office space and should be consulted by reception when anyone arrives.
B and D are incorrect. Username and password can authenticate a user to a computer system, as can a smartcard, but these do not get verified by a security guard. Smartcards contain an embedded microchip. The user enters a PIN in conjunction with using his or her smartcard, which constitutes multifactor authentication.
4. A. Fail-secure systems ensure that a component failure (such as a power source) will not compromise security; in this case, the doors will stay locked.
B, C, and D are incorrect. Fault tolerance (also referred to as fail-safe) ensures that a system can continue functioning despite a failure of some type. For example, a server may spread file and error recovery data across multiple disks in a RAID 5 disk configuration. In the event of a disk failure, data can be reconstructed from the remaining disks. An uninterruptible power supply (UPS) provides temporary power to devices when a power outage occurs.
5. A and D. Motion sensor logs can track a perpetrator’s position more accurately than most video surveillance camera systems; however, closed-circuit television (CCTV) software video surveillance system footage can be played back and used to physically identify unauthorized people. To conserve disk space, most solutions record only when there is motion.
B and C are incorrect. Laser security systems rely on laser beams being interrupted and do not work well with detailed analysis after the fact. Access control vestibule are small rooms controlling access to a building, where the first door must be closed before the second one will open. They offer little in terms of post-analysis.
6. A and B. Access control vestibule are designed to prevent tailgating and gaining access to a restricted area. Some access control vestibule variations use two sets of doors, one of which must close before the second one opens. Traditional access control vestibule do not require access cards. Hardware locks simply require possession of a key, although proper physical key management is necessary to track key issuance and return. Neither reveals a person’s identity.
C and D are incorrect. Fingerprints identify the user via biometric authentication. Doors can also be equipped with biometric locks. Smartcard authentication identifies the user through a unique code or Public Key Infrastructure (PKI) certificate contained within the smartcard. In this case, whoever is in possession of the smartcard must also know the PIN to use it.
7. B. Assuming local building codes allow waterless fire suppression systems, you should suggest these be used, because they will not damage or corrode computer systems or components like water will.
A, C, and D are incorrect. Water sprinkler systems will damage or destroy computer equipment and data and should be avoided when possible. While important, placing a Class C fire extinguisher in the server room to mitigate electrical fires is not the only thing you should recommend; water damage devastates computer systems.
8. C. In a data center, cold aisles optimize cold airflow to equipment intake fans, while hot aisles optimize hot air equipment exhaust flow by directing it away from equipment to the outside. Cool air is often fed under raised floors with perforated vents to feed equipment. Panels are installed between equipment racks to keep the cool and warm air from mixing, resulting in greater cooling efficiency.
A, B, and D are incorrect. Heating, ventilation, and air conditioning (HVAC) systems are generally in place to control for airflow and environmental controls within a room or building. Form factoring and data center breathing are fictitious terms.
9. D. Proximity cards must be positioned within a few centimeters of the reader to register the card and either allow or deny access to a facility. All access is logged electronically without the need of a physical log book or security guard.
A, B, and C are incorrect. Picture ID cards identify people but don’t relate to electronic log entry. Security guards also do not log facility access electronically. IP Security (IPSec) is a mechanism by which packets are authenticated and encrypted; there is no correlation to physical site security.
10. A. Cipher locks are electronic keypads that enable authorized people to enter an access code to gain access to a room or a building. All the user needs to know is the access code; no physical card is required.
B, C, and D are incorrect. The listed items do not meet the client requirement of users knowing an access code. A deadbolt lock requires possession of a key. Although storing sensitive paper documents in a safe is recommended, it is not required for a cipher lock, which requires an access code. Biometric authentication methods such as a unique fingerprint do not require knowledge of an access code.
11. A. A hot server room is most likely the problem since new equipment has been added, which adds to the room temperature. An HVAC technician should be consulted, which could result in the implementation of hot and cold aisles if necessary.
B, C, and D are incorrect. The listed items are not likely responsible for servers shutting down, since servers are patched and the problem began after adding new equipment to the server room.
12. B. Proper lighting in parking lots reduces the likelihood of attacks or muggings perpetrated against employees.
A, C, and D are incorrect. Installing a barricade such as bollards in front of or around a building could prevent damage from vehicles, but it does not ensure employee safety in parking lots. Signage, such as exit signs, helps ensure user safety, along with valid escape routes and regular fire drills. Unless this is an interior parking lot, exit signs would not be needed. A first-aid kit is not standard practice for parking lot safety.
13. D. Shredding documents prevents physical threats such as theft of those documents or acquiring information from them.
A, B, and C are incorrect. Rootkits hide themselves from the OS whil
Extracted
Ransom Note
Chapter 18
Disaster Recovery and Business Continuity
CERTIFICATION OBJECTIVES
18.01 Introduction to Disaster Recovery and Business Continuity
18.02 Backing Up and Restoring Data
18.03 Implementing Fault Tolerance
18.04 Understanding High Availability
QUESTIONS
Unfavorable circumstances can temporarily or permanently cripple a business both financially and through reputational damage. A disaster recovery plan attempts to minimize the impact that these circumstances, whether caused by nature or by humans, have on a business. The plan should include incident assessment, and it should specify who performs which tasks under specific circumstances.
1. In the event of a server hard disk failure, you have been asked to configure server hard disks as depicted in Figure 18-1. What type of disk configuration is this?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 5+1
FIGURE 18-1
Hard disk configuration
2. A team leader assigns a server administrator the task of determining the business and financial effects that a failed e-mail server would have if it was down for two hours. What type of analysis must the server administrator perform?
A. Critical systems and components identification
B. Business impact analysis
C. Security audit
D. Risk assessment
3. An airline company has hired you to ensure that its customer reservation system is always online. The software runs and stores data locally on the Linux operating system. What should you do?
A. Install two Linux servers in a cluster. Cluster the airline software, with its data being written to shared storage.
B. Install a new Linux server. Ensure that the airline software runs from the first server. Schedule airline data to replicate to the new Linux server nightly.
C. Configure the Linux server with RAID 5.
D. Configure the Linux server with RAID 1.
4. A busy clustered web site regularly experiences congested network traffic. You must improve the web site response time. What should you implement?
A. Ethernet switch
B. Network load balancing
C. Fibre Channel switch
D. Proxy server
5. Your primary e-mail server uses three hot-swappable hard disks in a RAID 5 configuration. When one disk fails, other disks are readily available in the server room, which you can simply plug in while the server is still running. Which term best describes this scenario?
A. Disk clustering
B. Hardware fault tolerance
C. Disk striping
D. Disk mirroring
6. Your server tape backup routine consists of a full backup each Friday night and a nightly backup of all data changed since Friday’s backup. What type of backup schedule is this?
A. Full
B. Full and incremental
C. Full and differential
D. Disk snapshot
7. You are a network engineer for a San Francisco law firm. After the 1989 earthquake, an emphasis on continued business operation after future earthquakes dominated in the San Francisco business community. What type of plan focuses on ensuring that personnel, customers, and IT systems are minimally affected after a disaster?
A. Risk management
B. Fault tolerant
C. Disaster recovery
D. Business continuity
8. A server is configured with three hard disks as shown in Figure 18-2. What type of configuration is this?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 5+1
FIGURE 18-2
Hard disk configuration
9. Windows Server backups are scheduled as follows: full backups on Saturdays at 3 A.M . and incremental backups weeknights at 9 P.M . Write verification has been enabled. Backup tapes are stored off site at a third-party backup vendor location. What should be done to ensure the integrity and confidentially of the backups? (Choose two.)
A. Have a different person than the backup operator analyze each day’s backup logs.
B. Ensure the user performing the backup is a member of the Administrators group.
C. Encrypt the backup media.
D. Use SSL to encrypt the backup media.
10. You are an IT network architect. Your firm has been hired to perform a network security audit for a shipping company. One of the company’s warehouses has a server room containing one Windows server and two Linux servers. After interviewing the server administrators, you learn they have no idea what to do if the Linux servers cease to function. What is needed here?
A. Disaster recovery plan
B. Risk analysis
C. Windows servers
D. Server clustering
11. Which items should be considered when ensuring high availability for an e-commerce web site? (Choose two.)
A. Use TPM to encrypt server hard disks.
B. Use redundant Internet links.
C. Use network load balancing.
D. Upgrade the server CMOS to the latest version.
12. Which of the following are the most closely related to creating a disaster recovery plan? (Choose three.)
A. Determining which class of IP addresses are in use
B. Ranking risks
C. Disabling unused switch ports
D. Assigning recovery tasks to personnel
E. Establishing an alternate location to continue business operations
13. What should be used to make informed decisions regarding your specific disaster recovery plan?
A. DRP template freely downloaded from a web site
B. ROI analysis
C. TCO analysis
D. Business impact analysis
14. Identify the disaster recovery plan errors. (Choose two.)
A. Perform a business impact analysis first.
B. Base your DRP on an unchanged downloaded template.
C. Data backups are never tested; it costs the company too much money.
D. Keep existing backup solutions in place even though the software is two versions out of date.
15. You are creating a DRP for a small, independent car dealership. There are four employees who each use a desktop computer; there are no servers. All company data is stored on the four computers. A single high-speed DSL link is shared by all users. What are the best DRP solutions? (Choose two.)
A. Store data in the cloud instead of locally.
B. Ensure that employees know exactly what to do in the event of a disaster.
C. Purchase faster desktops.
D. Purchase a file server.
16. Your senior network administrator has decided that the five physical servers at your location will be virtualized and run on a single physical host. The five virtual guests are mission-critical and will use the physical hard disks in the physical host. The physical host has the hard disks configured with RAID 1. Identify the flaw in this plan.
A. The physical server should be using RAID 5.
B. The physical hard disks must not reside in the physical host.
C. You cannot run five virtual machines on a physical host simultaneously.
D. The physical host is a single point of failure.
17. Your company is virtualizing DNS, DHCP, web, and e-mail servers at your location. Each of the four virtual machines will be spread out across two physical hosts. Virtual machines are using virtual hard disks, and these files exist on a SAN. Choose the best virtual machine backup strategy that will enable the quickest granular restore.
