CAS Vol 2
When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?
An assertion ticket
A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company's interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?
1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines
The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which of the following strategies would be MOST effective in conducting an in-depth assessment and remediation of the problems?
1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports; 4. Verify the proxy server is configured correctly and hardened; 5. Continue to monitor the network.
An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?
3DES - SHA
There have been some failures of the company's customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down for 14 total hours over the past month in four separate situations. One of these situations was a two hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the following is the MTTR, based on the last month's performance figures?
4 hours
A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain and the only connection between the networks is via the trusted server. The three zones at the corporation are as followeD. Zone A connects to a network, which is also connected to the Internet through a router. Zone B to a closed research and development network. Zone C to an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage, so the corporation meets compliance requirements. A firewall is deployed on the inside edge of the Internet connected router. Which of the following is the BEST location to place other security equipment?
A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B
When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchronizing system time across all devices through NTP, which of the following is also a common design consideration for remote locations?
A SIEM server with distributed sensors
In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network. Which of the following security measures should the IT organization implement? (Select TWO).
A device lockdown according to policies Encrypt data in transit for remote access
An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT Which of the following should occur to allow VNC access to the server?
A line needs to be added
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
An employee remotely configuring the email server at a relative's company during work hours
A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks. Which of the following risk strategies should be used?
Accept the risks
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?
Add an explicit deny-all and log rule as the final entry of the firewall rulebase
The security administrator at 'company.com' is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following. UDP 192.168.0.1:123 -> 172.60.3.0:123 UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123 UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123 UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123 The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers: 192.168.0.1 192.168.0.112 192.168.0.211 192.168.0.78 Which of the following should the security administrator report to upper management based on the above output?
An NTP client side attack successfully exploited some hosts
The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy. Which of the following security risks still needs to be addressed in this scenario?
An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor
A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks?
Application sandboxing
Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?
Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded
An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to use while implementing this? (Select THREE).
Kerberos NTLM TLS
A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?
LUN masking
Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers who explicitly agreed to being contacted by third parties. Which of the following documents would contain the details of this marketing agreement?
BPA
Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure. The requirements are as follows: Reduce costs Improve efficiencies and time to market Manageable Accurate identity information Standardize on authentication and authorization Ensure a reusable model with standard integration patterns Which of the following security solution options will BEST meet the above requirements? (Select THREE).
Build an organization-wide fine grained access control model stored in a centralized policy data store. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities. Implement automated provisioning of identity information; coarse grained, and fine grained access control.
An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only WEP compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the WPA2 requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?
Create a separate SSID and WEP key on a new network segment and only allow required communication paths.
What of the following vulnerabilities is present in the below source code file named 'AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/common.php"); $username = $_REQUEST['username']; if ($username != "") { echo "Your username is: " . $_REQUEST['username']; }else { header)("location: /login.php"} ?> </html>
Cross-site scripting
A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?
COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community
Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals: Ability to customize systems per department Quick implementation along with an immediate ROI The internal IT team having administrative level control over all products The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services. Which of the following solutions BEST solves the disagreement?
Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision
Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plantspecific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?
Co-mingling of company networks
After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system's security level?
Conduct a vulnerability assessment of the standard image and remediate findings
The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?
Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions
Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?
Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.
A system architect has the following constraints from the customer: Confidentiality, Integrity, and Availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. Which of the following security controls is the BEST to apply to this architecture?
Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices
The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO's concerns?
DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
Which of the following potential vulnerabilities exists in the following code snippet? var myEmail = document.getElementById("formInputEmail").value; if (xmlhttp.readyState==4 && xmlhttp.status==200) { Document.getElementById("profileBox").innerHTML = "Emails will be sent to " + myEmail + xmlhttp.responseText; }
DOM-based XSS
During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?
Data Owner
A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
An ecommerce application on a Linux server does not properly track the number of incoming connections to the server and may leave the server vulnerable to which of following?
Denial of Service Attack
A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company's corporate network that impacted manufacturing lines, causing a week of downtime to recover from the attack. Which of the following reduces this threat and minimizes potential impact on the manufacturing lines?
Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems
Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance. These two systems are essential for keeping the building open for operations. Which of the following controls should the security administrator recommend to determine new threats against the new IP-based access control and video surveillance systems?
Develop a network traffic baseline for each of the physical security systems
A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly formed entity?
Develop a risk analysis for the merged networks.
The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?
Develop the use case for the devices and perform a risk analysis.
An existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprietary corporate data and records. The initial security architect chose to protect the enclave by restricting access to a single physical port on a firewall. All downstream network devices were isolated from the rest of the network and communicated solely through the single 100mbps firewall port. Over time, researchers connected devices on the protected enclave directly to external resources and corporate data stores. Mobile and wireless devices were also added to the enclave to support high speed data research. Which of the following BEST describes the process which weakened the security posture of the enclave?
Emerging business requirements led to the de-perimiterization of the network
Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?
Enable 802.1x on Company B's network devices
A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?
Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
Explain how customer data is gathered, used, disclosed, and managed
Which of the following activities could reduce the security benefits of mandatory vacations?
Have a replacement employee run several daily scripts developed by the vacationing employee.
SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following?
Identity provider and service provider
A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality. Which of the following should the security engineer recommend?
Implement H.235 extensions with DES to secure the audio and video transport
The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?
Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.
After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds that it is impossible to know who did the update since five different people have administrative access. How should the IT manager increase accountability to prevent this situation from reoccurring? (Select TWO).
