CASP 2
An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance? A. 3DES - SHA B. DES - MD5 C. Camellia - SHA D. RC4 - MD5
A. 3DES - SHA
In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network. Which of the following security measures should the IT organization implement? (Select TWO). A. A device lockdown according to policies B. An IDS on the internal networks C. A data disclosure policy D. A privacy policy E. Encrypt data in transit for remote access
A. A device lockdown according to policies E. Encrypt data in transit for remote access
The security administrator at 'company.com' is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following. UDP 192.168.0.1:123 -> 172.60.3.0:123 UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123 UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123 UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123 The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers: 192.168.0.1 192.168.0.112 192.168.0.211 192.168.0.78 Which of the following should the security administrator report to upper management based on the above output? A. An NTP client side attack successfully exploited some hosts. B. A DNS cache poisoning successfully exploited some hosts. C. An NTP server side attack successfully exploited some hosts. D. A DNS server side attack successfully exploited some hosts.
A. An NTP client side attack successfully exploited some hosts.
A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks? A. Application sandboxing B. Input validation C. Penetration testing D. Code reviews
A. Application sandboxing
Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers who explicitly agreed to being contacted by third parties. Which of the following documents would contain the details of this marketing agreement? A. BPA B. ISA C. NDA D. SLA
A. BPA
Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure. The requirements are as follows: Reduce costs Improve efficiencies and time to market Manageable Accurate identity information Standardize on authentication and authorization Ensure a reusable model with standard integration patterns Which of the following security solution options will BEST meet the above requirements? (Select THREE). A. Build an organization-wide fine grained access control model stored in a centralized policy data store. B. Implement self service provisioning of identity information, coarse grained, and fine grained access control. C. Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities. D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities. E. Implement automated provisioning of identity information; coarse grained, and fine grained access control. F. Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control. G. Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.
A. Build an organization-wide fine grained access control model stored in a centralized policy data store. D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities. E. Implement automated provisioning of identity information; coarse grained, and fine grained access control.
The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO's concerns? A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC B. Forensics, White box testing, Log correlation, HIDS, and SSO C. Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM D. eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design? A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws. B. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies. C. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations. D. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies. E. Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance. These two systems are essential for keeping the building open for operations. Which of the following controls should the security administrator recommend to determine new threats against the new IP-based access control and video surveillance systems? A. Develop a network traffic baseline for each of the physical security systems. B. Air gap the physical security networks from the administrative and operational networks. C. Require separate non-VLANed networks and NIPS for each physical security system network. D. Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.
A. Develop a network traffic baseline for each of the physical security systems.
An existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprietary corporate data and records. The initial security architect chose to protect the enclave by restricting access to a single physical port on a firewall. All downstream network devices were isolated from the rest of the network and communicated solely through the single 100mbps firewall port. Over time, researchers connected devices on the protected enclave directly to external resources and corporate data stores. Mobile and wireless devices were also added to the enclave to support high speed data research. Which of the following BEST describes the process which weakened the security posture of the enclave? A. Emerging business requirements led to the de-perimiterization of the network. B. Emerging security threats rendered the existing architecture obsolete. C. The single firewall port was oversaturated with network packets. D. The shrinking of an overall attack surface due to the additional access.
A. Emerging business requirements led to the de-perimiterization of the network.
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program? A. Explain how customer data is gathered, used, disclosed, and managed. B. Remind staff of the company's data handling policy and have staff sign an NDA. C. Focus on explaining the "how" and "why" customer data is being collected. D. Republish the data classification and the confidentiality policy.
A. Explain how customer data is gathered, used, disclosed, and managed.
A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used? A. LUN masking B. Deduplication C. Multipathing D. Snapshots
A. LUN masking
A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality. Which of the following should the security engineer recommend? A. Implement H.235 extensions with DES to secure the audio and video transport. B. Recommend moving to SIP and RTP as those protocols are inherently secure. C. Recommend implementing G.711 for the audio channel and H.264 for the video. D. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
A. Implement H.235 extensions with DES to secure the audio and video transport
The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem? A. Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems. B. Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems. C. Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain nonauthoritative records for external systems. D. Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems.
A. Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.
After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds that it is impossible to know who did the update since five different people have administrative access. How should the IT manager increase accountability to prevent this situation from reoccurring? (Select TWO). A. Implement an enforceable change management system. B. Implement a software development life cycle policy. C. Enable user level auditing on all servers. D. Implement a federated identity management system. E. Configure automatic updates on all servers.
A. Implement an enforceable change management system. C. Enable user level auditing on all servers.
Company A is trying to implement controls to reduce costs and time spent on litigation. To accomplish this, Company A has established several goals: Prevent data breaches from lost/stolen assets Reduce time to fulfill e-discovery requests Prevent PII from leaving the network Lessen the network perimeter attack surface Reduce internal fraud Which of the following solutions accomplishes the MOST of these goals? A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy. B. Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions. C. Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport. D. Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.
A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment. The SOC highlighted the following requirements: Perform fingerprinting on unfiltered inbound traffic to the company Monitor all inbound and outbound traffic to the DMZ's In which of the following places should the NIPS be placed in the network? A. In front of the Internet firewall and in front of the DMZs B. In front of the Internet firewall and in front of the internal firewall C. In front of the Internet firewall and behind the internal firewall D. Behind the Internet firewall and in front of the DMZs
A. In front of the Internet firewall and in front of the DMZs
A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat? A. Inappropriate administrator access B. Malicious code C. Internal business fraud D. Regulatory compliance
A. Inappropriate administrator access
A financial institution has decided to purchase a very expensive resource management system and has selected the product and vendor. The vendor is experiencing some minor, but public, legal issues. Senior management has some concerns on maintaining this system should the vendor go out of business. Which of the following should the Chief Information Security Officer (CISO) recommend to BEST limit exposure? A. Include a source code escrow clause in the contract for this system. B. Require proof-of-insurance by the vendor in the RFP for this system. C. Include a penalty clause in the contract for this system. D. Require on-going maintenance as part of the SLA for this system.
A. Include a source code escrow clause in the contract for this system.
An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to use while implementing this? (Select THREE). A. Kerberos B. NTLM C. RADIUS D. TACACS+ E. TLS F. HMAC G. Camellia
A. Kerberos B. NTLM E. TLS
Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk? A. Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk. B. Technical exchange meetings with the application's vendor; vendors have more in depth knowledge of the product. C. Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users. D. Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.
A. Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem? A. Modify the SRC and DST ports of ACL 1 B. Modify the SRC IP of ACL 1 to 0.0.0.0/32 C. Modify the ACTION of ACL 2 to Permit D. Modify the PROTO of ACL 1 to TCP
A. Modify the SRC and DST ports of ACL 1
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement? A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used. B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred. C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings. D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is: A. Separation of duties. B. Mandatory vacation. C. Non-disclosure agreement. D. Least privilege.
A. Separation of duties.
The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats. External Router TCP 50% UDP 30% other 20% Traffic stats over the last hour tcp port 80 1.7m packets tcp port 443 .8m packets tcp port 22 .2m packets tcp port 8080 10m packets Internal router tcp 0% udp 2% ICMP 98% Traffic stats over the last hour tcp port 80 .5k packets tcp port 443 .8k packets udp port 53 .2m packets icmp 10m packets Which of the following should the network administrator do to resolve the performance issue after analyzing the above information? A. The IP TOS field of business related network traffic should be modified accordingly. B. The TCP flags of business related traffic should be modified accordingly. C. An ACL should be placed on the external router to drop incoming ICMP packets. D. An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.
A. The IP TOS field of business related network traffic should be modified accordingly.
The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks - specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability? A. The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks. B. The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications. C. The company's patch management solution only supports patches and updates released directly by the vendor. D. Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.
A. The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.
The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement? A. The firewall will meet the availability requirement because availability will be 99.98%. B. The firewall will not meet the availability requirement because availability will be 85%. C. The firewall will meet the availability requirement because availability will be 99.993%. D. The firewall will not meet the availability requirement because availability will be 99.2%.
