CASP Updated Pt. 4
The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signature controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request? A. 1. Perform ongoing research of best practices 2. Determine current vulnerabilities and threats 3. Apply Big Data techniques 4. Use antivirus control B. 1. Apply artificial intelligence algorithms for detection 2. Inform the CERT team 3. Research threat intelligence and potential adversaries 4. Utilize threat intelligence to apply Big Data techniques C. 1. Obtain the latest IOC's from open source repositories 2. Perform a sweep across the network to identify positive matches 3. Sandbox any suspicious files 4. Notify the CERT team to apply a future proof threat model D. 1. Analyze current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms
1. Analyze current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms
A security administrator installed an SSH daemon on a server and configured the server for SFTP. The company auditor requested the implementation of the following requirements: Users should not be able to execute local commands on the server. The SFTP process should be isolated from accessing system resources is does not need. Which of the following should the security administrator configure on the SFTP server to ensure compliance? (Select TWO) A. The user's home directory should be removed from the passwd file. B. A rootjail should be configured on the server. C. An SFTP server shell should be configured as the users' shell. D. The SSH deamon's default shell should be replaced with /sbin/noshell. E. The SFTP service should run as the user nobody:ssh.
A rootjail should be configured on the server The SFTP service should run as the user nobody:ssh
A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company's current ISP cost is more effective, the ISP is too slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BEST way for the administrator to mitigate the effects of these attacks? A. Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts B. Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device C. Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream server D. Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection
Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream server
Given the following output from a local PC: C:\ipconfig Windows IP Configuration Wireless LAN adapter Wireless Network Connection Connection-Specific DNS Suffix Network Connection: Link-local IPv6 Address . . . . . : fe80::4551:67ba:77a6:62e1%11 IPv4 Address . . . . . . . . . . . : 172.30.0.28 Subnet Mask . . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 172.30.0.5 c:\> Which of the following ACLs on a stateful host based firewall would allow the PC to serve an intranet website? A. Allow 172.30.0.28:80 -> ANY B. Allow 172.30.0.28:80 -> 172.30.0.0/16 C. Allow 172.30.0.28/16 -> 172.30.0.28:443 D. Allow 172.30.0.28/16 -> 172.30.0.28:53
Allow 172.30.0.28:80 -> 172.30.0.0/1
A company has gone through a round of phishing attacks. More than 200 users have had their workstations infected because the clicked on a link on an email. An incident analysis has determine an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again. Which of the following would BEST prevent this from happening again? A. Antivirus B. Patch management C. Log monitoring D. Application whitelisting E. Awareness training
Application whitelisting
The security administrator is reviewing the following log: PERMIT 192.168.1.10:3030 -> 5.3.7.20:80 APPLICATION=SSH PERMIT 172.16.3.45:2034-> 8.8.8.8:53 APPLICATION=HTTP Which of the following will prevent unauthorized use of ports? A. Web application firewall B. Stateful firewall C. Stateless firewall D. Transparent proxy E. Reverse proxy F. Application-aware firewall
Application-aware firewall
A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan report includes the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0) Threat actor: any remote user of the web server Confidence: certain Recommendation: apply vendor patches Which of the following actions should the security analyst perform FIRST? A. Escalate the issue to senior management. B. Apply organizational context to the risk rating. C. Organize for urgent out-of-cycle patching. D. Exploit the server to check whether it is false positive.
Apply organizational context to the risk rating.
A company is centralizing all systems administration operations into a new team. Security team is losing administrative rights to the security tools on which it relies, which of the following the MOST important capability for the team to establish? A. Audit logging of which administrator last logged into each security device. B. At MOU regarding the responsibilities of the administrators C. Relocation of all operational security tasks into the new team D. An SLA setting maximum allowable downtime of tools.
At MOU regarding the responsibilities of the administrators
A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. The division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task? A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs. B. Interview employees and managers to discover the industry hot topics and trends. C. Attend meetings with staff, internal training, and become certified in software management. D. Attend conferences, webinars, and training to remain current with the industry and job requirements.
Attend conferences, webinars, and training to remain current with the industry and job requirements.
A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized data center and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of Company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred? A. Both VMs were left were left unsecured and an attacker was able to exploit network vulnerabilities to access each VM and move the data B. A stolen two-factor token was used to move data from one virtual guest to another host on the same network segment C. A hypervisor server was left unpatched and an attack was able to use a resource exhaustion attack to gain unauthorized access D. An employee with administrative access to the virtual guest was able to dump the guest memory onto a mapped disk
Both VMs were left were left unsecured and an attacker was able to exploit network vulnerabilities to access each VM and move the data
A company has noticed recently that its corporate information has ended up on an online forum. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO). A. Implement a URL filter to block the online forum. B. Implement NDS on the desktop and DMZ networks. C. Conduct security awareness compliance training for all employees. D. Implement DLP on the desktop, email gateway, and web proxies. E. Review security policies and procedures.
