A computer is best described as being comprised of which components:
A. CPU + Hard Drive + RAM + Expansion Slots B. CPU + Input/Output Devices + Secondary memory C. CPU + Memory + Input/Output devices + Bus + Expansion slots D. CPU + Memory + Input/Output devices + Bus 2. Which of the following is true about the CPU A. It contains a control unit which processes information and coordinates as a traffic cop for the CPU B. It often implements a parity mechanism to detect unintentional errors while transferring information C. It connects to RAM using the memory mapper D. Its registers and accumulators are always stored in RAM 3. Which option correctly specifies an order of cycles from longest cycle time to shortest cycle time? A. Machine, clock, instruction B. Clock, interpretation, Machine C. Execution, clock, machine D. Machine, instruction, clock 4. Which of the following is not true about CISC and RISC processor architectures? A. Long fetch times were the impetus for CISC architectures B. CISC has multiple operation codes within a single instruction C. RISC architectures often spend less time decoding instructions than CISC architectures D. Long fetch times were the impetus for RISC architectures 5. The ability for a CPU to fetch the next instruction while processing the existing instruction is referred to as: A. Pipelining B. Just in time C. Prefetching D. Cycle sharing 6. The difference between scalar and superscalar CPUs is: A. Superscalar CPUs can handle more instructions per second than a scalar CPU B. Superscalar CPUs can process more than one instruction at a time C. Superscalar operate on vector operations while scalar operate on scalar operations D. Superscalar has added instructions to handle vector values whereas scalar must use multiple instructions to handle vector values 7. Which is true about CPU states? A. The CPU is in the wait state when the CPU does not have instructions to process and is waiting for any application to need the CPU to process instructions B. The CPU is in the ready state after bootup of the computer C. The CPU is often in the problem state after a parity error or memory access error has occurred D. When the CPU is in a supervisory state, it can access all system components 8. Which of the following refers to an ability to share a CPU between multiple applications? A. Multiprogramming B. Multitasking C. Multiprocessing D. Multiprocess 9. Which of the following refers to a computer architecture with multiple CPUs A. Multiprocessor B. Multitasking C. Multiprocessing D. Multiprocess 10. Which of the following best describes an application that can accomplish multiple tasks within one process? A. Multithreaded B. Multitasking C. Multiprocessing D. Multiprocess 11. If an application forks a child then the application would be? A. Multithreaded B. Multitasking C. Multiprocessing D. Multiprocess 12. A child that is forked from a parent will? A. Inherent many attributes from the parent B. Share memory space with the parent C. Be a clone of the parent D. Run slower than the parent because it lacks its relies on the parent for processing 13. You have been asked to design a new DNS server that has high performance, which of the following would be good choices? A. Choose a multithreaded application so that multiple DNS queries can be handled in parallel B. Choose a multiprocessing application so that multiple DNS queries can be handled in parallel C. Choose a multiprocessor server so that the load can be handled among multiple CPUs D. Use a small amount of RAM on the server, as this will decrease the time required to retrieve instructions from memory 14. Which type of memory can hold its contents after a power cycle? A. DRAM B. Static RAM C. ROM D. Cache memory 15. Which best describes a type of memory must be refreshed to renew the voltage in capacitors? A. NVRAM B. DRAM C. Static RAM D. ROM 16. What is true about EEPROMs and Flash memory A. EEPROM is volatile, Flash memory is not B. Flash memory is volatile, EEPROM is not C. EEPROMS must be erased one byte at a time whereas Flash memory must be erased one block at a time D. Flash memory is slower because it must be erased one byte at a time 17. A tape for a tape drive is considered to be which type of storage? A. Primary B. Tertiary C. Sequential D. Long term 18. Virtual storage is? A. A remote storage mechanism, such as NFS which allows the applications to assume that the storage is local B. A swap file C. The entire hard drive D. Real storage and secondary storage 19. A program must use information that was supposed to be stored in RAM but was stored on a hard drive instead. The name for this process is? A. Paging B. Relocating C. Rearranging D. Data dumping 20. Which type of memory addressing is being used when a program knows of a particular memory location, but this location holds a reference to another memory location? A. Reflexive B. Indexed C. Indirect D. Absolute 21. Firmware refers to? A. Software under a strict license so that it cannot be freely modified B. Software