A. Back up the virtual machine hard disks at the SAN level.
B. Install a backup agent in each virtual machine and perform backups normally.
C. Duplicate your SAN disk array so that backups are not necessary.
D. Run all four virtual machines on the same physical host to be backed up.
18. To ensure confidentiality, what should you do when storing server backup disks off site?
A. Encrypt backed up data.
B. Generate file hashes for each backed up file.
C. Place backup tapes in static shielding bags.
D. Never store backup disks off site.
19. You are the administrator for a recently patched virtual Windows Server running Active Directory Domain Services (AD DS). Recently the server has been randomly rebooting and now cannot boot at all. What should you do?
A. Run Windows update.
B. Format the hard disk, reinstall the server, and restore from tape.
C. Refer to your DRP.
D. Refer to your BCP.
20. You are the network administrator for a small IT consulting firm. All servers are located at the single site. Employees use a web browser to access their e-mail accounts. After testing the DRP and receiving management approval, you e-mail a copy to all employees for their reference in the event of a disaster. Identify the problem.
A. The e-mail should have been encrypted.
B. The e-mail should have been digitally signed.
C. Only executives should have received the message.
D. The mail server may not be available in the event of a disaster.
21. You are the network administrator for a small IT consulting firm. All servers are hosted externally in the public cloud. After analyzing threats, creating a DRP, and receiving management approval, you e-mail a copy to all employees for their reference in the event of a disaster. Identify the most serious problem.
A. The e-mail should have been encrypted.
B. The DRP was not tested.
C. The e-mail should have been digitally signed.
D. Only executives should have received the message.
22. Which of the following regarding disaster recovery are true? (Choose two.)
A. Once the plan is complete, to save time it need never be revisited.
B. Once the plan is complete, it must have management approval.
C. The plan must evolve with the business.
D. The plan should include only IT systems.
23. Using Figure 18-3, match the descriptions on the left to the corresponding terms on the right.
FIGURE 18-3
Disaster recovery and business continuity terminology
24. You are a web site administrator. You need to minimize web site downtime in the event of a disaster or security compromise. Which of the following terms best describes the reliability of hard disks?
A. MTBF
B. MTTF
C. MTTR
D. RPO
25. As the IT director, you are comparing public cloud providers. Your company will no longer house on-premises mail or application servers. Which factors under your control must you consider to ensure that e-mail and applications are always available to users?
A. Updates applied to cloud provider hypervisors
B. Redundant network links
C. RAID level used on cloud provider servers
D. MTTF for cloud provider server hard disks
26. Using Figure 18-4, match the definitions on the left with the correct terms on the right.
FIGURE 18-4
Business impact terminology
27. You have configured your enterprise cloud storage so that it continuously replicates to a cloud provider data center in a different region. Replication to the secondary region occurs only after data is written to the primary storage. Which term best describes this resilience configuration?
A. Synchronous replication
B. Geographic service dispersal
C. Dedicated circuit
D. Load balancing
28. Which storage area network term describes a host using more than one physical path to gain access to shared network storage?
A. Multipathing
B. App load balancing
C. RAID 0
D. RAID 1
29. Which configuration provides network traffic load balancing?
A. Multipath
B. UPS
C. NIC teaming
D. PDU
30. Your Windows server will no longer boot the operating system. No recent updates or configuration changes have been applied. What should you do first to attempt to resolve the problem?
A. Revert to the last known good configuration.
B. Reinstall the operating system.
C. Boot from a Windows Server live media disk and attempt to repair the installation.
D. Apply a corporate operating system image.
31. Your IT security team has worked with executive management to determine that a company e-commerce web site must never remain down for more than two hours. To which disaster recovery term does this apply?
A. RPO
B. RTO
C. MTTR
D. MTBF
32. You company backs up on-premises data using a tape backup system that also replicates backup data to the cloud. You need to back data up daily while minimizing backup storage capacity on local backup tapes. What should you do?
A. Configure daily full backups.
B. Configure weekly full backups with daily differential backups.
C. Configure weekly incremental backups.
D. Configure daily incremental backups.
QUICK ANSWER KEY
1. B
2. B
3. A
4. B
5. B
6. C
7. D
8. C
9. A, C
10. A
11. B, C
12. B, D, E
13. D
14. B, C
15. A, B
16. D
17. B
18. A
19. C
20. D
21. B
22. B, C
23. See “In-Depth Answers.”
24. C
25. B
26. See “In-Depth Answers.”
27. B
28. A
29. C
30. C
31. B
32. D
IN-DEPTH ANSWERS
1. B. Redundant array of independent disks (RAID) level 1 refers to disk mirroring. Data is written to one disk and duplicated on the second disk. In the event of a single disk failure, the other disk can take over.
A, C, and D are incorrect. RAID 0 involves striping data across multiple disks to increase performance, but there is no fault tolerance since a single disk failure would result in the loss of all data. RAID 5 stripes data across disks (minimum of three disks) but distributes parity (recovery) data on disks so that a single disk failure means data can still be reconstructed. RAID 5+1 is a mirrored RAID 5 array.
2. B. A business impact analysis (BIA), also referred to as a business impact assessment, identifies the effect unwanted events have on the operation of a business.
A, C, and D are incorrect. Identifying mission-critical systems and components (also referred to as mission-essential) is part of determining assets and their worth when performing a risk analysis. A security audit tests how effective security policy implementation is for safeguarding corporate assets. Risk assessments identify assets and their related threats and potential losses; these can be used to create security policies and are an integral part of the overall BIA.
3. A. Clustering software between two servers will enable the customer reservation system to function even if one server fails, because the data is not stored within a single server; it exists on shared storage that both cluster nodes can access. When a cluster node (server) fails, the application fails over to a running cluster node (server).
B, C, and D are incorrect. Scheduling nightly data replication does not ensure that the airline software is always online. Most cloud providers allow cloud-stored data to be replicated between locations separated by long distances. This prevents data loss or downtime resulting from a regional disaster. RAID 1 (mirroring) and RAID 5 (striping with distributed parity) are useless if the server fails.
4. B. Network load balancing (NLB) can distribute network traffic to multiple servers hosting the same content to improve performance. In the cloud, load balancers can use autoscaling to add or remove virtual machines in response to application demand.
A, C, and D are incorrect. Most networks already use Ethernet switches, but that has no effect on web site response time. Fibre Channel switches are used in a storage area network (SAN) environment, not local area networks (LANs) or wide area networks (WANs). A proxy server retrieves Internet content for clients and then optionally caches it for later requests; it would not improve performance here.
5. B. With hardware fault tolerance, a hardware component can fail without completely impeding data access. A single disk failure in a RAID 5 configuration means the failed disk can be hot-swapped with a functional disk. Because RAID 5 stripes data across disks in the array and parity is distributed across disks, user requests for data can be reconstructed dynamically in RAM until the data is reconstructed on the replaced disk.
A, C, and D are incorrect. Disk clustering is a generic term that does not describe the scenario in detail. Disk striping (RAID 0) offers no fault tolerance, only performance increases by writing data segments across a group of disks. Disk mirroring (RAID 1) is not applicable since the question states RAID 5 is in use.
6. C. Differential backups will archive data that has changed since the last full backup. Restoring data means first restoring the full backup and then the latest differential. A full backup, when not used with differential backups, is also called a copy backup.
A, B, and D are incorrect. Incremental backups archive data changed since the last incremental backup. Disk snapshots are point-in-time copies of the contents of a disk that enable the restoration of either the entire disk or specific files or folders. Some disk snapshot solutions store pointers of unchanged data to parent snapshots while changed data is stored in its entirety within the new snapshot. Storing an entire disk’s state at a point in time is achieved by creating a disk image.
7. D. Business continuity is considered the key goal to which disaster recovery plays a part. Disaster recovery (DR) normally involves implementing step
Extracted
Ransom Note
Chapter 21
Incident Response and Computer Forensics
CERTIFICATION OBJECTIVES
21.01 Working with Evidence
21.02 Collecting Digital Evidence
21.03 Looking at Incident Response
QUESTIONS
All electronic devices we use daily, from our cars and cell phones, to laptops and personal computers, leave digital footprints. Computer forensics refers to the documentation, acquisition, and preservation of this digital data for use as evidence. It’s vitally important that you ensure that the proper steps are taken to respond to security incidents and to perform data acquisition legally.
Incident preparation activities such as periodic drills, incident simulations and walkthroughs, and tabletop exercises ensure that team members are familiar with their roles and the appropriate response actions that must be taken.
1. What must be determined by the first responder to an incident?
A. The severity of the event
B. Which other personnel must be called in
C. The dollar amount associated with the incident
D. Who is at fault
2. After seizing computer equipment alleged to have been involved in a crime, it is placed in a corridor unattended for ten minutes while officers subdue a violent suspect. The seized equipment is no longer admissible as evidence because of what violation?
A. Order of volatility
B. Damage control
C. Chain of custody
D. Time offset
3. A warrant has been issued to investigate a server believed to be used by organized crime to swap credit card information. Following the order of volatility, which data should you collect first?
A. Electronic memory (RAM)
B. Hard disk
C. USB flash drive
D. CMOS
4. While capturing network traffic, you notice an abnormally excessive number of outbound SMTP packets. To determine whether this is an incident that requires escalation or reporting, what else should you consult?
A. The contents of your inbox
B. The mail server log
C. The mail server documentation
D. The web server log
5. You decide to work late on a Saturday night to replace wiring in your server room. Upon arriving, you realize that a break-in has occurred and server backup tapes appear to be missing. What should you do as law enforcement officials arrive?
A. Clean up the server room.
B. Sketch a picture of the area that was illegally entered on a notepad.
C. Alert officials that the surveillance video is on the premises.
D. Check the surrounding area for the perpetrator.
6. Which of the following best visually illustrates the state of a running computer at the time it was seized by law enforcement?
A. Digital photograph of the motherboard
B. Digital photograph of the screen
C. Visio network diagram
D. Steganography
7. Choose the correct order of volatility when collecting digital evidence:
A. Hard disk, DVD-R, RAM, swap file
B. Swap file, RAM, DVD-R, hard disk
C. RAM, DVD-R, swap file, hard disk
D. RAM, swap file, hard disk, DVD-R
8. What can a forensic analyst do to reduce the number of files that must be analyzed on a seized disk?
A. Write a Visual Basic script that deletes files older than 30 days.
B. Delete files thought to be operating system files.
C. Ensure that the original disk is pristine and use a hash table on a copy of the files.
D. Modify file metadata on the original disk to label files.
9. A professional who is present at the time of evidence gathering can be summoned to appear in court or to prepare a report on her findings for use in court. This person referred to as what?