Conduct security awareness compliance training for all employees. Implement DLP on the desktop, email gateway, and web proxies
An IT security architect is redesigning a directory service solution for a large international organization used for identification and authentication purposes. The company has several directories holding different user communities. These repositories are being used from different local applications and are physically dispersed around the world, user attributes are being locally administered by different teams. The security architect is required to quickly provide a non-disruptive solution so a new corporate application has a single LDAP access view of all existing user repositories. Which of the following is the BEST solution? A. Deploy a meta-directory in which a existing directories are seen as a single distributed directory B. Deploy a meta-directory, which is a copy of all existing directories C. Deploy a new directory, handling all information from all directories, and remove any previous D. Deploy a new directory in addition to the existing ones
Deploy a meta-directory in which a existing directories are seen as a single distributed directory
While analyzing network traffic, a security engineer discovers that confidential emails were passing between two users who should not have had this information. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent the users from removing emails such as these from their accounts? (Select TWO). A. Digital Signature B. TSIG code signing C. Legal hold D. Authentication hashing E. Transport encryption
Digital Signature Legal hold
There have been several recent ransomware outbreaks at a company that have cost a significant amount of lost revenue. The security team has been tasked with finding a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks: Stop malicious software that does not match a signature Report on instances of suspicious behaviour Protect from previously unknown threats Augment existing security capabilities Which of the following tools would BEST meet these requirements? A. Host-based firewall B. EDR C. HIPS D. Patch management
EDR
Junior network technicians have been reviewing router configurations to better learn the environment. Several junior network technicians gained unauthorized access to mission-critical routers. Which of the following controls would BEST prevent this from reoccurring? A. Use transport layer security to the router's management console B. Restrict access to the router from the junior network technicians' computers C. Enable SSH, and change the default SSH port assignments D. Encrypt password that were stored on the router in plaintext.
Encrypt password that were stored on the router in plaintext.
A company is getting billed for excess network usage, even though its usage has not changed. The company's wireless network has been slow. The number of hosts on the network exceeds the number of wireless devices the company owns. The company has WEP-encrypted access points cascading off a router. Which of the following would solve the issue? (Select Two). A. Encrypt the wireless points using WPA2 B. Disable SSID broadcast C. Use MAC filtering based on company devices D. Change the antenna placement E. Perform a site survey
Encrypt the wireless points using WPA2 Use MAC filtering based on company devices
The government is concerned with remote military missions being negatively impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following: End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldier to securely communicate with families Layer 7 inspection and TCP/UDP port restrictions, including firewall rules to only allow TCP port 80 and 443 and approved application A host-based whitelist of approved websites and applications that only allow mission-related tools and sites The use of satellite communication to include multiple proxy servers to scramble the source IP address Which of the following is of MOST concerning in this scenario? A. Malicious actors intercepting inbound and outbound communication to determine the scope of the mission B. Family members posting geotagged images on social media that were received via email from soldiers C. The effect of communication latency that may negatively impact real-time communication with mission control D. The use of centrally managed military network and computers by soldiers when communicating with external parties
Family members posting geotagged images on social media that were received via email from soldiers
The director of security is performing a penetration test to validate the findings discovered during a vulnerability scan of a remote office site. The network at the remote site was set up by an external vendor who was supposed to configure the network to corporate standards. Which of the following BEST describes this type of test? A. False positive B. White box C. Black box D. Gray box
Gray box
During an audit of firewall rules, an auditor noted that there was no way to find out who had allowed port 3389 to be available to the Internet. The auditor gave the company a negative mark on their audit, and requested that within 30 days the company produce a written plan to deal with such items in the future. Given the scenario, which of the following will be MOST effective in securing the firewall? A. Implement an identity management system. B. Utilize PAT on the firewall for well-known ports. C. Implement a detailed change management system. D. Implement role-based access control on the firewall.
Implement a detailed change management system.