loaded into ROM C. Software that is compiled D. Software that is unchangeable 22. Which type of I/O requires the CPU to generate a special signal on the bus to alert that the instruction is for a I/O device rather than the memory? A. Isolated B. Memory-mapped C. Direct Notification D. Marked 23. Which of the following memory management operations does an operating system often not perform? A. Purge contents of memory B. Manage swapping between primary and secondary storage C. Track memory locations that are available for use D. De-allocate memory 24. Which of the following are true about a compiled program that was compiled for a Sparc workstation and was attempted to be run natively on an Intel platform? A. If the software was written in C, which has been ported to multiple architectures, then it would run natively B. The machine codes are different for each architecture, so the program would not run C. Sparc workstations have more memory and there would be memory size issues D. Sparc workstatsions are faster than Intel platforms and the increase in speed would cause the program to be misinterpreted 25. What is the purpose of a disassembler? A. Disassemble assembly code into machine code B. Translate machine code into byte code C. Translate assembly code into source code D. Translate machine code into assembly code 26. What is the purpose of a cross assembler? A. Ease assembly by creating a platform neutral assembly code B. Create bytecode C. Convert assembly to machine code, but conduct this process on a computer with a different type of assembly D. Convert machine code to assembly, but conduct this process on a computer with a different type of machine code 27. Which of the following will compile one line of source code at a time each time a program is run? A. Cross compiler B. Interpreter C. Disassembler D. Assembler 28. Which of the following is an example of a 3GL language? A. Fortran B. SQL C. Assembly D. LISP 29. TCB is? A. The product being evaluated for accreditation B. The list of security mechanisms enforcing security within a computer system C. A term created by the common criteria D. A laundry list of requirements 30. Which of the following is an abstract concept that mediates all access between subjects and objects? A. Access controller B. Security kernel C. Access control matrix D. Reference Monitor 31. Which of the following is correct? A. Elements in protection ring 3 can access all objects in ring 3,2,1, and 0 B. Elements in protection ring 2 can access all objects in ring 2 and 3 C. IO drivers are usually in protection ring 3 D. The kernel is in protection ring 3 32. The orange book is a common name for? A. TCSEC B. ITSEC C. Common Criteria D. The rainbow series 33. The orange book defines? A. Four levels of trust to be placed in a computer system B. Four levels of security that a computer system can have C. Standards for specific technologies to use to achieve a given rating D. Baselines for vendor products that should be adhered to in order to achieve a given rating 34. Of the following, which is the lowest Orange book rating? A. A1 B. B3 C. C2 D. C1 35. Who is the intended audience for a trusted facility manual? A. System administrators B. Data owners C. Senior management D. Facility maintenance crew 36. Which is the lowest level rating where a computer system must implement labels? A. D B. C2 C. B1 D. B3 37. The difference between the highest B rating and the highest A rating is? A. Computer systems must have multiple labels B. Computer systems must implement database views C. Computer systems must create more granular and encompassing audit trails D. Computer systems must be built and tested with greater amounts of verification, which includes testing against formal models 38. The red book is the common name for? A. TCSEC B. TDI C. TNI D. Common Criteria 39. The red book unlike the orange book does discuss? A. Integrity B. Confidentiality C. Accountability D. Documentation 40. A major difference between TCSEC and ITSEC is? A. One relates to trust the other to security B. ITSEC has two grades for any evaluated system, while TCSEC has one C. ITSEC was developed by a different group within the united states D. TCSEC is better than ITSEC 41. Which is not true about the implementation of a reference monitor? A. The implementation is referred to as the security kernel B. The implementation should enforce the policy for every possible access C. The implementation should not be isolated so that application can notify the implementation of policy changes D. The implementation should be as small as possible
42. If a rating of F5 + E5 = B3 what would A1 be equal to?