A. Plaintiff
B. Defendant
C. Auditor
D. Forensic expert witness
10. Which of the following best describes chain of custody?
A. Delegating evidence collection to your superior
B. Preserving, protecting, and documenting evidence
C. Capturing a system image to another disk
D. Capturing memory contents before hard disk contents
11. While working on an insider trading case, you are asked to prove that an e-mail message is authentic and was sent to another employee. Which of the following should you consider? (Choose two.)
A. Was the message encrypted?
B. Was the message digitally signed?
C. Are user public keys properly protected?
D. Are user private keys properly protected?
12. What type of evidence would be the most difficult for a perpetrator to forge?
A. IP address
B. MAC address
C. Cell phone SIM card
D. Documents on a USB flash drive
13. What is the purpose of disk forensic software? (Choose two.)
A. Using file encryption to ensure copied data mirrors original data
B. Using file hashes to ensure copied data mirrors original data
C. Protecting data on the original disks
D. Creating file hashes on the original disks
14. You are preparing to gather evidence from a cell phone. Which of the following is false?
A. CDMA mobile devices do not use SIM cards.
B. CDMA phones store user data directly on the mobile device.
C. GSM mobile devices do not use SIM cards.
D. GSM mobile devices use SIM cards.
15. You must analyze data on a digital camera’s internal memory. You plan to connect your forensic computer to the camera using a USB cable. What should you do to ensure that you do not modify data on the camera?
A. Ensure that the camera is turned off.
B. Flag all files on the camera as read-only.
C. Log in with a non-administrative account on the forensic computer.
D. Use a USB write-blocking device.
16. What can be used to ensure that seized mobile wireless devices do not communicate with other devices?
A. SIM card
B. Faraday bag
C. Antistatic bag
D. GPS jammer
17. Robin works as a network technician at a stock brokerage firm. To test network forensic capturing software, she plugs her laptop into an Ethernet switch and begins capturing network traffic. During later analysis, she notices some broadcast and multicast packets as well as her own computer’s network traffic. Why was she unable to capture all network traffic on the switch?
A. She must enable promiscuous mode on her NIC.
B. She must disable promiscuous mode on her NIC.
C. Each switch port is an isolated collision domain.
D. Each switch port is an isolated broadcast domain.
18. A network intrusion detection device captures network traffic during the commission of a crime on a network. You notice NTP and TCP packets from all network hosts in the capture. You must find a way to correlate captured packets to a date and time to ensure the packet captures will be considered admissible as evidence. What should you do? (Choose two.)
A. Nothing. NTP keeps time in sync on a network.
B. Nothing. Packet captures are time stamped.
C. Without digital signatures, date and time cannot be authenticated.
D. Without encryption, date and time cannot be authenticated.
19. You arrive at a scene where a computer must be seized as evidence. The computer is powered off and has an external USB hard drive plugged in. What should you do first?
A. Turn on the computer.
B. Unplug the external USB hard drive.
C. Thoroughly document the state of the equipment.
D. Place the computer in a Faraday bag.
20. You are asked to examine a hard disk for fragments of instant messaging conversations as well as deleted files. How should you do this?
A. Use bitstream copying tools.
B. Log in to the computer and copy the original hard drive contents to an external USB hard drive.
C. Map a drive across the network to the original hard drive and copy the contents to an external USB hard drive.
D. View log files.
21. How can a forensic analyst benefit from analyzing metadata? (Choose three.)
A. JPEG metadata can reveal specific camera settings.
B. Microsoft Word metadata can reveal the author name.
C. Microsoft Excel metadata can reveal your MAC address.
D. PDF metadata can reveal the registered company name.
22. Which of the following rules must be followed when performing forensic analysis? (Choose two.)
A. Work only with the original, authentic data.
B. Work only with a copy of data.
C. Seek legal permission to conduct an analysis.
D. Seek your manager’s permission to conduct an analysis.
23. The IT director is creating the following year’s budget. You are asked to submit forensics dollar figures for your Cloud Security Incident Response Team (CSIRT). Which item should you not submit?
A. Travel expenses
B. Man-hour expenses
C. Training expenses
D. ALE amounts
24. At 9:30 a.m., users report that network performance has been severely degraded since the workday began at 8 a.m. After network analysis and a quick discussion with your IT security team, you conclude that a worm virus has infected your network. What should you do to contain the damage? (Choose two.)
A. Determine the severity of the security breach.
B. Unplug SAN devices.
C. Shut down all servers.
D. Shut down Ethernet switches.
25. A suspect deletes incriminating files and empties the Windows recycle bin. Which of the following statements are true regarding the deletion? (Choose two.)
A. The files cannot be recovered.
B. The files can be recovered.
C. Deleted files contain all of their original data until the hard disk is filled with other data.
D. Deleted files contain all of their original data until the hard disk is defragmented.
26. Using Figure 21-1, match the incident response definitions on the left to the terms on the right.
FIGURE 21-1
Incident response definitions and terms
27. Which built-in Linux operating system tool can be used to create an exact copy of a disk volume for forensic analysis?
A. memdump
B. dd
C. WinHex
D. Autopsy
28. You are reviewing existing network security controls and need to get up to speed on current lateral movement attacks commonly used by malicious users. What should you consult?
A. Diamond model
B. Cyber kill chain
C. Mitre Att&ck
D. COOP
29. Which of the following items can enforce the RTO for a failed server?
A. Disaster recovery plan
B. Communication plan
C. Stakeholder management
D. COOP
30. You need to review log files to determine whether network reconnaissance to learn of hostnames and IP addresses has occurred. Where will you most likely find this information?
A. rsyslog configuration
B. VoIP traffic log
C. Directory server authentication log
D. DNS server log
31. Which Linux command is specifically designed to view systemd logs?
A. NXLog
B. IPFIX
C. journalctl
D. echo
32. Which SOAR component is used to automate IT-related security incident response?
A. Playbook
B. Legal hold
C. E-discovery
D. Runbook
QUICK ANSWER KEY
1. A
2. C
3. A
4. B
5. C
6. B
7. D
8. C
9. D
10. B
11. B, D
12. C
13. B, C
14. C
15. D
16. B
17. C
18. A, B
19. C
20. A
21. A, B, D
22. B, C
23. D
24. A, D
25. B, C
26. See “In-Depth Answers.”
27. B
28. C
29. A
30. D
31. C
32. D
IN-DEPTH ANSWERS
1. A. A quick assessment of the situation severity by the first responder will determine who needs to be called or what should be done next, based on the incident response policy.
B, C, and D are incorrect. Until the severity has been determined, the first responder will not know who to call. Calculating financial loss is not the first thing that should be done; it can be done once the situation is under control. Pointing fingers also isn’t a first response, and it won’t help the incident investigation.
2. C. Chain of custody has been violated. Chain of custody involves documenting evidence being collected thoroughly and legally while ensuring that the evidence cannot be tampered with. If the chain of custody has not been maintained because the equipment was unattended, it could result in evidence being deemed inadmissible by a court of law.
A, B, and D are incorrect. Order of volatility determines what type of data is most easily lost—for example, data in electronic memory (RAM) versus data stored on a DVD or a disk volume snapshot used for backup purposes. Damage control involves minimizing further damage in the case of an unfavorable event. Time offset is used to validate the date and time stamps of digital forensic evidence.
3. A. The order of volatility determines which data is most at risk of loss. Electronic memory (RAM) data is lost when a device is powered off, as are the contents of the CPU cache; therefore, data must be properly collected before the other listed items.
B, C, and D are incorrect. Hard disks and stored data, such as temporary swap or page files, USB, and CMOS data, exist even without power, although operating system settings can be set to clear temporary swap files upon reboot. CMOS chips on the motherboard require a small battery to retain their configurations (boot sequence, date/time, and so on) and can provide power for up to an average of five years.
4. B. The mail server log will reveal SMTP activity such as excessive outbound SMTP traffic. Real-time active monitoring of logs and long-term trend analysis can alert administrators immediately; this is the function of a security sensor such as an intrusion detection system (IDS), which can forward security alerts to a centralized security information and event management (SIEM) dashboard. SIEM dashboards can be secured so that sensitive alerts are available only to the appropriate security personnel. Documentation from previous similar incidents contains lessons learned that can aid in quick remediation.
A, C, and D are incorrect. Your inbox is not related to general outbound SMTP traffic unless you have configured your mail server to notify you. Mail server documentation will detail what you must do to ensure that the server functions properly, but it will not specifically address this issue. The web server log will not contain SMTP outbound traffic details.
5. C. Video surveillance provides important evidence that could be used to solve this crime. For the organization, analyzing data retention policies for backups should be consulted to determine which data was compromised.
A, B, and D are incorrect. You must not disturb the crime scene. Because there is surveillance video, there is no need for a sketch. Never seek out those who have committed a crime; leave that to law enforcement.
6. B. A digital photograph of a screen can prove relevant to the particular crime because it may reveal what was happening on the system at the time it was seized.
A, C, and D are incorrect. A picture of the motherboard would generally be useless; user data is not exposed when viewing a motherboard. A Visio network diagram, while useful as network documentation, is not as valuable as a screenshot when seizing equipment. Steganography is the art of concealing data within other data (for example, messages hidden within pictures); this does not apply in this case.
7. D. Digital forensic evidence must first be collected from the most fragile (power-dependent) locations such as RAM and the swap file. Swap files contain data from physical RAM that were paged to disk to make room for something else in physical RAM. Hard disks are the next most vulnerable, because hard disk data can simply be deleted and the disk can be filled with useless data to make data recovery difficult. A DVD-R is less susceptible to data loss than hard disks since it is read-only.
A, B, and C are incorrect. RAM is much more volatile (power-dependent) than swap files and hard disks. Swap files are more volatile than DVD-Rs.
8. C. A hash table calculates file hashes for each file. Known standard operating system file hashes can be compared to your file hashes to quickly exclude known authentic operating system files that have not been modified.
A, B, and D are incorrect. Writing a Visual Basic script to delete files is not recommended; all data must be retained. Deleting files that are thought to belong to the operating system is not a thorough method of reducing files that must be analyzed. The original data evidence must never be modified, so adding file metadata to the original disk should not be done.