A large organization tasks a security engineer with developing a workstation configuration that will best allow incident responders to perform forensic analysis on a system when needed. Which of the following is the BEST option for the engineer to recommend? A. Install software that hashes every file written to the hard drive and compares the hashes to known signatures B. Install software that examines the hard drive and system memory for indicators of compromise C. Install software that allows acquisition of live system recovery memory as well as files from the hard drive D. Install software that periodically writes memory to disk and transfers it to a central server
Install software that allows acquisition of live system recovery memory as well as files from the hard drive
Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement? A. Business partnership agreement B. Memorandum of understanding C. Service-level agreement D. Interconnection security agreement
Memorandum of understanding
The security engineer receives an incident ticket from the help desk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53? A. ping B. NESSUS C. nslookup D. NMAP
NMAP
A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Select TWO) A. Network engineer B. Service desk personnel C. Human resources administrator D. Incident response coordinator E. Facilities manager F. Compliance manager
Network engineer Facilities manager
Software was deployed with an installer containing keys used to validate communication with the vendor's server. Which of the following goals does this achieve? A. Non-repudiation B. Out-of-band key exchange C. Transport security D. Data-at-rest encryption
Non-repudiation
One of the objectives of a bank is to instill a security awareness culture. Which of the following are techniques that could help achieve this? (Select TWO) A. Blue teaming B. Phishing simulation C. Lunch-and-learn D. Random audits E. Continuous monitoring F. Separation of duties
Phishing simulation C. Lunch-and-learn
An intrusion detection system sent an alert to the management console about an event. The security administrator reviews the firewall logs and analyzes the following entries: Mar 22 2015 09:15:18:256 denied 10.10.10.1/32 -> 192.168.1.100(20) Mar 22 2015 09:15:18:276 denied 10.10.10.1/32 -> 192.168.1.100(21) Mar 22 2015 09:15:18:296 denied 10.10.10.1/32 -> 192.168.1.100(22) Mar 22 2015 09:15:18:301 denied 10.10.10.1/32 -> 192.168.1.100(23) Mar 22 2015 09:15:18:346 denied 10.10.10.1/32 -> 192.168.1.100(24) Mar 22 2015 09:15:18:368 denied 10.10.10.1/32 -> 192.168.1.100(25) Mar 22 2015 09:15:18:381 denied 10.10.10.1/32 -> 192.168.1.100(26) Which of the following tools is being used to perform these events against the organization? A. Ping sweeper B. Protocol analyzer C. Fuzzer D. Port scanner
Port scanner
At a meeting, the system administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web server can be obtained publicly and is not proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take? A. Refer to and follow procedures form the company's incident response plan B. Call a press conference to explain that the company has been hacked C. Establish chain of custody for all systems to which systems administrator has access D. Conduct a detailed forensic analysis of the compromised system E. Inform the communication and marketing department of the attack details
Refer to and follow procedures form the company's incident response plan
An insurance company has an online quoting system for insurance premiums. The system allows potential customers to fill in certain details about their cars and obtain quotes. During the investigation, the following patterns were detected: Pattern 1 - Analysis of the logs identifies that insurance premiums forms are being filled in, but only single fields are being updated incrementally. Pattern 2 - For every quote completed, a new customer number is created. Due to legacy systems, customer numbers are running out. Which of the following attack types is the system susceptible to, and what is the BEST way to defend against it? (Select TWO) A. Apply a hidden field that triggers a SIEM alert B. Cross-site scripting attack C. Resource exhaustion attack D. Input a blacklist of all known BOT malware IPs into the firewall E. SQL injection F. Implement an in-line WAF and integrate into SIEM G. Distributed denial of service H. Implement firewall rules to block the attacking addresses
Resource exhaustion attack Implement an in-line WAF and integrate into SIEM
A company is deploying smartphones for the mobile workforce. The devices will be used for personal and business use, but are owned by the organization. Sales personnel will save new customer data via a custom application developed by the company. This information will integrate with the phones' contact information application storage and populate new records into it. The custom application's data is encrypted at rest and the connection to the back office is considered secure. The Chief Information Security Officer (CISO) has concerns that the customer contact information might accidentally leak due to the devices' limited security capabilities and controls planned. What is the MOST effective security control to implement to lower the risk? A. Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information B. Restrict screen capture features on the device when using the custom application and the contact information C. Restrict contact information storage dataflow so that it is only shared with the custom application D. Require complex passwords for authentication when accessing the contact information
Restrict contact information storage dataflow so that it is only shared with the custom application
The board of financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Select TWO) A. Review the CVE database for critical exploits over the past year B. Use social media to contact industry analyst C. Use intelligence gathered from Internet relay chat channels D. Request information from security vendors and government agencies E. Perform a penetration test of the competitor's network and share the results with the board
Review the CVE database for critical exploits over the past year Request information from security vendors and government agencies E. Perform a penetration t
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, "criticalValue" indicates if an emergency is underway: try { if (criticalValue) openDoors = true else OpenDoors = false } catch (e) { OpenDoors = true } Which of the following is the BEST course of action for a security analyst to recommend to the software developer? A. Rewrite the software to implement fine-grained, conditions-based testing B. Add additional exception handling logic to the main program to prevent doors from being opened C. Apply for a life-safety-based risk exception allowing secure doors to fail open D. Rewrite the software exception handling routine to fail in a secure state
Rewrite the software exception handling routine to fail in a secure state