A. F4 + E4 B. F6 + E6 C. F6 + E5 D. F5 + E6 43. Which is true of certification and accreditation? A. The same people conduct the process B. The process is the same, just with different people C. Certification is more technically oriented and thus is performed by more technical people D. Accreditation is performed prior to certification 44. Which is a standard for accreditation and certification? A. DITSCAP B. NICAP C. TCSEC D. CAPGEM 45. For the Bell-Lapadula model, what is the * property? A. A subject at a lower level of clearance cannot access information at a higher level of classification B. A subject at a higher level of clearance cannot write information at a lower level of classification C. A subject at a lower level of integrity cannot write information at a higher level of integrity D. A subject at a higher level of integrity cannot read information at a lower level of integrity 46. For which security mode do all users have clearance at or above all information inside a system but may not have the authorization or need to know for all information inside the system? A. System High B. Multilevel Security C. Dedicated D. Compartmented 47. What does positive flow for water and gas lines refer to? A. Water and gas should have particles of positive polarization added to them to minimize fire risks B. Water and gas should flow outside unless desired to flow inside C. Water and gas should flow inside unless desired to flow outside D. Water and gas should have particles of negative polarization added to minimize fire risks 48. Which of the following is the most important resource to protect? A. Mainframes B. Databases and tape backups C. Power Circuits D. People 49. Which is not an administrative control that can improve physical security? A. Access Log for facility entry/exit B. Fencing around perimeter C. Emergency procedures D. Pre-employment screening 50. What is the difference between EMI and RFI with regards to cabling? A. RFI will interfere with availability while EMI will not B. EMI is always at the frequency that the desired signal operates at while RFI is not C. Opposite of option B D. EMI is produced internal to cabling, RFI is produced by sources outside of cabling 51. Which is associated with a power loss? A. Fault B. Brownout C. Sag D. Surge 52. Which is the type of UPS system which always supplies power to equipment regardless of the state of the primary power source? A. Concurrent B. Online C. Steady State D. Constant 53. At what temperature will paper products become damaged? A. 50F B. 175F C. 400F D. 350F 54. Which is true about humidity? A. The lower the humidity the more problems with static electricity B. A hydrometer is used to measure humidity C. The optimal humidity range for computer systems is between 10 and 20% D. None of the above 55. Statistically, most fires are caused by? A. Nature B. Smoking C. Arsonists D. Electrical failures 56. Which fire detection method detects changes in light? A. Smoke Actuated B. Flame Actuated C. Heat Actuated D. All of the above 57. For which class of fire would soda acid be appropriate? A. A B. B C. C D. All of the above 58. For which of the following suppression methods it be most necessary to have a delay mechanism? A. Water B. Halon C. CO2 D. Soda Acid 59. Since Halon was found to have a negative effect on ozone, what is the most common replacement? A. NAF-S-III B. FM-200 C. Water D. Hydrogen 60. Which of the following water sprinklers should you use in a cold environment? A. Deluge B. Dry C. Wet D. None. Use another type of fire suppression. 61. For building emergency exit doors, what type of locks would be appropriate? A. Fail Safe B. Fail Soft C. No locks D. None of the above 62. When people must go through an area with two sets of doors (one behind and one in front) so that a guard can check credentials, we refer to this as? A. Trap door B. Containment unit C. Man trap D. Visitors Desk 63. When using lights for perimeter protection, the candle is recommended to be ____ by the NIST? A. 10 ft high, 2 ft wide B. 8 ft high, 2 ft wide C. 10 ft high, 3 ft wide D. 8 ft high, 3 ft wide 64. Which of the following types of wireless proximity readers does not have a internal power supply? A. Directed B. Passive C. Field-powered D. Transponders 65. Which of the following is not a detection mechanism? A. CCTV (Closed Circuit TV) B. Photoelectric (beam of light) C. Wave pattern (send wave and expect known reflection) D. Accoustical-seismic (monitor sounds and vibrations) 66. Which is the term used to describe the process of evaluating an encryption algorithm for weaknesses? A. Cryptology B. Crypto Forensics C. Cryptanalysis D. Hacking 67. The initial communication between a web browser and web server is encrypted with which category of encryption? A. Asymmetric cryptography B. Symmetric cryptography C. RSA D. Stream Cipher 68. What can be said about FBI being cleartext and ELI being ciphertext? A. Transposition did not happen B. Substitution happened C. Substitution and transposition must have happened D. The cipher must have been a block cipher 69. The Ceasar cipher and the ROT13 cipher are similar in which respects? A. Both rely on transposition B. Both rely on substitution C. Both rely on substitution and the substitution is always based on the position/order of letters in an alphabet D. Both relay on transposition and the transposition is always based on the position/order of