9. D. A forensic expert witness has specialized knowledge and experience in a field beyond that of the average person, and thus her testimony is deemed authentic.
A, B, and C are incorrect. The plaintiff is the party who initiates a lawsuit, and the defendant is the party against which charges are alleged. An auditor examines records of some type to ensure their thoroughness and authenticity.
10. B. Preserving, protecting, and documenting evidence is referred to as chain of custody. The legally required implementation of evidence preservation is referred to as “legal hold.”
A, C, and D are incorrect. Delegation, disk imaging, and capturing memory contents are all tasks that could be
Extracted
Ransom Note
Chapter 7
Implementing Host-based Security
CERTIFICATION OBJECTIVES
7.01 Threat Detection
7.02 Mobile Wireless Network Security
7.03 Hardening Mobile Devices
QUESTIONS
While firewalls can examine network transmissions to allow or deny that traffic, intrusion detection and prevention systems can be configured to detect and report on abnormal activity occurring on a network or a specific host. Intrusion prevention systems (IPSs) have the ability to stop attacks in progress.
End-point devices are used directly by users and include desktops, laptops, tablets, smartphones, and so on. Hardening end-point device configurations and usage can be achieved with configurations such as app geofencing, disabling unneeded functionality such as Bluetooth, and context-aware authentication.
Full device encryption as well as using self-encrypting drives (SEDs) can protect sensitive data from unauthorized viewing, while hashing can be used to determine whether changes have been made, such as to individual files. Data loss prevention (DLP) software can be deployed to ensure that sensitive data is not leaked to unauthorized users inside and outside the organization.
1. You have been tasked with deploying a security solution that will monitor activity related to a specific application server. The solution must be able to detect suspicious activity and take steps to prevent the activity from continuing. What should you deploy?
A. NIDS
B. NIPS
C. HIDS
D. HIPS
2. You need to implement a tool that can be configured to detect abnormal activity for a cloud-based virtual network. The solution must be configured to send alert notifications to administrators. What should you deploy?
A. NIDS
B. HSM
C. HIDS
D. TPM
3. Your software development team is creating a custom app that will accept customer payments. The app calls upon existing third-party APIs, where those APIs result in a unique value generated from user payment methods and that unique value is sent over the network to complete payment transactions. Which technique is taking place when payments occur using this custom app?
A. Tokenization
B. Salting
C. Encryption
D. Hashing
4. Which close-range wireless system that supports “tap” payments is commonly used for debit and credit card payments with point-of-sale systems?
A. Wi-Fi
B. Bluetooth
C. NFC
D. Infrared
5. You plan on working remotely while vacationing in a rural location, where traditional wired phone service and electricity are unavailable. Your mobile phone has a data connection in this location, but the signal is very weak and unacceptably slow for work purposes over the Internet. You plan on using batteries and a power generator to run electrical devices. Which network connectivity options should you consider? (Choose two.)
A. DSL
B. Cable modem
C. Cellular signal booster
D. Satellite connectivity
6. Your company-issued smartphone is configured to accept your fingerprint as a form of authentication. What type of authentication is this?
A. Context-aware
B. Multifactor
C. Biometric
D. Gesture-based
7. Some of your technically proficient users have modified their company-issued Android smartphone to provide full device access in order to install apps requiring this permission. Which term best describes this scenario?
A. Jailbreaking
B. sudo
C. Rooting
D. Hijacking
8. You are configuring a mobile device management (MDM) solution to harden employee smartphones. The devices must be configured such that:
Device location around the world cannot be tracked.
Sensitive data cannot be viewed by unauthorized parties.
Device configuration and data can be removed when devices are lost or stolen.
Corporate apps and data are isolated from personal apps and data.
What do you need to do?
A. Disable GPS, enable full device hashing, enable remote wipe, and run apps in Docker containers.
B. Disable GPS enable full device encryption, enable remote wipe, and configure containerization.
C. Disable Bluetooth, enable full device encryption, enable remote access, and configure containerization.
D. Disable Bluetooth, enable full device hashing, enable remote wipe, and configure containerization.
9. After sensitive data is leaked from within your organization, you decide to implement security solutions on all desktop computers that will ensure that sensitive documents are shared only with authorized parties. Desktop computers must also be protected from malicious code and must block network traffic not initiated by the desktop itself. Which of the following solutions will best address these concerns?
A. Opal-compliant self-encrypting drive full-disk encryption, DLP, firewall
B. DLP, full disk backup, firewall
C. Anti-malware, disk encryption using TPM, firewall
D. DLP, anti-malware, firewall
10. Users in your company use a web browser on their tablets to access their cloud-hosted Windows desktop and applications remotely. Which term best encompasses this scenario?
A. TPM
B. VDI
C. HSM
D. IPS
11. Users complain that as they are travelling on a commuter train to and from work, they are unable to access e-mail and cloud-based files on their laptops. However, they are able to read e-mail messages on their company-issued smartphones. Cloud-based files can be edited only using specialized software installed on laptops. The train does not offer Wi-Fi Internet connectivity. Users must have access to e-mail and cloud-based files during their commute while minimizing costs and inconvenience. What should you do?
A. Teach users how to sideload applications.
B. Teach users how to manage USB On-The-Go.
C. Teach users how to enable GPS tagging.
D. Teach users how to enable smartphone tethering.
12. You are traveling on a bus with a colleague, and you both have your laptops. You need to share files with each other during the trip with a minimum of inconvenience and minimal cost. The bus does not offer Wi-Fi connectivity. What should you do?
A. Copy the files to external USB storage media.
B. Copy the files to a MicroSD HSM.
C. Enable Wi-Fi Direct.
D. Enable satellite Internet connectivity.
13. Which technique should be employed when testing unfamiliar software to ensure it is benign?
A. Sandboxing
B. Push notifications
C. Firmware Over-The-Air updates
D. Carrier unlocking
14. Which wireless technology is commonly used for inventory control?
A. Wi-Fi
B. RFID
C. NFC
D. Cellular
15. Your manager has asked you to evaluate and recommend a single IT tool that can be used to manage desktops, laptops, as well as Android tablets and smartphones. What type of tool should you be looking at?
A. Trusted platform module
B. Unified end-point management
C. SEAndroid
D. Hardware security module
16. You have been tasked with disabling the SMS text messaging multimedia message service (MMS) on user smartphones. Which type of SMS texting risk is directly mitigated with this configuration?
A. Injection attack
B. Identity theft
C. Ransomware triggered from an e-mail message file attachment
D. Malicious code embedded in video files
17. Refer to Figure 7-1. You would like to use a payment app on your Android smartphone that allows for “tap” close range payments. What should you configure?
A. NFC
B. Tethering & mobile hotspot
C. VPN
D. Mobile networks
FIGURE 7-1
Android smartphone settings
18. Refer to Figure 7-2. You are working with two Windows laptops side-by-side on a desk in a new office. Wi-Fi connectivity is not yet available in the office. You need to transfer files between the laptops wirelessly. Which option should you select?
A. Bluetooth & other devices
B. Touchpad
C. AutoPlay
D. USB
FIGURE 7-2
Windows settings
19. In Figure 7-3, match the terms on the left with the descriptions on the right. Note that one term on the left does not have a matching description on the right.
FIGURE 7-3
Mobile device terms and definitions
20. You are configuring a security appliance with the following rule:
sid:1000002; rev:1;)
Which type of device are you configuring?
A. Packet filtering firewall
B. Proxy server
C. IDS
D. HSM
21. You are evaluating IoT HVAC sensors for a commercial building. One concern is how device updates can be applied wirelessly when they are available. What should you search for in the IoT sensor documentation?
A. Sideloading
B. Firmware OTA updates
C. WSUS
D. TPM
22. Upon entering your favorite hardware and tool store, the store app that you had previously installed welcomes you and lists that day’s sales items for that store location. You search the app for a wrench, and the app directs you within the store to the correct location of the item. What is being used in this scenario?
A. Firmware OTA updates
B. Geotagging
C. Geofencing
D. Wi-Fi Direct
23. Your organization manages valuable pharmaceutical research data. Company security policies require Android mobile device users to use cryptographic keys to protect sensitive data. The keys cannot be stored on the device itself. What type of accompanying hardware should be used for securely storing cryptographic keys?
A. Next-generation firewall
B. USB On-The-Go
C. Secondary SIM card
D. MicroSD HSM
24. Which security issue is being addressed in Figure 7-4?
A. Data confidentiality
B. Data integrity
C. Data availability
D. Data classification
FIGURE 7-4
Microsoft PowerShell cmdlet output
25. To which operating system does the term “jailbreaking” apply?
A. Android
B. iOS
C. Linux
D. Windows
26. In which device provisioning strategy does an organization pay for and provide a mobile device to employees while allowing employees personal use of the device?
A. BYOD
B. CYOD
C. VDI
D. COPE
27. You no longer require data stored on a self-encrypting drive (SED). What is the quickest way to wipe the drive so that it can be reused, while ensuring data artifacts are not recoverable?
A. Overwrite all disk sectors with random data.
B. Overwrite all disk sectors with 0’s.
C. Remove and destroy SED cryptographic keys.
D. Attach the SED in a different computer.
28. Which abilities are unique to end-point detection and response solutions in comparison to host-based packet filtering firewalls? (Choose two.)
A. Block incoming traffic initiated from outside the machine
B. Allow incoming response traffic initiated from the machine
C. Stop attacks in progress
D. Detect threats
29. You have decided to use a different mobile network provider. Which process must be completed to use a new provider?
A. Containerization
B. Carrier unlock
C. Jailbreaking
D. Rooting
30. Online payment services can use your credit card while never sending the actual credit card details to merchants during payment transactions. Which technique enables this to occur?
A. Encryption
B. Hashing
C. Salting
D. Tokenization
31. Which technique provides cryptographic one-way functions with randomized data in addition to the data that is to be protected?
A. Encryption
B. Hashing
C. Salting
D. Tokenization
32. You work in the IT department at a military base. The IT department has secured issued smartphones to require that users must provide not only user credentials to sign in, but they must also be present at the base. Which term best describes this scenario?
