Sec + 2
Which of the following statements is MOST likely to be included in the security awareness training about P2P?
P2P may cause excessive network bandwidth.
Which of the following helps to establish an accurate timeline for a network intrusion?
Analyzing network traffic and device logs
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Choose two.)
Ann's private key , Joe's public key
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?
Capture system image
To ensure proper evidence collection, which of the following steps should be performed FIRST?
Capture the system image
An advantage of virtualizing servers, databases, and office applications is:
Centralized management.
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?
Chain of custody
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate?
Chain of custody
The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?
Chain of custody
Which of the following is the MOST important step for preserving evidence during forensic procedures?
Chain of custody
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Choose two.)
Change Control Policy, Regression Testing Policy
Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?
Change management
Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?
Change management
Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?
Change management
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?
Changing environmental controls
Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
Clean desk policy
XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?
Clean desk policy
Certificates are used for: (Choose two.)
Client authentication , Code signing
A certificate used on an e-commerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?
Clients will be notified that the certificate is invalid
Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?
Clustering
Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?
Clustering
Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?
Clustering
Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?
Clustering
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?
Corrective
An email client says a digital signature is invalid and the sender cannot be verified. Which of the following concepts is the recipient concerned with?
Integrity
It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. Which of the following types of security control are they concerned about?
Integrity
Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. Which of the following concepts relates this concern to?
Integrity
Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Sara using?
Integrity
Which of the following risks could IT management be mitigating by removing an all-in-one device?
Single point of failure
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, which of the following should employees receive training on?
Social networking
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented
Warm site
Which of the following is the BEST concept to maintain required but non-critical server availability?
Warm site
A security administrator is tasked with calculating the total ALE on servers. In a two-year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?
$17,500
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
$3,750
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?
$5,000
A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?
Availability
A security administrator has just finished creating a hot site for the company. Which of the following concepts relates this implementation to?
Availability
Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?
A back-out strategy planned out anticipating any unforeseen problems that may arise.
A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements?
A mirrored mirror array
Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?
A policy which details controls on removable storage use
A company executive's laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?
A system image should have been created and stored
Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received?
Add the domain to a block list
Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?
Adware
Which of the following risk concepts requires an organization to determine the number of failures per year?
ALE
Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Choose two.)
ALE , SLE
A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?
Accept the risk and continue to enable the accounts each month saving money
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?
Acceptable Use Policy
The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?
Acceptable use policy
A company replaces a number of devices with a mobile appliance, combining several functions. Which of the following descriptions fits this new implementation? (Choose two.)
All-in-one device , Single point of failure
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?
System image capture
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?
Business Impact Analysis
A company that purchased an HVAC system for the datacenter is MOST concerned with he following:
Availability
The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?
Application change management
A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?
Attach cable locks to each laptop
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?
Automatically encrypt impacted outgoing emails
A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
Business impact analysis
Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. Which of the following is this an example of?
Backdoor
A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:
Backdoor.
In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?
Best practice
Used in conjunction, which of the following are PII? (Choose two.)
Birthday , Full name
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?
Bollards
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?
Install a camera and DVR at the entrance to monitor access.
A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?
CCTV
The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media websites. Which of the following would this advice BEST protect people from?
Cognitive passwords attacks
Which of the following can be used to ensure digital certificates? (Choose two.)
Confidentiality , Non-repudiation
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?
Configure a proxy server to log all traffic destined for ports 80 and 443
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?
Contact the help desk and/or incident response team to determine next steps
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
Containment strategies
Which of the following is being tested when a company's payroll server is powered off for eight hours?
Continuity of operations plan
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?
DLP
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?
DLP
An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. Which of the following technologies should this company consider?
DLP
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?
DLP
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during an after the migration to the cloud?
DLP policy
An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?
Data classification
Which of the following helps to apply the proper security controls to information?
Data classification
Which of the following is a security risk regarding the use of public P2P as a method of collaboration?
Data integrity is susceptible to being compromised.
Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Choose three.)
Data leakage , Compliance , Malware
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement?
Data loss prevention
Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company's rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?
Data ownership
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:
Date of birth.
Which of the following types of security controls are visible security cameras considered to be?
Deterrent
Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?