Implement an enforceable change management system. Enable user level auditing on all servers
Company A is trying to implement controls to reduce costs and time spent on litigation. To accomplish this, Company A has established several goals: Prevent data breaches from lost/stolen assets Reduce time to fulfill e-discovery requests Prevent PII from leaving the network Lessen the network perimeter attack surface Reduce internal fraud Which of the following solutions accomplishes the MOST of these goals?
Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment. The SOC highlighted the following requirements: Perform fingerprinting on unfiltered inbound traffic to the company Monitor all inbound and outbound traffic to the DMZ's In which of the following places should the NIPS be placed in the network?
In front of the Internet firewall and in front of the DMZs
A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?
Inappropriate administrator access
A financial institution has decided to purchase a very expensive resource management system and has selected the product and vendor. The vendor is experiencing some minor, but public, legal issues. Senior management has some concerns on maintaining this system should the vendor go out of business. Which of the following should the Chief Information Security Officer (CISO) recommend to BEST limit exposure?
Include a source code escrow clause in the contract for this system
At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security resources and resulted in a well defined attack surface. The introduction of wireless networks, highly portable network devices, and cloud service providers has rendered the network boundary and attack surface increasingly porous. This evolution of the security architecture has led to which of the following?
Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.
Which of the following are security components provided by an application security library or framework? (Select THREE).
Input validation Secure logging Encryption and decryption
An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?
Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should contain this information?
Interconnection Security Agreement
Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?
Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.
Which of the following is a security concern with deploying COTS products within the network?
It is difficult to verify the security of COTS code because the source is not available to the customer in many cases.
Company ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123 miles) away. This connection is provided by the local cable television company. ABC would like to extend a secure VLAN to the remote office, but the cable company says this is impossible since they already use VLANs on their internal network. Which of the following protocols should the cable company be using to allow their customers to establish VLANs to other sites?
MPLS
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
Modify the SRC and DST ports of ACL 1
An administrator notices the following file in the Linux server's /tmp directory. -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash* Which of the following should be done to prevent further attacks of this nature?
Mount all tmp directories nosuid, noexec
A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?
Move the system to a secure VLAN.
To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI?
Nearly three years
When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?
Perform a vulnerability assessment on Company B's network.
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller. Defending against which of the following attacks should form the basis of the incident mitigation plan?
Privilege escalation
As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor's products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?
Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator's group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).
RADIUS TACACS+
A company data center provides Internet based access to email and web services. The firewall is separated into four zones: RED ZONE is an Internet zone ORANGE ZONE a Web DMZ YELLOW ZONE an email DMZ GREEN ZONE is a management interface There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
RED ZONE: NIPS ORANGE ZONE: WAF YELLOW ZONE: Virus Scanner, SPAM Filter GREEN ZONE: none
The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk?
Require role-based security on primary role, and only provide access to secondary roles on a case-by-case basis.
The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend?
Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices
An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed: <VirtualHost *:80> DocumentRoot "/var/www" <Directory "/home/administrator/app"> AllowOveride none Order allow, deny Allow from all </Directory> </VirtualHost> Which of the following is MOST likely occurring so that this application does not run properly?
SELinux is preventing HTTP access to home directories
The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?
SPML
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
Secure Software Implementation
Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:
Separation of duties.
A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements?
Sign a NDA with a small consulting firm and use the firm to perform Grey box testing
The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments. Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport
Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints?
Test the new solution, migrate to the new solution, and decommission the old solution
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack? The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it. The Reception AreA. The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets. The Rehabilitation AreA. The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only. The Finance AreA. There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.
The Finance Area
The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats. Which of the following should the network administrator do to resolve the performance issue after analyzing the above information?
The IP TOS field of business related network traffic should be modified accordingly
A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?
The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone
During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company's financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue?
The administrator should run an online fuzzer against the login screen.
The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks - specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks
An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?
The data may not be in a usable format
The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?
The firewall will meet the availability requirement because availability will be 99.98%
A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into consideration?
The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO).
The storage network uses FCoE The storage network uses iSCSI
A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?
The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform
The sales staff at a software development company has received the following requirements from a customer: "We need the system to notify us in advance of all software errors and report all outages". Which of the following BEST conveys these customer requirements to the software development team to understand and implement?
The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.
A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior?
The virus is trying to access a virtual device which the hypervisor is configured to restrict
Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step?
Threat: Bridge loop Remediation: Enable spanning tree
A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial: 1. IT staff has no experience with establishing and managing secure on-line credit card processing. 2. An internal credit card processing system will expose the business to additional compliance requirements. Which of the following is the BEST risk mitigation strategy?
Transfer the initial risks by outsourcing payment processing to a third party service provider.
To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following?
Transient identifiers
An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).
Transport encryption Digital signature
The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO).
Users and services are distributed, often times over the Internet SOA abstracts legacy systems as web services, which are often exposed to outside threats
Which of the following is a security advantage of single sign-on? (Select TWO).
Users only have to remember one password Less time and complexity removing user access
A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO).
Virtual Private Network Multifactor authentication for users
A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers. Which of the following security risks can result from the configuration in this scenario?
Visibility on the traffic between the virtual machines can impact confidentiality
A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant's first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).
What corporate assets need to be protected? What are the business needs of the organization? What outside threats are most likely to compromise network security?
A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this?
key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.20.53; }
Virtual hosts with different security requirements should be:
stored on separate physical hosts.