A. Single sign-on
B. Multifactor authentication
C. Identity federation
D. Context-aware authentication
QUICK ANSWER KEY
1. D
2. A
3. A
4. C
5. C, D
6. C
7. C
8. B
9. D
10. B
11. D
12. C
13. A
14. B
15. B
16. D
17. A
18. A
19. See “In-Depth Answers.”
20. C
21. B
22. C
23. D
24. B
25. B
26. D
27. C
28. C, D
29. B
30. D
31. C
32. D
IN-DEPTH ANSWERS
1. D. A host-based intrusion prevention system (HIPS) runs on a specific host such as an application server. A HIPS can be configured to detect anomalous behavior related to that specific host and is not limited only to reporting/alerting/logging the activity; it can also be configured to take action to stop the activity, such as blocking specific types of network traffic from specific hosts.
A, B, and C are incorrect. A network-based intrusion detection system (NIDS) is not specific to a host but instead analyzes network traffic from many sources to detect potentially malicious activity. A network-based instruction prevention system (NIPS) has the additional capability of stopping a potential attack, such as by blocking or limiting the type and amount of network traffic from hosts. A host-based intrusion detection system (HIDS) can detect and report/alert/log any host-specific suspicious activity but does not take steps to stop or prevent those malicious activities.
2. A. A NIDS is not specific to a host but instead analyzes network traffic from many sources to detect potentially malicious activity.
B, C, and D are incorrect. A hardware security module (HSM) is a dedicated tamper-resistant device designed to securely store and manage cryptographic keys. A HIDS can detect and report/alert/log any host-specific suspicious activity but does not take steps to stop or prevent those malicious activities. The Trusted Platform Module (TPM) is a firmware chip within a computing device that ensures device boot integrity and stores cryptographic keys used to encrypt storage devices. TPM is part of an overall computing security strategy and is often referred to as being part of the “hardware root of trust.”
3. A. Tokenization is a security technique that uses a trusted centralized service to create a digital representation of sensitive data, such as credit card information. This “token” can then be used to authorize resource access or payments without ever sending the actual origin sensitive data.
B, C, and D are incorrect. Salting is a technique used to add random data to plain text data prior to all of the data being fed into a one-way cryptographic algorithm. Linux user passwords stored in the /etc/shadow file are represented as a hash value generated from the salted user password string. Encryption uses one or more keys to render plain text to cipher text (encrypted data), thus providing data confidentiality for data at rest or in transit in that only the possessor of the correct decryption key can convert the cipher text back into plain text. Hashing feeds data into a one-way hashing algorithm, which results in a unique value that can’t be easily reversed. An example of hashing would be generating file hashes periodically to see if files have been corrupted or tampered with in some way. If the current hash differs from the previous hashes, you know that a change in the data has occurred.
4. C. Near Field Communication (NFC) is a wireless technology used to transfer small amounts of data between devices that are no more than approximately 10 centimeters (3.9 inches) apart. NFC is commonly used for “tap” contactless payment systems from smartphones or payment cards.
A, B, and D are incorrect. The wireless fidelity (Wi-Fi) wireless network system uses radio waves that can be transmitted from one point and received by many Wi-Fi devices such as desktops, laptops, tablets, smartphones, gaming consoles, and so on. Wi-Fi devices can communicate directly with each other (ad-hoc mode) or they can connect to a central wireless connectivity device (wireless access point or wireless router). Wireless routers are designed to route local Wi-Fi traffic to other networks such as the Internet. Infrared is an older line-of-sight, or point-to-point, wireless technology that is used for items such as television remote controls. Modern computing devices no longer use infrared for local device connectivity or printing; instead, Bluetooth is used for these purposes. Bluetooth is a wireless technology similar to Wi-Fi but has a smaller range than Wi-Fi; most common Bluetooth implementations have a range of up to 10 meters (33 feet). Common uses of Bluetooth include hands-free mobile phone usage while driving, connecting devices such as televisions and smartphones to wireless speaker systems, and so on.
5. C and D. Cellular signal boosters can amplify a weak cellular signal many times to enable voice calls, texting, and mobile device data usage that otherwise may be unacceptably slow or not be possible in a rural area. Always check with the nearest cell tower provider to register your cellular signal booster. Satellite connectivity requires a satellite dish installation to transmit and receive data through a wireless satellite system and can also be used to provide Internet connectivity to rural areas or ships at sea.
A and B are incorrect. A digital
Signatures
Files
-
Glen E. Clarke - CompTIA Security+ Certification Bundle (Exam SY0-601)-McGraw-Hill Education (2022).epub
-
META-INF/calibre_bookmarks.txt
-
META-INF/container.xml
-
OEBPS/1260467937.opf
-
OEBPS/Book1/1260467937.css
-
OEBPS/Book1/9781260467932_FC.jpg
-
OEBPS/Book1/9781260468007_FC.jpg
-
OEBPS/Book1/ERC-1.jpg
-
OEBPS/Book1/ERC-10.jpg
-
OEBPS/Book1/ERC-11.jpg
-
OEBPS/Book1/ERC-12.jpg
-
OEBPS/Book1/ERC-13.jpg
-
OEBPS/Book1/ERC-14.jpg
-
OEBPS/Book1/ERC-15.jpg
-
OEBPS/Book1/ERC-16.jpg
-
OEBPS/Book1/ERC-17.jpg
-
OEBPS/Book1/ERC-18.jpg
-
OEBPS/Book1/ERC-19.jpg
-
OEBPS/Book1/ERC-2.jpg