Digital Signatures
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
Digital signatures
A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Choose two.)
Disable unnecessary services , Change default passwords
Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
Disabling unnecessary services
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?
Disaster recovery exercise
After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?
Disaster recovery plan
Which of the following concepts defines the requirement for data availability?
Disaster recovery planning
The use of social networking sites introduces the risk of:
Disclosure of proprietary information
When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?
EMI shielding
A company recently experienced data loss when a server crashed due to a midday power outage. Which of the following should be used to prevent this from occurring again?
EMI shielding
Which of the following includes environmental control measures?
EMI shielding
Which of the following should be considered to mitigate data theft when using CAT5 wiring?
EMI shielding
Which of the following results in datacenters with failed humidity controls? (Choose two.)
Electrostatic charge , Condensation
Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?
Employ encryption on all outbound emails containing confidential information
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider securing this data in the future?
Encrypted TCP wrappers
Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?
Encryption
Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen?
Encryption
After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal?
Encryption and stronger access control
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
Endpoint protection
When implementing fire suppression controls in a datacenter it is important to
Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers
What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?
Enticement
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
Entrapment
Which of the following disaster recovery strategies has the highest cost and shortest recovery time?
Hot site
Which of the following fire suppression systems is MOST likely used in a datacenter?
FM-200
Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan?
False negative
After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage?
File level encryption
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Choose two.)
Fire- or water-proof safe , Locking cabinets and drawers
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
First Responder
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.
Full backups on the weekend and incremental during the week
The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?
Fuzzy hashes
The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?
Geographically disparate site redundant datacenter
A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented?
Guards
Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issued for a different website's address."
HTTPS://127.0.01 was used instead of HTTPS://localhost
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
HVAC
Which of the following is the LEAST volatile when performing incident response procedures?
Hard drive
A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal?
Hardware locks
Which of the following would a security administrator use to verify the integrity of a file?
Hash
An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. Which of the following database designs provides the BEST security for the online store?
Hash the credential fields and use encryption for the credit card field
Which of the following concepts describes the use of a one-way transformation in order to validate the integrity of a program?
Hashing
Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?
Hashing
A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. Which of the following concepts represents this type of configuration?
High availability
Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime. Which of the following BEST describes the type of system Ann is installing?
High availability
The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermined direction. AN infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed?
Hot and cold aisles
Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter?
Hot or cool aisle containment
Which of the following documents outlines the technical and security requirements of an agreement between organizations?
ISA
Which of the following is the MOST specific plan for various problems that can arise within a system?
IT Contingency Plan
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?
Identification
Which of the following tasks should key elements of a business impact analysis include?
Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern?
Implement biometric readers on laptops and restricted areas.
A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?
Incident management
Requiring technicians to report spyware infections is a step in which of the following?
Incident management
Which of the following is BEST carried out immediately after a security breach is discovered?
Incident management
The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?
Incident response process
Who should be contacted FIRST in the event of a security breach?
Incident response team
The incident response team has received the following email message. From: [email protected] To: [email protected] Subject: Copyright infringement A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident. 09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john 09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne 10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov 11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?
Incident time offsets were not accounted for.
A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection?
Incorporating a full-disk encryption system
After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?
Information Security Awareness
Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?
Information classification training
Digital signatures are used for ensuring which of the following items? (Choose two.)
Integrity , Non-Repudiation
A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address
Integrity of downloaded software
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
Internal account audits
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?
Jabber
Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?
Lack of controls in place to ensure that the devices have the latest system patches and signature files
A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
Systems should be restored within six hours with a minimum of two days' worth of data.
After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?
Lessons learned
Which of the following provides the BEST application availability and is easily expanded as demand grows?
Load balancing
Which of the following technologies uses multiple devices to share work?
Load balancing
A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?
Locking cabinets
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?
Longer MTBF of hardware due to lower operating temperatures
Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?
Mandatory vacation
A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?
Mantrap
Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?
Mantrap
Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?
Mantrap
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
Matt should implement DLP and encrypt the company database
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Choose two.)
Methods and templates to respond to press requests, institutional and regulatory reporting requirements , Methods to exchange essential information to and from all response team members, employees, suppliers, and customers
A security team has established a security awareness program. Which of the following would BEST prove the success of the program?