An organization is in the process of implementing a SaaS customer relationship system for its bankers. The SaaS provider supports standards-based authentication integration mechanisms. There are a number of requirements that need to be met as part of the deployment, including: - The bankers will not need to enter a password to access the system once logged onto the network. - The access provisioning process into the SaaS system will be part of the authentication request. - Authorization to the system will be based on existing groups and permissions. Which of the following MUST be implemented to meet all the above requirements? A. OAUTH1.0 provider B. OAUTH2.0 provider C. SAML2.0 provider D. OpenID provider
SAML2.0 provider
A security engineering for an enterprise must develop and release web server configuration requirements for subordinate organizational units, and monitor the configuration state and status of all servers across the enterprise. The engineer needs to be able to automatically update and deploy these configurations monthly. Which of the following technologies would help the engineer? A. SAML B. SCAP C. SDLC D. SOAP
SCAP
The Chief Information Security Officer (CISO) informs the team that since the organization will sign an NDA with any potential suppliers, the most current industry evaluation should details of tests performed by the supplier's auditors and the associated results. Based on the requirements provided by the CISO, which of the following reports should be requested in the RFP? A. SOC 1 B. SOC 2 C. SOC 3 D. SOC 70
SOC 2
A Chief Financial Officer (CFO) has requested access to an application on Windows server to finish important reports before month's end. The CFO is currently in a hotel in a different time zone and needs this access within 24 hours. Given the requirements, which of the following would be the FASTEST and MOST secure method of access? A. Overnight a firewall with certificate-based VPN, with 3389 open to the Windows server B. NAT host to port 3389, and create an ACl for CFO public IP address of the hotel C. Have the CFO use SFTP to connect to a secure terminal, then RDP to the Windows server D. SSL VPN with access to the application, restricted to CFO's credentials
SSL VPN with access to the application, restricted to CFO's credentials
A security engineer is managing operational, excess, and available equipment for a customer. Three pieces of expensive leased equipment, which are supporting a highly confidential portion of the customer network, have recently been taken out of operation. The engineer determines the equipment lease runs for another 18 months. Which of the following is the BEST course of action for the engineer to take to properly decommission the equipment? A. Remove any labeling indicating the equipment was used to process confidential data and mark it as available for reuse B. Return the equipment to the leasing company and seek a refund for the unused time C. Redeploy the equipment to a less sensitive part of the network until the lease expires D. Securely wipe all device memory and store the equipment in a secure location until the end of the lease
Securely wipe all device memory and store the equipment in a secure location until the end of the lease
A systems administrator recently joined an organization and has been asked to perform security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access list implemented within the file system. Which of the following is MOST likely to be reviewed during the assessment? (Choose TWO) A. Data classification matrix B. Security requirements traceability matrix C. Data ownership matrix D. Roles matrix E. Data design document F. Data access policies
Security requirements traceability matrix Data access policies
A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log file could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stores in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration? A. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities B. The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls C. Due to the likelihood of large log volumes, the service providers should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest D. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN
Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities
An Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Office (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing? A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA. B. The ISO is investigating the impact of possible downtime of the messaging system within the RA. C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ. D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
A software developer firm has outsourced a large development project to an organization that utilizes waterfall software development models. The developers have estimated a 12-month time frame to completion and are currently six months in the project. Prior to testing the current progress on the application, the developers have requested that the security architect review the progress and make recommendations on how to secure the application. Which of the following is true about the current project status? A. The project is being run in quick development phases that often stop development to test the current process and recommend changes to the application requirements. This gives the security architect time to make appropriate recommendations B. The development team should have involved the security architect early on in the project. However, changes can be implemented incrementally over the next few project phase iterations at a lower cost C. The devolvement team should have involved the security architect early on in the project. At this point in the project, any security recommendations that require major changes will have large impacts on project times, resources, and costs D. The waterfall method is a static approach to software development. At the current point in the project, the security architect's recommendations will not be able to be implemented until after the final release and the next version of the software development begins
The devolvement team should have involved the security architect early on in the project. At this point in the project, any security recommendations that require major changes will have large impacts on project times, resources, and costs
A security administrator receives an advisory from the video conference vendor. The advisory states that if not secured, video streams are susceptible to a session hijacking attack that would allow the video stream to be intercepted and recorded for later playback. In attempting to test this atttack on the corporate network, the administrator receives the following output from a video stream: Which of the following can the security administrator conclude from the network trace? A. The video stream is secured with IPSec and is not vulnerable to the vulnerability in this advisory? B. The video stream is using PPTP connection and is vulnerable to an MS-CHAPv2 authentication attack C. The video stream is using AH-ESP tunnel through GRE and is not susceptible to the vulnerability in the advisory D. The video stream is secured with IPv6 6-to-4 tunnel and is not susceptible in the vulnerability in the advisory
The video stream is secured with IPSec and is not vulnerable to the vulnerability in this advisory?