A. The firewall will meet the availability requirement because availability will be 99.98%.
The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO). A. The storage network uses FCoE. B. The storage network uses iSCSI. C. The storage network uses vSAN. D. The storage network uses switch zoning. E. The storage network uses LUN masking.
A. The storage network uses FCoE. B. The storage network uses iSCSI.
A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time? A. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform. B. The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file. C. The system administrator should build a virtual machine on the administrator's desktop, transfer the password file to it, and run the a password cracker on the virtual machine. D. The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.
A. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.
To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following? A. Transient identifiers B. SOAP calls C. Discovery profiles D. Security bindings
A. Transient identifiers
An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO). A. Transport encryption B. Authentication hashing C. Digital signature D. Legal mail hold E. TSIG code signing
A. Transport encryption C. Digital signature
Which of the following is a security advantage of single sign-on? (Select TWO). A. Users only have to remember one password. B. Applications need to validate authentication tokens. C. Authentication is secured by the certificate authority. D. Less time and complexity removing user access. E. All password transactions are encrypted.
A. Users only have to remember one password. D. Less time and complexity removing user access.
A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO). A. Virtual Private Network B. Secure Sockets Layer for web servers C. Network monitoring D. Multifactor authentication for users E. Full disk encryption F. Intrusion detection systems
A. Virtual Private Network D. Multifactor authentication for users
A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company's interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff? A. 1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures B. 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines C. 1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines D. 1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies
B. 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines
An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT Which of the following should occur to allow VNC access to the server? A. DENY needs to be changed to ACCEPT on one line. B. A line needs to be added. C. A line needs to be removed. D. Fix the typo in one line.
B. A line needs to be added.
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue? A. Limit source ports on the firewall to specific IP addresses. B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase. C. Implement stateful UDP filtering on UDP ports above 1024. D. Configure the firewall to use IPv6 by default.
B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy? A. Employees publishing negative information and stories about company management on social network sites and blogs. B. An employee remotely configuring the email server at a relative's company during work hours. C. Employees posting negative comments about the company from personal phones and PDAs. D. External parties cloning some of the company's externally facing web pages and creating lookalike sites.
B. An employee remotely configuring the email server at a relative's company during work hours.
A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take? A. Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications. B. Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible. C. Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility. D. Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.
B. Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals: Ability to customize systems per department Quick implementation along with an immediate ROI The internal IT team having administrative level control over all products The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services. Which of the following solutions BEST solves the disagreement? A. Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services. B. Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision. C. Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals. D. Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.
B. Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.
Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plantspecific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ? A. Malware originating from Company XYZ's network B. Co-mingling of company networks C. Lack of an IPSec connection between the two networks D. Loss of proprietary plant information
B. Co-mingling of company networks
After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system's security level? A. Upgrade all system's to use a HIPS and require daily anti-virus scans. B. Conduct a vulnerability assessment of the standard image and remediate findings. C. Upgrade the existing NIDS to NIPS and deploy the system across all network segments. D. Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.
B. Conduct a vulnerability assessment of the standard image and remediate findings.
The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process? A. Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step. B. Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions. C. Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors. D. Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.
B. Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.
An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only WEP compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the WPA2 requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network? A. Create a separate SSID and WEP key to support the legacy clients and enable detection of rogue APs. B. Create a separate SSID and WEP key on a new network segment and only allow required communication paths. C. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x. D. Create a separate SSID and require the use of dynamic WEP keys.
B. Create a separate SSID and WEP key on a new network segment and only allow required communication paths.
During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST? A. Data User B. Data Owner C. Business Owner D. Data Custodian
B. Data Owner
An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should contain this information? A. Memorandum of Understanding B. Interconnection Security Agreement C. Operating Level Agreement D. Service Level Agreement
B. Interconnection Security Agreement
The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk? A. Require the use of an unprivileged account, and a second shared account only for administrative purposes. B. Require role-based security on primary role, and only provide access to secondary roles on a case-by-case basis. C. Require separation of duties ensuring no single administrator has access to all systems. D. Require on-going auditing of administrative activities, and evaluate against risk-based metrics.