-
OEBPS/Book1/ERC-20.jpg
-
OEBPS/Book1/ERC-21.jpg
-
OEBPS/Book1/ERC-22.jpg
-
OEBPS/Book1/ERC-23.jpg
-
OEBPS/Book1/ERC-24.jpg
-
OEBPS/Book1/ERC-25.jpg
-
OEBPS/Book1/ERC-26.jpg
-
OEBPS/Book1/ERC-27.jpg
-
OEBPS/Book1/ERC-28.jpg
-
OEBPS/Book1/ERC-29.jpg
-
OEBPS/Book1/ERC-3.jpg
-
OEBPS/Book1/ERC-30.jpg
-
OEBPS/Book1/ERC-31.jpg
-
OEBPS/Book1/ERC-32.jpg
-
OEBPS/Book1/ERC-33.jpg
-
OEBPS/Book1/ERC-34.jpg
-
OEBPS/Book1/ERC-35.jpg
-
OEBPS/Book1/ERC-36.jpg
-
OEBPS/Book1/ERC-37.jpg
-
OEBPS/Book1/ERC-38.jpg
-
OEBPS/Book1/ERC-39.jpg
-
OEBPS/Book1/ERC-4.jpg
-
OEBPS/Book1/ERC-40.jpg
-
OEBPS/Book1/ERC-41.jpg
-
OEBPS/Book1/ERC-42.jpg
-
OEBPS/Book1/ERC-5.jpg
-
OEBPS/Book1/ERC-6.jpg
-
OEBPS/Book1/ERC-7.jpg
-
OEBPS/Book1/ERC-8.jpg
-
OEBPS/Book1/ERC-9.jpg
-
OEBPS/Book1/bonus.xhtml
-
OEBPS/Book1/boxsq.jpg
-
OEBPS/Book1/boxt.jpg
-
OEBPS/Book1/boxx.jpg
-
OEBPS/Book1/ch00_fm01_title.xhtml
-
OEBPS/Book1/ch00_fm02_copy.xhtml
-
OEBPS/Book1/ch00_fm03_ded.xhtml
-
OEBPS/Book1/ch00_fm04_abt.xhtml
-
OEBPS/Book1/ch00_fm05_contents.xhtml
-
OEBPS/Book1/ch00_fm06_toc.xhtml
-
OEBPS/Book1/ch00_fm07_preface.xhtml
-
OEBPS/Book1/ch00_fm08_ack.xhtml
-
OEBPS/Book1/ch00_fm09_intro.xhtml
-
OEBPS/Book1/ch01.xhtml
-
OEBPS/Book1/ch02.xhtml
-
OEBPS/Book1/ch03.xhtml
-
OEBPS/Book1/ch04.xhtml
-
OEBPS/Book1/ch05.xhtml
-
OEBPS/Book1/ch06.xhtml
-
OEBPS/Book1/ch07.xhtml
-
OEBPS/Book1/ch08.xhtml
-
OEBPS/Book1/ch09.xhtml
-
OEBPS/Book1/ch10.xhtml
-
OEBPS/Book1/ch11.xhtml
-
OEBPS/Book1/ch12.xhtml
-
OEBPS/Book1/ch13.xhtml
-
OEBPS/Book1/ch14.xhtml
-
OEBPS/Book1/ch15.xhtml
-
OEBPS/Book1/ch16.xhtml
-
OEBPS/Book1/ch17.xhtml
-
OEBPS/Book1/ch18.xhtml
-
OEBPS/Book1/ch19.xhtml
-
OEBPS/Book1/ch20.xhtml
-
OEBPS/Book1/ch21.xhtml
-
OEBPS/Book1/ch22_appendix.xhtml
-
OEBPS/Book1/ch23_glossary.xhtml
-
OEBPS/Book1/ch24_exam.xhtml
-
OEBPS/Book1/ch25_index.xhtml
-
OEBPS/Book1/ch26_back.xhtml
-
OEBPS/Book1/contents1.xhtml
-
OEBPS/Book1/copy1.xhtml
-
OEBPS/Book1/cover.xhtml
-
OEBPS/Book1/cover1.xhtml
-
OEBPS/Book1/exam.jpg
-
OEBPS/Book1/f0002-01.jpg
-
OEBPS/Book1/f0003-01.jpg
-
OEBPS/Book1/f0004-01.jpg
-
OEBPS/Book1/f0006-01.jpg
-
OEBPS/Book1/f0008-01.jpg
-
OEBPS/Book1/f0011-01.jpg
-
OEBPS/Book1/f0012-01.jpg
-
OEBPS/Book1/f0013-01.jpg
-
OEBPS/Book1/f0013-02.jpg
-
OEBPS/Book1/f0022-01.jpg
-
OEBPS/Book1/f0022-02.jpg
-
OEBPS/Book1/f0024-01.jpg
-
OEBPS/Book1/f0025-01.jpg
-
OEBPS/Book1/f0027-01.jpg
-
OEBPS/Book1/f0028-01.jpg
-
OEBPS/Book1/f0030-01.jpg
-
OEBPS/Book1/f0032-01.jpg
-
OEBPS/Book1/f0034-01.jpg
-
OEBPS/Book1/f0050-01.jpg
-
OEBPS/Book1/f0053-01.jpg
-
OEBPS/Book1/f0056-01.jpg
-
OEBPS/Book1/f0058-01.jpg
-
OEBPS/Book1/f0063-01.jpg
-
OEBPS/Book1/f0086-01.jpg
-
OEBPS/Book1/f0091-01.jpg
-
OEBPS/Book1/f0096-01.jpg
-
OEBPS/Book1/f0133-01.jpg
-
OEBPS/Book1/f0138-01.jpg
-
OEBPS/Book1/f0142-01.jpg
-
OEBPS/Book1/f0149-01.jpg
-
OEBPS/Book1/f0150-01.jpg
-
OEBPS/Book1/f0150-02.jpg
-
OEBPS/Book1/f0152-01.jpg
-
OEBPS/Book1/f0153-01.jpg
-
OEBPS/Book1/f0154-01.jpg
-
OEBPS/Book1/f0155-01.jpg
-
OEBPS/Book1/f0157-01.jpg
-
OEBPS/Book1/f0158-01.jpg
-
OEBPS/Book1/f0158-02.jpg
-
OEBPS/Book1/f0159-01.jpg
-
OEBPS/Book1/f0162-01.jpg
-
OEBPS/Book1/f0167-01.jpg
-
OEBPS/Book1/f0168-01.jpg
-
OEBPS/Book1/f0176-01.jpg
-
OEBPS/Book1/f0177-01.jpg
-
OEBPS/Book1/f0180-01.jpg
-
OEBPS/Book1/f0180-02.jpg
-
OEBPS/Book1/f0193-01.jpg
-
OEBPS/Book1/f0198-01.jpg
-
OEBPS/Book1/f0199-01.jpg
-
OEBPS/Book1/f0199-02.jpg
-
OEBPS/Book1/f0200-01.jpg
-
OEBPS/Book1/f0201-01.jpg
-
OEBPS/Book1/f0204-01.jpg
-
OEBPS/Book1/f0208-01.jpg
-
OEBPS/Book1/f0210-01.jpg
-
OEBPS/Book1/f0210-02.jpg
-
OEBPS/Book1/f0211-01.jpg
-
OEBPS/Book1/f0211-02.jpg
-
OEBPS/Book1/f0211-03.jpg
-
OEBPS/Book1/f0212-01.jpg
-
OEBPS/Book1/f0214-01.jpg
-
OEBPS/Book1/f0225-01.jpg
-
OEBPS/Book1/f0229-01.jpg
-
OEBPS/Book1/f0232-01.jpg
-
OEBPS/Book1/f0233-01.jpg
-
OEBPS/Book1/f0235-01.jpg
-
OEBPS/Book1/f0238-01.jpg
-
OEBPS/Book1/f0245-01.jpg
-
OEBPS/Book1/f0247-01.jpg
-
OEBPS/Book1/f0249-01.jpg
-
OEBPS/Book1/f0250-01.jpg
-
OEBPS/Book1/f0252-01.jpg
-
OEBPS/Book1/f0257-01.jpg
-
OEBPS/Book1/f0258-01.jpg
-
OEBPS/Book1/f0266-01.jpg
-
OEBPS/Book1/f0269-01.jpg
-
OEBPS/Book1/f0277-01.jpg
-
OEBPS/Book1/f0278-01.jpg
-
OEBPS/Book1/f0279-01.jpg
-
OEBPS/Book1/f0279-02.jpg
-
OEBPS/Book1/f0280-01.jpg
-
OEBPS/Book1/f0281-01.jpg
-
OEBPS/Book1/f0282-01.jpg
-
OEBPS/Book1/f0282-02.jpg
-
OEBPS/Book1/f0286-01.jpg
-
OEBPS/Book1/f0287-01.jpg
-
OEBPS/Book1/f0288-01.jpg
-
OEBPS/Book1/f0289-01.jpg
-
OEBPS/Book1/f0296-01.jpg
-
OEBPS/Book1/f0305-01.jpg
-
OEBPS/Book1/f0306-01.jpg
-
OEBPS/Book1/f0307-01.jpg
-
OEBPS/Book1/f0323-01.jpg
-
OEBPS/Book1/f0323-02.jpg
-
OEBPS/Book1/f0326-01.jpg
-
OEBPS/Book1/f0326-02.jpg
-
OEBPS/Book1/f0329-01.jpg
-
OEBPS/Book1/f0329-02.jpg
-
OEBPS/Book1/f0330-01.jpg
-
OEBPS/Book1/f0332-01.jpg
-
OEBPS/Book1/f0334-01.jpg
-
OEBPS/Book1/f0335-01.jpg
-
OEBPS/Book1/f0336-01.jpg
-
OEBPS/Book1/f0337-01.jpg
-
OEBPS/Book1/f0338-01.jpg
-
OEBPS/Book1/f0338-02.jpg
-
OEBPS/Book1/f0339-01.jpg
-
OEBPS/Book1/f0340-01.jpg
-
OEBPS/Book1/f0342-01.jpg
-
OEBPS/Book1/f0345-01.jpg
-
OEBPS/Book1/f0348-01.jpg
-
OEBPS/Book1/f0352-01.jpg
-
OEBPS/Book1/f0352-02.jpg
-
OEBPS/Book1/f0353-01.jpg
-
OEBPS/Book1/f0355-01.jpg
-
OEBPS/Book1/f0357-01.jpg
-
OEBPS/Book1/f0360-01.jpg
-
OEBPS/Book1/f0362-01.jpg
-
OEBPS/Book1/f0364-01.jpg
-
OEBPS/Book1/f0383-01.jpg
-
OEBPS/Book1/f0384-01.jpg
-
OEBPS/Book1/f0388-01.jpg
-
OEBPS/Book1/f0388-02.jpg
-
OEBPS/Book1/f0390-01.jpg
-
OEBPS/Book1/f0391-01.jpg
-
OEBPS/Book1/f0399-01.jpg
-
OEBPS/Book1/f0400-01.jpg
-
OEBPS/Book1/f0401-01.jpg
-
OEBPS/Book1/f0402-01.jpg
-
OEBPS/Book1/f0403-01.jpg
-
OEBPS/Book1/f0407-01.jpg
-
OEBPS/Book1/f0409-01.jpg
-
OEBPS/Book1/f0409-02.jpg
-
OEBPS/Book1/f0410-01.jpg
-
OEBPS/Book1/f0411-01.jpg
-
OEBPS/Book1/f0412-01.jpg
-
OEBPS/Book1/f0412-02.jpg
-
OEBPS/Book1/f0413-01.jpg
-
OEBPS/Book1/f0414-01.jpg
-
OEBPS/Book1/f0414-02.jpg
-
OEBPS/Book1/f0415-01.jpg
-
OEBPS/Book1/f0417-01.jpg
-
OEBPS/Book1/f0418-01.jpg