A security analyst notices that an unusually large amount of traffic is going to an unknown destination. The source IP address is a file server that contains financial data. All traffic between the source and the destination is on port 5800. The analyst is unable to determine what data is being transmitted. No alerts came from the security appliance regarding this traffic. Which of the following would allow the security analyst to determine what data is being transmitted and ensure it is legitimate? A. Host-based intrusion detection system B. Web application firewall C. Transport layer security inspection D. File integrity monitoring E. Netflow analysis
Transport layer security inspectio
A security architect is evaluating new UTM appliances for a large streaming video provider company. The field of potential devices has been the three leading products based on a market survey where the main criteria was the total number of endpoints protected. During evaluation the three UTM's, each was further tested for throughput under normal conditions and attack conditions, amount of latency between attacks and administrative usability (scored from 1 to 5 with 5 being perfect usability). The results of the testing are shown in the table below: UTM 1 2 3 Normal throughput 1Gbps 5Gbps 1Gbps Attacked throughput .1Gbps 1Gbps .5Gbps Latency 50ms 60ms 150ms Usability 4 2 3 Which of the following three UTM's should be recommended and why? A. UTM 1 because it has the highest usability score B. UTM 1 because it has the lowest reporting latency C. UTM 2 because it has the highest throughput in both conditions D. UTM 3 because it has the lowest differential between throughput volumes
UTM 2 because it has the highest throughput in both conditions
A company utilizes a mission-critical ERP supply chain solution. Over several years, development efforts and expansion of modules have been a priority to facilitate the increasing demand. Maintenance windows have been historically used to deployed new. Updated code or a new module feature set. Over time, the response of the ERP system has become slow and unstable, causing a delay in services the company provides to its customers. The security administrator begins investigating the issues and review the change management logs to attempt to correlate what may have caused the degradation. Which of the following would BEST stabilize and increase the performance of the ERP solution? A. Implement database failover to assist in managing session states. B. Migrate the ERP environment to a mirrored storage solution. C. Increase the memory on the database server. D. Update the software to the current patch level.
Update the software to the current patch level.
A company wants to outsource its call center and Tier 1 technician support to a third party. The third party will initially only reset user's passwords. The third party must be able to remotely authenticate to the company's Active Directory system and be given enough access to reset user's Active Directory passwords to implement this first phase. Which of the following would allow the third party to reset user's passwords while maximizing security remotely? A. Open TCP port 636 and give the third party the appropriate credentials to perform the task B. Use Active Directory delegation to control access from the third-party servers to the company's servers C. Provide the third party with direct VPN access to the company's Active Directory server D. Implement two-factor access for a web interface to access Active Directory user accounts
Use Active Directory delegation to control access from the third-party servers to the company's servers
A company is not familiar with the risk associated with IPv6. the systems administrator wants to isolate IPv4 traffic from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO) A. Use an internal firewall to block UDP port 3544 B. Disable network discovery protocol on all company routers C. Block IP protocol 41 using Layer 3 switches D. Disable the DHCP6 service from all routers E. Drop traffic for ::/0 at the edge firewall F. Implement a 6in4 proxy server
Use an internal firewall to block UDP port 3544 Drop traffic for ::/0 at the edge firewall
Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with a NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The CIO has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth. The tables below provide information on a subset of remote sites and the firewall options: Which of the following would be the BEST option to recommend to the CIO? A. Vendor C for small remote sites, and Vendor B for large sites. B. Vendor B for all remote sites C. Vendor C for all remote sites D. Vendor A for all remote sites E. Vendor D for all remote sites
Vendor B for all remote sites
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? A. Agile B. Waterfall C. Scrum D. Spiral
Waterfall
A security engineer is assessing a new IoT product. The product interfaces with the ODB II port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a replay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis? A. Binary decompiler B. Wireless protocol analyzer C. Log analysis and reduction tools D. Network-based fuzzer
Wireless protocol analyzer
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine: A. the amount of data to be moved. B. the frequency of data backups. C. which users will have access to which data. D. when the file server will be decommissioned.
which users will have access to which data