letters in the alphabet 70. Bob will verify alices digital signature by? A. Using his private key to decrypt the signed hash value B. Using his public key to decrypt the signed hash value C. Using her public key to decrypt the signed hash value D. Using her private key to decrypt the signed hash value 71. Which of the following provides non-repudiation A. Secret key encryption B. Asymmetric encryption C. MAC D. Hash 72. XOR 1011 with 0011 and the result is? A. 1111 B. 0100 C. 1011 D. 1000 73. Which of the following is known as unconditionally secure because no matter the amount of ciphertext is uncovered, the scheme cannot be broken? A. Strong Encryption B. One-time PAD C. XOR D. Stream Ciphers 74. A large block size decreases the performance of a block cipher, why? A. More rounds are required to achieve the same level of confusion and diffusion B. The avalanche effect doesnt happen with large block sizes so more rounds are required C. Since the block size is larger there will be more cleartext to encrypt D. None of the above 75. The main difference between digital signatures and MACs is? A. MACs dont use hashes B. Digital signatures dont use hashes C. MACs do not provide any encryption of data D. Digital signatures use asymmetric encryption algorithms while MACs use symmetric 76. The receiver verifies that a message with a MAC has not been tampered with by? A. Decrypt the secret key that the sender sends with the message B. Decrypt the MAC with a shared secret, unhash the hash value, and compare to original message C. Decrypt the MAC with a shared secret, hash the message sent and compare this hash with the hash sent D. Decrypt the MAC with the private key of the receivers private/public key pair, unhash the hash value, and compare to the original message 77. Which of the following examples is an early form of a stream cipher? A. UK-TYPEX B. Japan-Purple C. Germany-Enigma D. Haeglin 78. A hacker has fabricated a few messages to send across an encrypted link and has sniffed the wire to determine the corresponding ciphertext. The hacker will now attempt to determine the cleartext version of some ciphertext he/she did not create. This type of attack is called? A. Wireline Snooping B. Eavesdropping C. Chosen Plaintext D. Birthday attack 79. Which of the following is true? A. With confusion the key will be scrambled, with diffusion, it will not B. Diffusion relates to stream ciphers while confusion related to block ciphers C. Confusion corresponds to a single change in a key creating a significant change in ciphertext D. Diffusion relates to a single change in a key creating a significant change in ciphertext. 80. An attack where the attacker finds two messages that generate the same hash value in order to replace the one that is eventually signed with the one that he/she would actually like to send is called? A. Collision attack B. Birthday Attack C. Salami Attack D. Avalanche Attack 81. What can be done to minimize the probability of a hash function creating the same hash value for two different messages? A. Change the size of the hash value B. Increase the hash functions upper level C. Decrease the hash functions lower level D. All of the above 82. Which of the following is true about key management? A. Keys may not be in plaintext form B. Keys may be in plaintext form while inside a cryptographic module C. Split knowledge procedures increase the risk of misuse D. Usually full keys are stored at an escrow agency 83. For which of the following is the actual session key sent with an encrypted message? A. Key escrow at a single agency B. Key escrow at multiple agencies C. Key recovery D. All of the above 84. Which best describes a special class of block ciphers where the ciphertext is calculated from the plaintext by repeated application of the same function with each iteration using a separate sub-key? A. DES ciphers B. Feistel ciphers C. IDEA D. Lucifer 85. How many rounds does DES use? A. 18 B. 6 C. 16 D. 8 86. What is the most common block size for block ciphers? A. 64 bytes B. 32 bits C. 4 bytes D. 64 bits 87. 6 bits are presented as input to DESs S-boxes, how many bits are in the output? A. 6 bits B. 16 bits C. 4 bits D. 1 bit 88. What is the physical number of bits in a DES key? A. 56 B. 64 C. 128 D. 48 89. How many bits long are DES subkeys? A. 40 B. 128 C. 64 D. 48 90. Which block cipher modes will produce the same ciphertext given the same plaintext? A. CBC B. ECB C. CFB D. OFB 91. Which of the following block cipher modes simulates a stream cipher? A. CBC B. OFB C. ECB D. All of the above 92. 