-
OEBPS/Book1/f0419-01.jpg
-
OEBPS/Book1/f0420-01.jpg
-
OEBPS/Book1/f0421-01.jpg
-
OEBPS/Book1/f0422-01.jpg
-
OEBPS/Book1/f0422-02.jpg
-
OEBPS/Book1/f0423-01.jpg
-
OEBPS/Book1/f0424-01.jpg
-
OEBPS/Book1/f0432-01.jpg
-
OEBPS/Book1/f0432-02.jpg
-
OEBPS/Book1/f0436-01.jpg
-
OEBPS/Book1/f0436-02.jpg
-
OEBPS/Book1/f0450-01.jpg
-
OEBPS/Book1/f0454-01.jpg
-
OEBPS/Book1/f0456-01.jpg
-
OEBPS/Book1/f0457-01.jpg
-
OEBPS/Book1/f0458-01.jpg
-
OEBPS/Book1/f0459-01.jpg
-
OEBPS/Book1/f0464-01.jpg
-
OEBPS/Book1/f0464-02.jpg
-
OEBPS/Book1/f0466-01.jpg
-
OEBPS/Book1/f0467-01.jpg
-
OEBPS/Book1/f0476-01.jpg
-
OEBPS/Book1/f0477-01.jpg
-
OEBPS/Book1/f0478-01.jpg
-
OEBPS/Book1/f0481-01.jpg
-
OEBPS/Book1/f0487-01.jpg
-
OEBPS/Book1/f0496-01.jpg
-
OEBPS/Book1/f0497-01.jpg
-
OEBPS/Book1/f0498-01.jpg
-
OEBPS/Book1/f0498-02.jpg
-
OEBPS/Book1/f0499-01.jpg
-
OEBPS/Book1/f0507-01.jpg
-
OEBPS/Book1/f0507-02.jpg
-
OEBPS/Book1/f0510-01.jpg
-
OEBPS/Book1/f0510-02.jpg
-
OEBPS/Book1/f0512-01.jpg
-
OEBPS/Book1/f0514-01.jpg
-
OEBPS/Book1/f0517-01.jpg
-
OEBPS/Book1/f0526-01.jpg
-
OEBPS/Book1/f0526-02.jpg
-
OEBPS/Book1/f0528-01.jpg
-
OEBPS/Book1/f0528-02.jpg
-
OEBPS/Book1/f0534-01.jpg
-
OEBPS/Book1/f0544-01.jpg
-
OEBPS/Book1/f0549-01.jpg
-
OEBPS/Book1/f0551-01.jpg
-
OEBPS/Book1/f0554-01.jpg
-
OEBPS/Book1/f0556-01.jpg
-
OEBPS/Book1/f0559-01.jpg
-
OEBPS/Book1/f0565-01.jpg
-
OEBPS/Book1/f0569-01.jpg
-
OEBPS/Book1/f0572-01.jpg
-
OEBPS/Book1/f0573-01.jpg
-
OEBPS/Book1/f0574-01.jpg
-
OEBPS/Book1/f0575-01.jpg
-
OEBPS/Book1/f0576-01.jpg
-
OEBPS/Book1/f0577-01.jpg
-
OEBPS/Book1/f0581-01.jpg
-
OEBPS/Book1/f0584-01.jpg
-
OEBPS/Book1/f0587-01.jpg
-
OEBPS/Book1/f0588-01.jpg
-
OEBPS/Book1/f0594-01.jpg
-
OEBPS/Book1/f0595-01.jpg
-
OEBPS/Book1/f0601-01.jpg
-
OEBPS/Book1/f0601-02.jpg
-
OEBPS/Book1/f0611-01.jpg
-
OEBPS/Book1/f0611-02.jpg
-
OEBPS/Book1/f0614-01.jpg
-
OEBPS/Book1/f0614-02.jpg
-
OEBPS/Book1/f0617-01.jpg
-
OEBPS/Book1/f0619-01.jpg
-
OEBPS/Book1/f0622-01.jpg
-
OEBPS/Book1/f0641-01.jpg
-
OEBPS/Book1/f0643-01.jpg
-
OEBPS/Book1/f0646-01.jpg
-
OEBPS/Book1/f0652-01.jpg
-
OEBPS/Book1/f0656-01.jpg
-
OEBPS/Book1/f0677-01.jpg
-
OEBPS/Book1/f0691-01.jpg
-
OEBPS/Book1/f0693-01.jpg
-
OEBPS/Book1/f0695-01.jpg
-
OEBPS/Book1/f0709-01.jpg
-
OEBPS/Book1/f0713-01.jpg
-
OEBPS/Book1/f0720-01.jpg
-
OEBPS/Book1/f0721-01.jpg
-
OEBPS/Book1/f0723-01.jpg
-
OEBPS/Book1/f0724-01.jpg
-
OEBPS/Book1/f0725-01.jpg
-
OEBPS/Book1/f0726-01.jpg
-
OEBPS/Book1/f0728-01.jpg
-
OEBPS/Book1/f0729-01.jpg
-
OEBPS/Book1/f0735-01.jpg
-
OEBPS/Book1/f0738-01.jpg
-
OEBPS/Book1/f0746-01.jpg
-
OEBPS/Book1/f0747-01.jpg
-
OEBPS/Book1/f0748-01.jpg
-
OEBPS/Book1/f0753-01.jpg
-
OEBPS/Book1/f0756-01.jpg
-
OEBPS/Book1/f0758-01.jpg
-
OEBPS/Book1/f0759-01.jpg
-
OEBPS/Book1/f0760-01.jpg
-
OEBPS/Book1/f0762-01.jpg
-
OEBPS/Book1/f0764-01.jpg
-
OEBPS/Book1/f0765-01.jpg
-
OEBPS/Book1/f0767-01.jpg
-
OEBPS/Book1/f0772-01.jpg
-
OEBPS/Book1/f0774-01.jpg
-
OEBPS/Book1/f0780-01.jpg
-
OEBPS/Book1/f0781-01.jpg
-
OEBPS/Book1/f0782-01.jpg
-
OEBPS/Book1/f0786-01.jpg
-
OEBPS/Book1/f0795-01.jpg
-
OEBPS/Book1/f0797-01.jpg
-
OEBPS/Book1/f0799-01.jpg
-
OEBPS/Book1/f0799-02.jpg
-
OEBPS/Book1/f0800-01.jpg
-
OEBPS/Book1/f0803-01.jpg
-
OEBPS/Book1/f0809-01.jpg
-
OEBPS/Book1/f0814-01.jpg
-
OEBPS/Book1/f0821-01.jpg
-
OEBPS/Book1/f0824-01.jpg
-
OEBPS/Book1/f0829-01.jpg
-
OEBPS/Book1/f0830-01.jpg
-
OEBPS/Book1/f0830-02.jpg
-
OEBPS/Book1/f0833-01.jpg
-
OEBPS/Book1/f0839-01.jpg
-
OEBPS/Book1/f0840-01.jpg
-
OEBPS/Book1/f0843-01.jpg
-
OEBPS/Book1/f0844-01.jpg
-
OEBPS/Book1/f0846-01.jpg
-
OEBPS/Book1/f0847-01.jpg
-
OEBPS/Book1/f0848-01.jpg
-
OEBPS/Book1/f0850-01.jpg
-
OEBPS/Book1/f0852-01.jpg
-
OEBPS/Book1/f0853-01.jpg
-
OEBPS/Book1/f0853-02.jpg
-
OEBPS/Book1/f0854-01.jpg
-
OEBPS/Book1/f0854-02.jpg
-
OEBPS/Book1/f0855-01.jpg
-
OEBPS/Book1/f0856-01.jpg
-
OEBPS/Book1/f0908-01.jpg
-
OEBPS/Book1/job.jpg
-
OEBPS/Book1/nav.xhtml
-
OEBPS/Book1/p0004-01.jpg
-
OEBPS/Book1/p0005-01.jpg
-
OEBPS/Book1/p0005-02.jpg
-
OEBPS/Book1/p0006-01.jpg
-
OEBPS/Book1/p0007-01.jpg
-
OEBPS/Book1/p0007-02.jpg
-
OEBPS/Book1/p0037-01.jpg
-
OEBPS/Book1/p0039-01.jpg
-
OEBPS/Book1/p0043-01.jpg
-
OEBPS/Book1/p0151-01.jpg
-
OEBPS/Book1/p0151-02.jpg
-
OEBPS/Book1/p0152-01.jpg
-
OEBPS/Book1/p0152-02.jpg
-
OEBPS/Book1/p0153-01.jpg
-
OEBPS/Book1/p0156-01.jpg
-
OEBPS/Book1/p0159-01.jpg
-
OEBPS/Book1/p0159-02.jpg
-
OEBPS/Book1/p0159-03.jpg
-
OEBPS/Book1/p0160-01.jpg
-
OEBPS/Book1/p0162-01.jpg
-
OEBPS/Book1/p0162-02.jpg
-
OEBPS/Book1/p0162-03.jpg
-
OEBPS/Book1/p0163-01.jpg
-
OEBPS/Book1/p0163-02.jpg
-
OEBPS/Book1/p0210-01.jpg
-
OEBPS/Book1/p0210-02.jpg
-
OEBPS/Book1/p0210-03.jpg
-
OEBPS/Book1/p0211-01.jpg
-
OEBPS/Book1/p0211-02.jpg
-
OEBPS/Book1/p0211-03.jpg
-
OEBPS/Book1/p0212-01.jpg
-
OEBPS/Book1/p0242-01.jpg
-
OEBPS/Book1/p0243-01.jpg
-
OEBPS/Book1/p0243-02.jpg
-
OEBPS/Book1/p0244-01.jpg
-
OEBPS/Book1/p0245-01.jpg
-
OEBPS/Book1/p0246-01.jpg
-
OEBPS/Book1/p0259-01.jpg
-
OEBPS/Book1/p0281-01.jpg
-
OEBPS/Book1/p0281-02.jpg
-
OEBPS/Book1/p0283-01.jpg
-
OEBPS/Book1/p0283-02.jpg
-
OEBPS/Book1/p0283-03.jpg
-
OEBPS/Book1/p0306-01.jpg
-
OEBPS/Book1/p0306-02.jpg
-
OEBPS/Book1/p0333-01.jpg
-
OEBPS/Book1/p0334-01.jpg
-
OEBPS/Book1/p0334-02.jpg
-
OEBPS/Book1/p0335-01.jpg
-
OEBPS/Book1/p0335-02.jpg
-
OEBPS/Book1/p0336-01.jpg
-
OEBPS/Book1/p0350-01.jpg
-
OEBPS/Book1/p0351-01.jpg
-
OEBPS/Book1/p0353-01.jpg
-
OEBPS/Book1/p0354-01.jpg
-
OEBPS/Book1/p0354-02.jpg
-
OEBPS/Book1/p0412-01.jpg
-
OEBPS/Book1/p0413-01.jpg
-
OEBPS/Book1/p0414-01.jpg
-
OEBPS/Book1/p0414-02.jpg
-
OEBPS/Book1/p0482-01.jpg
-
OEBPS/Book1/p0482-02.jpg
-
OEBPS/Book1/p0489-02.jpg
-
OEBPS/Book1/p0489-03.jpg
-
OEBPS/Book1/p0490-01.jpg
-
OEBPS/Book1/p0490-02.jpg
-
OEBPS/Book1/p0491-01.jpg
-
OEBPS/Book1/p0491-02.jpg
-
OEBPS/Book1/p0491-03.jpg
-
OEBPS/Book1/p0491-04.jpg
-
OEBPS/Book1/p0495-01.jpg
-
OEBPS/Book1/p0495-02.jpg
-
OEBPS/Book1/p0496-01.jpg
-
OEBPS/Book1/p0496-02.jpg
-