B. Require role-based security on primary role, and only provide access to secondary roles on a case-by-case basis.
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle? A. Secure Software Requirements B. Secure Software Implementation C. Secure Software Design D. Software Acceptance
B. Secure Software Implementation
There have been some failures of the company's customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down for 14 total hours over the past month in four separate situations. One of these situations was a two hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the following is the MTTR, based on the last month's performance figures? A. 3 hours B. 3.5 hours C. 4 hours D. 4.666 hours
C. 4 hours
The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments. Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport A. Systems Engineering. Decomposing requirements Development: Secure coding standards Testing. Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation B. Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport C. Systems Engineering. Functional validation Development: Stakeholder engagement Testing. Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport D. Systems Engineering. Decomposing requirements Development: Stakeholder engagement Testing. Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport
B. Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step? A. Threat: 802.1q trunking attack Remediation: Enable only necessary VLANs for each port B. Threat: Bridge loop Remediation: Enable spanning tree C. Threat: VLAN hopping Remediation: Enable only necessary VLANs for each port D. Threat: VLAN hopping Remediation: Enable ACLs on the IDF switch
B. Threat: Bridge loop Remediation: Enable spanning tree
The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO). A. Users and services are centralized and only available within the enterprise. B. Users and services are distributed, often times over the Internet C. SOA centrally manages legacy systems, and opens the internal network to vulnerabilities. D. SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape. E. SOA abstracts legacy systems as web services, which are often exposed to outside threats.
B. Users and services are distributed, often times over the Internet E. SOA abstracts legacy systems as web services, which are often exposed to outside threats.
A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant's first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE). A. What hardware and software would work best for securing the network? B. What corporate assets need to be protected? C. What are the business needs of the organization? D. What outside threats are most likely to compromise network security? E. What is the budget for this project? F. What time and resources are needed to carry out the security plan?
B. What corporate assets need to be protected? C. What are the business needs of the organization? D. What outside threats are most likely to compromise network security?
Virtual hosts with different security requirements should be: A. encrypted with a one-time password. B. stored on separate physical hosts. C. moved to the cloud. D. scanned for vulnerabilities regularly.
B. stored on separate physical hosts.
The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which of the following strategies would be MOST effective in conducting an in-depth assessment and remediation of the problems? A. 1. Deploy an HTTP interceptor on the switch span port; 2. Adjust the external facing NIDS; 3. Reconfigure the firewall ACLs to block the all traffic above port 2000; 4. Verify the proxy server is configured correctly and hardened; 5. Review the logs weekly in the future. B. 1. Deploy a protocol analyzer on the switch span port; 2. Adjust the internal HIDS; 3. Reconfigure the firewall ACLs to block outbound HTTP traffic; 4. Reboot the proxy server; 5. Continue to monitor the network. C. 1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports; 4. Verify the proxy server is configured correctly and hardened; 5. Continue to monitor the network. D. 1. Deploy a network fuzzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the proxy server to block the attacks; 4. Verify the firewall is configured correctly and hardened.
C. 1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports;
A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain and the only connection between the networks is via the trusted server. The three zones at the corporation are as followeD. Zone A connects to a network, which is also connected to the Internet through a router. Zone B to a closed research and development network. Zone C to an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage, so the corporation meets compliance requirements. A firewall is deployed on the inside edge of the Internet connected router. Which of the following is the BEST location to place other security equipment? A. HIPS on all hosts in Zone A and B, and an antivirus and patch server in Zone C. B. A WAF on the switch in Zone C, an additional firewall in Zone A, and an antivirus server in Zone B. C. A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B. D. A NIDS on the switch in Zone C, a WAF in Zone A, and a firewall in Zone B.