2DES was not considered significantly more secure than DES because? A. Salami attack B. Man in the middle attacks C. Birthday attacks D. Meet in the middle attacks 93. Which of the following is true about 3DES? A. The algorithm has 16 rounds B. Two or three keys can be used to implement the algorithm C. It is now the AES D. 3DES algorithm used in 3DES was only slightly modified to compensate for the larger key size 94. Bruce Schneier is well known for which of the following encryption algorithms? A. IDEA B. CAST C. 3DES D. Blowfish 95. Which of the following has a single key size? A. CAST B. RC5 C. IDEA D. None of the above 96. The AES is which type of encryption algorithm? A. Asymmetric block cipher B. Asymmetric stream cipher C. Symmetric block cipher D. Asymmetric stream cipher 97. Which algorithm was adopted as AES? A. 3DES B. Twofish C. Rijndael D. RC6 98. Which of the following algorithms was used in the clipper chip? A. DES B. 3DES C. Skipjack D. Safer 99. Which of the following hash functions has the least probability of encountering a collision? A. MD2 B. SHA-1 C. MD5 D. HMAC 100. Which encryption algorithm does SHA-1 use? A. DES B. RSA C. Blowfish D. None of the above 101. Which is the most common standard for defining the structure of digital certificates? A. X.500 B. X.400 C. LDAP D. X.509 102. When generating a new certificate to be signed by a certificate authority? A. The CA creates the public/private key pair B. The end user creates the public/private key pair C. The end user usually creates the public/private key pair but in some instances the CA creates the public/private key pair D. The escrow service creates the public/private key pair 103. The CA will sign a CSR with? A. Your public key B. Their public key C. Their private key D. Your private key 104. Which of the following is Neal Koblitz responsible for? A. Asymmetric Encryption B. Elliptical Curve Encryption C. Hacking into companies like Nokia and Sun Microsystems D. Invention of the first rotor encryption machine 105. Which of the following technologies is not e-mail related? A. S-SMTP B. PEM C. MOSS D. PGP 106. Which of the following is a standard created by Visa and Mastercard? A. S-HTTP B. HTTPS C. SET D. SSH 107. Which of the following IPSEC modes protects the payload only? A. Transport B. Embedded C. Tunnel D. Selective 108. When sending TCP traffic from one location to another across an IPSEC VPN, how many SPIs and SAs are needed? A. 1 and 2 B. 1 and 1 C. 2 and 2 D. 2 and 1 109. Which of the following is used to automatically share keys between two IPSEC peers? A. Out of Band mechanisms B. IKE C. SSH D. EXPECT 110. Which of the following activities would result in step by step procedures for handling an earthquake? A. BCP B. BIA C. DRP D. DRI 111. Once the business is operating as usual after a disaster, the are in ____ mode? A. Recovery B. Resumption C. Restoration D. Reliance 112. Which is the component that will describe how the business would be affected after a particular disaster? A. BCP B. DRP C. BIA D. DRI 113. Reciprocal Agreements for disaster recovery are? A. Excellent means to guarantee redundancy B. Mostly used by companies without adequate budgets to use other strategies C. Are enforceable D. All of the above 114. Warm sites for disaster recovery ? A. Usually do not have WAN links provisioned B. Usually have all of the hardware installed, but not turned on C. Usually have special delivery contracts/agreements with vendors D. None of the above 115. Software backups should? A. Be tested for backup and restore functionality on a periodic basis B. not be stored in a fire resistant safe C. A single backup should be made for each backup required and the backup should be stored offsite 116. Which is not true about DRP testing? A. Management will often need to be convinced of its need B. Should be conducted at least once a year C. Will demonstrate the ability of the DRP plan to actually recover from a significant loss D. Should not cause any downtime, as meticulous documentation is required prior to executing the tests 117. The IAB is largely concerned with ethical issues surrounding? A. International exportation B. The Internet C. Intelligence leakage D. Reciprocal Agreements 118. With regards to MOM, motivation refers to? A. Where and when of a crime B. Capabilities of a criminal to commit crime C. Who and why of a crime D. None of the above 119. Which of the following is a group of phreakers that public a quarterly mangazine? A. 414 club B. 2600 group C. Phrack D. Chaos club 120. Which group was responsible for Back Orifice? A. The humble guys B. Phrack C. 414 club D. Cult of the Dead Cow 121. The reason why many cyber crimes have not be caught or stopped is? A. Difficulty in identifying hackers B. Often there are no laws pertaining the cyber crimes, which makes prosecution much more difficult C. Investigations are often handled poorly and evidence is lost or not admissible in court D. All of the above 122. Which of the following is a true statement about liability? A. As long as due care is made, the business is not risk of being sued B. A company that allows its computer resources to be used to enter another company is always held liable based on downstream liability C. Management must adhere to the prudent man rule in order to minimize their liability D. None of the above 123. Civil (tort) law deals with? A. Government agencies, and the regulations that pertain to them B. Individual activities that violate government