Metrics
Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services?
Mobile site
Which of the following are examples of detective controls?
Motion sensors, intruder alarm and audit.
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?
Mounting the drive in read-only mode
Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?
Non Repudiation
An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
Non-repudiation
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?
OS Baseline comparison
A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people's first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?
PII
Which of the following policies is implemented in order to minimize data loss or theft?
PII handling
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
Patch management system
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
Perform routine user permission reviews.
Ann, a technician, received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?
Personal Identifiable Information
Which of the following concepts is a term that directly relates to customer privacy considerations?
Personally identifiable information
Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Choose two.)
Phishing threats and attacks , Information security awareness
Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?
Place a guard at the entrance to approve access.
A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
Publish the new certificates to the global address list.
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?
Preparation
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
Preparation
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
Preparation
Encryption of data at rest is important for sensitive information because of the following
Prevents data from being accessed following theft of physical equipment
A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?
Privacy considerations
Pete, the system administrator, has blocked users from accessing social media websites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
Protection against malware introduced by banner ads
Upper management decides which risk to mitigate based on cost. This is an example of:
Quantitative risk assessment
A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?
RAID
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?
RAID
Which of the following may significantly reduce data loss if multiple drives fail at the same time?
RAID
Which of the following provides the LEAST availability?
RAID 0
Which of the following provides data the best fault tolerance at the LOWEST cost?
RAID 6
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?
RFID
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
Record time offset
Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?
SHA1
In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager?
SLE
A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?
Require different account passwords through a policy
A company hosts its public websites internally. The administrator would like to make some changes to the architecture. The three goals are: reduce the number of public IP addresses in use by the web servers drive all the web traffic through a central point of control mitigate automated attacks that are based on IP address scanning Which of the following would meet all three goals?
Reverse proxy
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?
Rootkit
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
Routine auditing
Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?
Routine audits
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager?
Routine audits
A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?
Safety
A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as
Salting
Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Choose two.)
Scanning of outbound IM (Instance Messaging) , Scanning of shared drives
Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Which of the following should Sara immediately implement?
Security awareness training
Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?
Security awareness training
The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:
Security awareness training.
Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?
Security policy and threat awareness training.
Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?
Sender's public key
Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Choose two.)
Separation of duties , Least privilege
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues?
Shielding
A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?
Spyware
Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction?
Spyware
The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?
Static electricity
A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop, they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network, they do not match. Which of the following describes how the employee is leaking these secrets?
Steganography
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?
Structured walkthrough
Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?
Succession planning
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
Succession planning
Which of the following is an example of establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster?
Succession planning
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
Tailgating
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Choose two.)
Take hashes , Capture the system image
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity's of Joe's certificate? (Choose two.)
The CA's public key , Joe's public key
Which of the following is a best practice when a mistake is made during a forensics examination?
The examiner should document the mistake and workaround the problem
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?
The intermediate CA certificates were not installed on the server.
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?
The request needs to be approved through the change management process
An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to- peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?
The signatures must have a hash value equal to what is displayed on the vendor site
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?
The user is using steganography.
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?
This may violate data ownership and non-disclosure agreements
A company's Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?
Threat
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Choose two.)
To allow for business continuity if one provider goes out of business , To eliminate a single point of failure
Why would a technician use a password cracker?
To look for weak passwords on the network
Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?
To reduce organizational IT risk
Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?
Train employees on risks associated with social engineering attacks and enforce policies.
Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
Trojan
Which of the following assets is MOST likely considered for DLP?
USB mass storage devices
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?
Use hardware already at an offsite location and configure it to be quickly utilized.
A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?
Virus
After an audit, it was discovered that the security group memberships were not properly adjusted for employees' accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Choose two.)
User rights and permission reviews, Management controls over account management.
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?
User rights and permissions review
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?
User rights reviews
Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?
Video surveillance
A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?
Write-once drives
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?
certificate, private key, and intermediate certificate chain
A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?
dd in=/dev/sda out=/dev/sdb bs=4k
A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:
escalation and notification
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
faillog
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
single points of failure are removed.
A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:
system was designed to fail open for life-safety.
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: HDD hashes are accurate.
time offset can be calculated