OEBPS/Book1/p0497-01.jpg
-
OEBPS/Book1/p0500-01.jpg
-
OEBPS/Book1/p0513-01.jpg
-
OEBPS/Book1/p0513-02.jpg
-
OEBPS/Book1/p0513-03.jpg
-
OEBPS/Book1/p0515-01.jpg
-
OEBPS/Book1/p0516-01.jpg
-
OEBPS/Book1/p0516-02.jpg
-
OEBPS/Book1/p0517-01.jpg
-
OEBPS/Book1/p0518-01.jpg
-
OEBPS/Book1/p0518-02.jpg
-
OEBPS/Book1/p0521-01.jpg
-
OEBPS/Book1/p0521-02.jpg
-
OEBPS/Book1/p0521-03.jpg
-
OEBPS/Book1/p0524-01.jpg
-
OEBPS/Book1/p0526-01.jpg
-
OEBPS/Book1/p0526-02.jpg
-
OEBPS/Book1/p0533-01.jpg
-
OEBPS/Book1/p0534-01.jpg
-
OEBPS/Book1/p0548-01.jpg
-
OEBPS/Book1/p0551-01.jpg
-
OEBPS/Book1/p0590-01.jpg
-
OEBPS/Book1/p0591-01.jpg
-
OEBPS/Book1/p0591-02.jpg
-
OEBPS/Book1/p0591-03.jpg
-
OEBPS/Book1/p0616-01.jpg
-
OEBPS/Book1/p0617-01.jpg
-
OEBPS/Book1/p0618-01.jpg
-
OEBPS/Book1/p0619-01.jpg
-
OEBPS/Book1/p0619-02.jpg
-
OEBPS/Book1/p0619-03.jpg
-
OEBPS/Book1/p0620-01.jpg
-
OEBPS/Book1/p0621-01.jpg
-
OEBPS/Book1/p0621-02.jpg
-
OEBPS/Book1/p0622-01.jpg
-
OEBPS/Book1/p0630-01.jpg
-
OEBPS/Book1/p0742-01.jpg
-
OEBPS/Book1/p0743-01.jpg
-
OEBPS/Book1/p0743-02.jpg
-
OEBPS/Book1/p0743-03.jpg
-
OEBPS/Book1/p0744-01.jpg
-
OEBPS/Book1/p0744-02.jpg
-
OEBPS/Book1/p0745-01.jpg
-
OEBPS/Book1/p0745-02.jpg
-
OEBPS/Book1/p0745-03.jpg
-
OEBPS/Book1/p0746-01.jpg
-
OEBPS/Book1/p0746-02.jpg
-
OEBPS/Book1/p0751-01.jpg
-
OEBPS/Book1/p0751-02.jpg
-
OEBPS/Book1/p0762-01.jpg
-
OEBPS/Book1/p0778-01.jpg
-
OEBPS/Book1/p0794-01.jpg
-
OEBPS/Book1/p0800-01.jpg
-
OEBPS/Book1/p0800-02.jpg
-
OEBPS/Book1/p0800-03.jpg
-
OEBPS/Book1/p0801-01.jpg
-
OEBPS/Book1/p0801-02.jpg
-
OEBPS/Book1/p0801-03.jpg
-
OEBPS/Book1/p0802-01.jpg
-
OEBPS/Book1/p0802-02.jpg
-
OEBPS/Book1/p0802-03.jpg
-
OEBPS/Book1/p0806-01.jpg
-
OEBPS/Book1/p0807-01.jpg
-
OEBPS/Book1/p0807-02.jpg
-
OEBPS/Book1/p0807-03.jpg
-
OEBPS/Book1/p0807-04.jpg
-
OEBPS/Book1/p0838-01.jpg
-
OEBPS/Book1/p0839-01.jpg
-
OEBPS/Book1/p0840-01.jpg
-
OEBPS/Book1/t0011-01.jpg
-
OEBPS/Book1/t0014-01.jpg
-
OEBPS/Book1/t0015-01.jpg
-
OEBPS/Book1/t0016-01.jpg
-
OEBPS/Book1/t0017-01.jpg
-
OEBPS/Book1/t0019-01.jpg
-
OEBPS/Book1/t0020-01.jpg
-
OEBPS/Book1/t0023-01.jpg
-
OEBPS/Book1/t0026-01.jpg
-
OEBPS/Book1/t0030-01.jpg
-
OEBPS/Book1/t0042-01.jpg
-
OEBPS/Book1/t0062-01.jpg
-
OEBPS/Book1/t0079-01.jpg
-
OEBPS/Book1/t0198-01.jpg
-
OEBPS/Book1/t0251-01.jpg
-
OEBPS/Book1/t0251-02.jpg
-
OEBPS/Book1/t0251-03.jpg
-
OEBPS/Book1/t0303-01.jpg
-
OEBPS/Book1/t0304-01.jpg
-
OEBPS/Book1/t0330-01.jpg
-
OEBPS/Book1/t0393-01.jpg
-
OEBPS/Book1/t0394-01.jpg
-
OEBPS/Book1/t0516-01.jpg
-
OEBPS/Book1/t0520-01.jpg
-
OEBPS/Book1/t0675-01.jpg
-
OEBPS/Book1/t0682-01.jpg
-
OEBPS/Book1/t0682-02.jpg
-
OEBPS/Book1/t0683-01.jpg
-
OEBPS/Book1/t0751-01.jpg
-
OEBPS/Book1/t0757-01.jpg
-
OEBPS/Book1/t0xxxiv-01.jpg
-
OEBPS/Book1/title.jpg
-
OEBPS/Book1/toc1.jpg
-
OEBPS/Book1/toc2.jpg
-
OEBPS/Book1/video.jpg
-
OEBPS/Book2/1260467988.css
-
OEBPS/Book2/1260467988.jpg
-
OEBPS/Book2/appa.xhtml
-
OEBPS/Book2/appb.xhtml
-
OEBPS/Book2/author.xhtml
-
OEBPS/Book2/ch1.xhtml
-
OEBPS/Book2/ch10.xhtml
-
OEBPS/Book2/ch11.xhtml
-
OEBPS/Book2/ch12.xhtml
-
OEBPS/Book2/ch13.xhtml
-
OEBPS/Book2/ch14.xhtml
-
OEBPS/Book2/ch15.xhtml
-
OEBPS/Book2/ch16.xhtml
-
OEBPS/Book2/ch17.xhtml
-
OEBPS/Book2/ch18.xhtml
-
OEBPS/Book2/ch19.xhtml
-
OEBPS/Book2/ch2.xhtml
-
OEBPS/Book2/ch20.xhtml
-
OEBPS/Book2/ch21.xhtml
-
OEBPS/Book2/ch3.xhtml
-
OEBPS/Book2/ch4.xhtml
-
OEBPS/Book2/ch5.xhtml
-
OEBPS/Book2/ch6.xhtml
-
OEBPS/Book2/ch7.xhtml
-
OEBPS/Book2/ch8.xhtml
-
OEBPS/Book2/ch9.xhtml
-
OEBPS/Book2/com-1.jpg
-
OEBPS/Book2/com.jpg
-
OEBPS/Book2/contents.xhtml
-
OEBPS/Book2/copy.xhtml
-
OEBPS/Book2/cover.xhtml
-
OEBPS/Book2/dedi.xhtml
-
OEBPS/Book2/exam.xhtml
-
OEBPS/Book2/fig1-1.jpg
-
OEBPS/Book2/fig1-2.jpg
-
OEBPS/Book2/fig1-3.jpg
-
OEBPS/Book2/fig1-4.jpg
-
OEBPS/Book2/fig1-5.jpg
-
OEBPS/Book2/fig1-6.jpg
-
OEBPS/Book2/fig1-7.jpg
-
OEBPS/Book2/fig10-1.jpg
-
OEBPS/Book2/fig10-2.jpg
-
OEBPS/Book2/fig10-3.jpg
-
OEBPS/Book2/fig10-4.jpg
-
OEBPS/Book2/fig11-1.jpg
-
OEBPS/Book2/fig12-1.jpg
-
OEBPS/Book2/fig12-2.jpg
-
OEBPS/Book2/fig12-3.jpg
-
OEBPS/Book2/fig13-1.jpg
-
OEBPS/Book2/fig13-2.jpg
-
OEBPS/Book2/fig13-3.jpg
-
OEBPS/Book2/fig14-1.jpg
-
OEBPS/Book2/fig14-2.jpg
-
OEBPS/Book2/fig14-3.jpg
-
OEBPS/Book2/fig15-1.jpg
-
OEBPS/Book2/fig16-1.jpg
-
OEBPS/Book2/fig16-2.jpg
-
OEBPS/Book2/fig16-3.jpg
-
OEBPS/Book2/fig17-1.jpg
-
OEBPS/Book2/fig17-2.jpg
-
OEBPS/Book2/fig17-3.jpg
-
OEBPS/Book2/fig18-1.jpg
-
OEBPS/Book2/fig18-2.jpg
-
OEBPS/Book2/fig18-3.jpg
-
OEBPS/Book2/fig18-4.jpg
-
OEBPS/Book2/fig18-5.jpg
-
OEBPS/Book2/fig18-6.jpg
-
OEBPS/Book2/fig19-1.jpg
-
OEBPS/Book2/fig19-2.jpg
-
OEBPS/Book2/fig2-1.jpg
-
OEBPS/Book2/fig2-2.jpg
-
OEBPS/Book2/fig2-3.jpg
-
OEBPS/Book2/fig2-4.jpg
-
OEBPS/Book2/fig20-1.jpg
-
OEBPS/Book2/fig20-2.jpg
-
OEBPS/Book2/fig20-3.jpg
-
OEBPS/Book2/fig20-4.jpg
-
OEBPS/Book2/fig20-5.jpg
-
OEBPS/Book2/fig20-6.jpg
-
OEBPS/Book2/fig20-7.jpg
-
OEBPS/Book2/fig21-1.jpg
-
OEBPS/Book2/fig21-2.jpg
-
OEBPS/Book2/fig3-1.jpg
-
OEBPS/Book2/fig3-2.jpg
-
OEBPS/Book2/fig3-3.jpg
-
OEBPS/Book2/fig3-4.jpg
-
OEBPS/Book2/fig4-1.jpg
-
OEBPS/Book2/fig5-1.jpg
-
OEBPS/Book2/fig5-2.jpg
-
OEBPS/Book2/fig5-3.jpg
-
OEBPS/Book2/fig5-4.jpg
-
OEBPS/Book2/fig5-5.jpg
-
OEBPS/Book2/fig5-6.jpg
-
OEBPS/Book2/fig6-1.jpg
-
OEBPS/Book2/fig6-2.jpg
-
OEBPS/Book2/fig6-3.jpg
-
OEBPS/Book2/fig6-4.jpg
-
OEBPS/Book2/fig6-5.jpg
-
OEBPS/Book2/fig6-6.jpg
-
OEBPS/Book2/fig6-7.jpg
-
OEBPS/Book2/fig7-1.jpg
-
OEBPS/Book2/fig7-2.jpg
-
OEBPS/Book2/fig7-3.jpg
-
OEBPS/Book2/fig7-4.jpg
-
OEBPS/Book2/fig7-5.jpg
-
OEBPS/Book2/fig8-1.jpg
-
OEBPS/Book2/fig8-2.jpg
-
OEBPS/Book2/fig8-3.jpg
-
OEBPS/Book2/fig8-4.jpg
-
OEBPS/Book2/fig8-5.jpg
-
OEBPS/Book2/fig9-1.jpg
-
OEBPS/Book2/fig9-2.jpg
-
OEBPS/Book2/fig9-3.jpg
-
OEBPS/Book2/fig9-4.jpg
-
OEBPS/Book2/figA-1.jpg
-
OEBPS/Book2/figA-2.jpg
-
OEBPS/Book2/intro.xhtml
-
OEBPS/Book2/square.jpg
-
OEBPS/Book2/title.jpg
-
OEBPS/Book2/title.xhtml
-
OEBPS/toc.ncx
-
mimetype