C. A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B.
A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks. Which of the following risk strategies should be used? A. Transfer the risks B. Avoid the risks C. Accept the risks D. Mitigate the risks
C. Accept the risks
The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy. Which of the following security risks still needs to be addressed in this scenario? A. An employee copying gigabytes of personal video files from the employee's personal laptop to their company desktop to share files. B. An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company. C. An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor. D. An employee accidentally infecting the network with a virus by connecting a USB drive to the employee's personal laptop.
C. An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.
Which of the following implementations of a continuous monitoring risk mitigation strategy is correct? A. Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, and email alerts to NOC staff hourly. B. Audit successful and critical failed events, transfer logs to a centralized server once a month, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached. C. Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded. D. Audit failed events only, transfer logs to a centralized server, implement manual audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached and exceeded.
C. Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display
Which of the following potential vulnerabilities exists in the following code snippet? var myEmail = document.getElementById("formInputEmail").value; if (xmlhttp.readyState==4 && xmlhttp.status==200) { Document.getElementById("profileBox").innerHTML = "Emails will be sent to " + myEmail + xmlhttp.responseText; } A. Javascript buffer overflow B. AJAX XHR weaknesses C. DOM-based XSS D. JSON weaknesses
C. DOM-based XSS
An ecommerce application on a Linux server does not properly track the number of incoming connections to the server and may leave the server vulnerable to which of following? A. Buffer Overflow Attack B. Storage Consumption Attack C. Denial of Service Attack D. Race Condition
C. Denial of Service Attack
A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly formed entity? A. A system and network scan to determine if all of the systems are secure. B. Implement a firewall/DMZ system between the networks. C. Develop a risk analysis for the merged networks. D. Conduct a complete review of the security posture of the acquired corporation.
C. Develop a risk analysis for the merged networks.
SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following? A. Attribute authority and certificate authority B. Certificate authority and attribute requestor C. Identity provider and service provider D. Service provider and administrator
C. Identity provider and service provider
At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security resources and resulted in a well defined attack surface. The introduction of wireless networks, highly portable network devices, and cloud service providers has rendered the network boundary and attack surface increasingly porous. This evolution of the security architecture has led to which of the following? A. Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate datacenter on average. B. Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network. C. Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint. D. Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.
C. Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.
Which of the following are security components provided by an application security library or framework? (Select THREE). A. Authorization database B. Fault injection C. Input validation D. Secure logging E. Directory services F. Encryption and decryption
C. Input validation D. Secure logging F. Encryption and decryption
Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation? A. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important. B. Introduce a peer review process that is mandatory before a document can be officially made final. C. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines. D. Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.
C. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.
Which of the following is a security concern with deploying COTS products within the network? A. It is difficult to verify the security of COTS code because the source is available to the customer and it takes significant man hours to sort through it. B. COTS software often provides the source code as part of the licensing agreement and it becomes the company's responsibility to verify the security. C. It is difficult to verify the security of COTS code because the source is not available to the customer in many cases. D. COTS source code is readily available to the customer in many cases which opens the customer's network to both internal and external attacks.
C. It is difficult to verify the security of COTS code because the source is not available to the customer in many cases.
Company ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123 miles) away. This connection is provided by the local cable television company. ABC would like to extend a secure VLAN to the remote office, but the cable company says this is impossible since they already use VLANs on their internal network. Which of the following protocols should the cable company be using to allow their customers to establish VLANs to other sites? A. IS-IS B. EIGRP C. MPLS D. 802.1q
C. MPLS
An administrator notices the following file in the Linux server's /tmp directory. -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash* Which of the following should be done to prevent further attacks of this nature? A. Never mount the /tmp directory over NFS B. Stop the rpcidmapd service from running C. Mount all tmp directories nosuid, noexec D. Restrict access to the /tmp directory
C. Mount all tmp directories nosuid, noexec
A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system? A. Migrate the system to IPv6. B. Migrate the system to RSH. C. Move the system to a secure VLAN. D. Use LDAPs for authentication.
C. Move the system to a secure VLAN.
When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST? A. Implement a unified IPv6 addressing scheme on the entire network. B. Conduct a penetration test of Company B's network. C. Perform a vulnerability assessment on Company B's network. D. Perform a peer code review on Company B's application.