laws and breaking such laws will usually result in a jail sentence. C. Wrongs against individuals or companies that usually result in financial restitution D. None of the above 124. Which of the following protects from unauthorized distribution or modification of original work? A. Patent B. Trademark C. Trade Secret D. Copyright 125. Which of the following is not a group formed to battle software piracy? A. FAST B. BSA C. SPA D. BBR 126. Which is not a correct step when conducting forensics activities? A. Make duplicates of hard drives B. Reboot first to prevent an attacker from continuing activities C. Tag all evidence D. Maintain the chain of custody and chain of custody logs 127. What is the main difference between interviewing and interrogating? A. Interrogation and interviewing are the same, just performed by different people B. Interviewing has a goal of discovering information and obtaining a confession, while interrogation has a goal of collecting evidence for a trial C. Interviewing cannot be conducted so poorly that the interviewer can be held liable D. None of the above 128. Which legislation requires that financial institutions implement risk management? A. HIPPA B. CIPA C. Gramm Leach Bliley D. G8 129. Which international effort to fight computer crime was formed in part because of the success of the ILOVEYOU virus? A. Interpol B. Europol C. G8 D. None of the above 130. Which type of phreaking box simulates the sound of coins dropping? A. Blue Box B. Red Box C. Black Box 131. The main difference between a data warehouse and a database is? A. A data warehouse houses all data in an organization B. A data warehouse centralizes data from multiple databases C. Databases are slower than data warehouses D. None of the above 132. What does normalizing data in a data warehouse mean? A. Redundant data is removed B. Numerical data is divided by a common factor C. Data is restricted by a user interface D. Data is converted into information 133. What is a neural network? A. Hardware and/or software that emulate the reasoning of an expert B. A large network serving hospital centers C. Hardware or software that emulate the biological function of neurons D. None of the above 134. In a object oriented system, polymorphism denotes: A. When objects have the same method but the method returns different results B. When a class inherits attributes and operations from a parent or superclass C. When different objects have the same method and the method returns the same results D. None of the above 135. The most common software development cycle found in the government is? A. Spiral B. Prototype C. Waterfall D. Incremental 136. What is searching for correlations in data within a data warehouse referred to as? A. Building a data dictionary B. Data mining C. Configuration management D. Data indexing 137. Which of the following implements a centralized authorization service? A. Corba B. ActiveX C. COM D. DCE 138. Which is the term used to describe when a database has the multiple copies of the same primary key each stored with respect to a classification level? A. Database views B. Polyinstantiation C. Inheritance D. Normalization 139. Malware that relies on other code in order to propagate and infect is called? A. Trojan B. Virus C. Worm D. All of the above 140. A buffer overflow vulnerability is caused by? A. Backdoors B. Trapdoors C. Trojans D. Improper bounds checking 141. Which type of virus infects more than one location in a computer? A. Diverse B. Stealth C. Multipartite D. Duplicative 142. The OMG is responsible for which object oriented technology? A. Corba B. DOM C. DCOM D. DCE 143. An instance of a class is referred to as? A. A subclass B. An object C. An inheritance D. A for loop 144. At which stage of the application development lifecycle should the security department become involved? A. Prior to implementation B. Planning and Requirments C. System testing D. Unit testing 145. What security concern is related to applications created by a third party? A. Maintenance hooks B. They operate in privileged mode C. Their source code is verifiable D. They bypass the security kernel 146. Which is commonly used to retrofit security into a database system? A. Trusted back-end B. Audit trail C. Trusted front-end D. Controller 147. When a database error has been detected which requires a backout process, a mechanism that allows the database to backout to a particular moment in time is? A. Restarter B. Reboot C. Journal D. Checkpoint 148. A shareware file download and sharing utility is downloaded from a website. It is later discovered that this application was sending all keystrokes to a remote computer. This type of malware is referred to as? A. Virus B. Worm C. Trojan Horse D. Logic Bomb 149. Why are shared user IDs detrimental in the review of audit trails? A. They show which files were altered B. They dont hinder the review C. They prevent the attacker from being narrowed down to a single user D. They minimize the chance of determining the actual identify of a hacker