security + (8)
Farès is responsible for security at his company. He has had bollards installed around the front of the building. What is Farès trying to accomplish?
Preventing a vehicle from being driven into the building
What is the ideal humidity range for a server room?
40% to 60%
Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?
Authenticate the entire packet
Tim is implementing a Faraday cage around his server room. What is the primary purpose of a Faraday cage?
Block EMI
Jane is concerned about servers in her datacenter. She is particularly worried about EMI. What damage might EMI most likely cause to servers?
Damage to chips (CPU or RAM)
You are concerned about VM escape attacks. Which of the following would provide the most protection against this?
Completely isolate the VM from the host.
What is the primary advantage of allowing only signed code to be installed on computers?
It verifies who created the software
Alisha is monitoring security for a mid-sized financial institution. Under her predecessor there were multiple high-profile breaches. Management is very concerned about detecting any security issues or breach of policy as soon as possible. Which of the following would be the best solution for this?
Continuous monitoring
Liam is responsible for monitoring security events in his company. He wants to see how diverse events may connect. He is interested in identifying different indicators of compromise that may point to the same breach. Which of the following would be most helpful for him to implement?
Correlation engine
Jeff is the security administrator for an e-commerce site. He is concerned about DoS attacks. Which of the following would be the most effective in addressing this?
DDoS mitigator
Carole is concerned about security for her server room. She wants the most secure lock she can find for the server room door. Which of the following would be the best choice for her?
Deadbolt
Molly is implementing biometrics in her company. Which of the following should be her biggest concern?
FAR
Daniel is responsible for physical security in his company. All external doors have electronic smart card access. In an emergency such as a power failure, how should the doors fail?
Fail open
Which device would most likely process the following rules? PERMIT IP ANY EQ 443 DENY IP ANY ANY
Firewall
Daniel works for a mid-sized financial institution. The company has recently moved some of its data to a cloud solution. Daniel is concerned that the cloud provider may not support the same security policies as the company's internal network. What is the best way to mitigate this concern?
Implement a cloud access security broker
Doug is a network administrator for a small company. The company has recently implemented an e-commerce server. This has placed a strain on network bandwidth. What would be the most cost-effective means for him to address this issue?
Implement aggregation switches
Helga works for a bank and is responsible for secure communications with the online banking application. The application uses TLS to secure all customer communications. She has noticed that since migrating to larger encryption keys, the server's performance has declined. What would be the best way to address this issue?
Implement an SSL accelerator
Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this?
Implement port mirroring for that segment
Donald is responsible for networking for a defense contractor. He is concerned that emanations from UTP cable could reveal classified information. Which of the following would be his most effective way to address this?
Implement protected cabling
Gerard is responsible for physical security at his company. He is considering using cameras that would detect a burglar entering the building at night. Which of the following would be most useful in accomplishing this goal?
Infrared-sensing camera
Janice is explaining how IPSec works to a new network administrator. She is trying to explain the role of IKE. Which of the following most closely matches the role of IKE in IPSec?
It establishes the SAs
You have been instructed to find a VPN solution for your company. Your company uses TACACS+ for remote access. Which of the following would be the best VPN solution for your company?
L2TP
You are responsible for an e-commerce site. The site is hosted in a cluster. Which of the following techniques would be best in assuring availability?
Load balancing
When you are concerned about application security, what is the most important issue in memory management?
Make sure you release any memory you allocate.
Darrel is looking for a cloud solution for his company. One of the requirements is that the IT staff can make the transition with as little change to the existing infrastructure as possible. Which of the following would be his best choice?
Off-premises cloud
Clark is responsible for mobile device security in his company. Which of the following is the most important security measure for him to implement?
Patch management
George is a network administrator at a power plant. He notices that several turbines had unusual ramp-ups in cycles last week. After investigating, he finds that an executable was uploaded to the system control console and caused this. Which of the following would be most effective in preventing this from affecting the SCADA system in the future?
Place the SCADA system on a separate VLAN
Juanita is responsible for servers in her company. She is looking for a fault-tolerant solution that can handle two drives failing. Which of the following should she select?
RAID 6
Ixxia is responsible for security at a mid-sized company. She wants to prevent users on her network from visiting job-hunting sites while at work. Which of the following would be the best device to accomplish this goal?
Proxy server
You are the CIO for a small company. The company wants to use cloud storage for some of its data, but cost is a major concern. Which of the following cloud deployment models would be best?
Public cloud
David is responsible for cryptographic keys in his company. What is the best way to deauthorize a public key?
Publish that certificate in the CRL
You are the CISO for a mid-sized health care company. Which of the following is the most important for you to implement?
Regulatory requirements
Mike is a network administrator for an e-commerce company. There have been several updates to the operating system, the web server software, and the web application, all within the last 24 hours. It appears that one of these updates has caused a significant security problem. What would be the best approach for Mike to take to correct this problem?
Roll the server back to the last known good state.
Which of the following is the best description of a stored procedure?
SQL statements compiled on the database server as a single procedure that can be called
When you're implementing security cameras in your company, which of the following is the most important concern?
Security of the camera and video storage
Jacob is the CIO for a mid-sized company. His company has very good security policies and procedures. The company has outsourced its web application development to a well-known web programming company. Which of the following should be the most important security issue for Jacob to address?
Security practices of the web application vendor
You are working for a large company. You are trying to find a solution that will provide controlled physical access to the building and record every employee who enters the building. Which of the following would be the best for you to implement?
Smart card access
Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?
Store the drives in a secure cabinet
Hanz is responsible for the e-commerce servers at his company. He is concerned about how they will respond to a DoS attack. Which software testing methodology would be most helpful in determining this?
Stress testing
Mia is a network administrator for a bank. She is responsible for secure communications with her company's customer website. Which of the following would be the best for her to implement?
TLS
Ryan is concerned about the security of his company's web application. Since the application processes confidential data, he is most concerned about data exposure. Which of the following would be the most important for him to implement?
TLS
Arjun has just taken over web application security for a small company. He notices that some values are temporarily stored in hidden fields on one of the web pages. What is this called and how would it be best characterized?
This is obfuscation, a possible security flaw
What is the primary reason a company would consider implementing Agile programming?
To speed up development time
Thomas is trying to select the right fire extinguisher for his company's server room. Which of the following would be his best choice?
Type C
What is the primary security issue presented by monitors?
Unauthorized users may see confidential data
Teresa is the network administrator for a small company. The company is interested in a robust and modern network defense strategy but lacks the staff to support it. What would be the best solution for Teresa to use?
Use Security as a Service
You are a network administrator for a mid-sized company. You need all workstations to have the same configuration. What would be the best way for you to accomplish this?
Use a master image that is properly configured and image all workstations from that
Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?
Use cryptographic hashes
Which of the following security measures is most effective against phishing attacks?
User training
Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one particular network segment. She is looking for a passive method to get a copy of all traffic to the NIPS network segment so that it can analyze the traffic. Which of the following would be her best choice?
Using a network tap
Which of the following is the best description for VM sprawl?
When there are more VMs than IT can effectively manage