C. Perform a vulnerability assessment on Company B's network.
As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor's products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed? A. Purchase the equipment now, but do not use 802.11r until the standard is ratified. B. Do not purchase the equipment now as the client devices do not yet support 802.11r. C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard. D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.
C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend? A. Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans B. Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups. C. Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices D. Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality Mitigations: GPS tracking, centralized approved application deployment, over-the-air backups, QoS implementation
C. Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices
When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchronizing system time across all devices through NTP, which of the following is also a common design consideration for remote locations? A. Two factor authentication for all incident responders B. A central SYSLOG server for collecting all logs C. A distributed SIEM with centralized sensors D. A SIEM server with distributed sensors
D. A SIEM server with distributed sensors
A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem? A. The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone. B. The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones. C. The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone. D. The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.
C. The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.
A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into consideration? A. The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering. B. The cost of resources required to relocate services in the event of resource exhaustion on a particular VM. C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform. D. Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.
C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
The sales staff at a software development company has received the following requirements from a customer: "We need the system to notify us in advance of all software errors and report all outages". Which of the following BEST conveys these customer requirements to the software development team to understand and implement? A. The system shall send a status message to a network monitoring console every five seconds while in an error state and the system should email the administrator when the number of input errors exceeds five. B. The system shall alert the administrator upon the loss of network communications and when error flags are thrown. C. The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations. D. The system shall email the administrator when an error condition is detected and a flag is thrown and the system shall send an email to the administrator when network communications are disrupted.
C. The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.
A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial: 1. IT staff has no experience with establishing and managing secure on-line credit card processing. 2. An internal credit card processing system will expose the business to additional compliance requirements. Which of the following is the BEST risk mitigation strategy? A. Transfer the risks to another internal department, who have more resources to accept the risk. B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out. C. Transfer the initial risks by outsourcing payment processing to a third party service provider. D. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.
C. Transfer the initial risks by outsourcing payment processing to a third party service provider.
A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this? A. key company-key.{ algorithm hmac-rc4; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.20.53; } B. key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.10.53; } C. key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.20.53; } D. key company-key.{ algorithm hmac-rc4; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.10.53; }
C. key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.20.53; }
A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers. Which of the following security risks can result from the configuration in this scenario? A. Visibility on the traffic between the virtual machines can impact confidentiality B. NIC utilization can exceed 50 percent and impact availability C. Shared virtual switches can negatively impact the integrity of network packets D. Additional overhead from network bridging can affect availability
D. Additional overhead from network bridging can affect availability
When authenticating over HTTP using SAML, which of the following is issued to the authenticating user? A. A symmetric key B. A PKI ticket C. An X.509 certificate D. An assertion ticket
D. An assertion ticket
A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true? A. COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit. B. COTS software is not well known and is only available in limited quantities. Information concerning vulnerabilities is kept internal to the company that developed the software. C. COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically ignored within the IT community. D. COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.
D. COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.
What of the following vulnerabilities is present in the below source code file named 'AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/common.php"); $username = $_REQUEST['username']; if ($username != "") { echo "Your username is: " . $_REQUEST['username']; }else { header)("location: /login.php" } ?> </html> A. Header manipulation B. Account disclosure C. Unvalidated file inclusion D. Cross-site scripting
D. Cross-site scripting
A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company's corporate network that impacted manufacturing lines, causing a week of downtime to recover from the attack. Which of the following reduces this threat and minimizes potential impact on the manufacturing lines? A. Disable remote access capabilities on manufacturing SCADA systems. B. Require a NIPS for all communications to and from manufacturing SCADA systems. C. Add anti-virus and client firewall capabilities to the manufacturing SCADA systems. D. Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
D. Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform? A. Apply standard security policy settings to the devices. B. Set up an access control system to isolate the devices from the network. C. Integrate the tablets into standard remote access systems. D. Develop the use case for the devices and perform a risk analysis.
D. Develop the use case for the devices and perform a risk analysis.
Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks? A. Enable RADIUS and end point security on Company B's network devices. B. Enable LDAP authentication on Company A's network devices. C. Enable LDAP/TLS authentication on Company A's network devices. D. Enable 802.1x on Company B's network devices.
D. Enable 802.1x on Company B's network devices.
A system architect has the following constraints from the customer: Confidentiality, Integrity, and Availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. Which of the following security controls is the BEST to apply to this architecture? A. Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment. B. Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter. C. Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data. D. Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.
D. Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.
Which of the following activities could reduce the security benefits of mandatory vacations? A. Have a replacement employee run the same applications as the vacationing employee. B. Have a replacement employee perform tasks in a different order from the vacationing employee. C. Have a replacement employee perform the job from a different workstation than the vacationing employee. D. Have a replacement employee run several daily scripts developed by the vacationing employee.
D. Have a replacement employee run several daily scripts developed by the vacationing employee.
An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control? A. Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots. B. Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN. C. Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication. D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI? A. Nearly four years B. Nearly six years C. Within the first year D. Nearly three years
D. Nearly three years
The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller. Defending against which of the following attacks should form the basis of the incident mitigation plan? A. DDoS B. SYN flood C. Buffer overflow D. Privilege escalation
D. Privilege escalation
A company data center provides Internet based access to email and web services. The firewall is separated into four zones: RED ZONE is an Internet zone ORANGE ZONE a Web DMZ YELLOW ZONE an email DMZ GREEN ZONE is a management interface There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses? A. RED ZONE: none ORANGE ZONE: WAF YELLOW ZONE: SPAM Filter GREEN ZONE: none B. RED ZONE: Virus Scanner, SPAM Filter ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: NIPS C. RED ZONE: WAF, Virus Scanner ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: SPAM Filter D. RED ZONE: NIPS ORANGE ZONE: WAF YELLOW ZONE: Virus Scanner, SPAM Filter GREEN ZONE: none
D. RED ZONE: NIPS ORANGE ZONE: WAF YELLOW ZONE: Virus Scanner, SPAM Filter GREEN ZONE: none
The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this? A. XACML B. SAML C. SOAP D. SPML
D. SPML
A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements? A. Use the security assurance team and development team to perform Grey box testing. B. Sign a NDA with a large consulting firm and use the firm to perform Black box testing. C. Use the security assurance team and development team to perform Black box testing. D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints? A. Install the new solution, migrate to the new solution, and test the new solution. B. Purchase the new solution, test the new solution, and migrate to the new solution. C. Decommission the old solution, install the new solution, and test the new solution. D. Test the new solution, migrate to the new solution, and decommission the old solution.
D. Test the new solution, migrate to the new solution, and decommission the old solution.
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack? The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it. The Reception AreA. The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets. The Rehabilitation AreA. The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only. The Finance AreA. There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night. A. The Rehabilitation Area B. The Reception Area C. The Boiler Room D. The Finance Area
D. The Finance Area
During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company's financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue? A. The administrator should enter a username and use an offline password cracker in brute force mode. B. The administrator should use a network analyzer to determine which packet caused the system to crash. C. The administrator should extract the password file and run an online password cracker in brute force mode against the password file. D. The administrator should run an online fuzzer against the login screen.
D. The administrator should run an online fuzzer against the login screen.
An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur? A. The existing SAN may be read-only. B. The existing SAN used LUN masking. C. The new SAN is not FCoE based. D. The data may not be in a usable format.
D. The data may not be in a usable format.
A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior? A. The hypervisor host does not have hardware acceleration enabled and does not allow DEP. B. The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution. C. The virtual machine is configured to require administrator rights to execute all programs. D. The virus is trying to access a virtual device which the hypervisor is configured to restrict.
D. The virus is trying to access a virtual device which the hypervisor is configured to restrict.
A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator's group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO). A. Single Sign On B. Active Directory C. Kerberos D. NIS+ E. RADIUS F. TACACS+
E. RADIUS F. TACACS+