Security+ Compliance and Operational Security
A company that has a mandatory vacation policy has implemented which of the following controls? A Risk control B Privacy control C Technical control D Physical control
A Risk control
After an audit, it was discovered that the security group memberships were not properly adjusted for employees' accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO). A Mandatory access control enforcement B User rights and permission reviews C Technical controls over account management D Account termination procedures E Management controls over account management F Incident management and response plan
B User rights and permission reviews E Management controls over account management
Which of the following is a management control? A Logon banners B Written security policy C SYN attack prevention D Access Control List (ACL)
B Written security policy
Which of the following should be considered to mitigate data theft when using CAT5 wiring? A CCTV B Environmental monitoring C Multimode fiber D EMI shielding
D EMI shielding
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on? A Lessons Learned B Eradication C Recovery D Preparation
D Preparation
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network? A DLP B CRL C TPM D HSM
A DLP
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer: A Date of birth B First and last name C Phone number D Employer name
A Date of birth
Which of the following risk concepts requires an organization to determine the number of failures per year? A SLE B ALE C MTBF D Quantitative analysis
B ALE
After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service? A Succession planning B Disaster recovery plan C Information security plan D Business impact analysis
B Disaster recovery plan
Which of the following disaster recovery strategies has the highest cost and shortest recovery time? A Warm site B Hot site C Cold site D Co-location site
B Hot site
Which of the following may significantly reduce data loss if multiple drives fail at the same time? A Virtualization B RAID C Load balancing D Server clustering
B RAID
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts? A badlog B faillog C wronglog D killog
B faillog
A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A Availability B Integrity C Confidentiality D Fire suppression
A Availability
The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available? A Cloud computing B Full disk encryption C Data Lost Prevention D HSM
A Cloud computing
Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following? A Clustering B RAID C Load balancing D Virtualization
A Clustering
Which of the following helps to apply the proper security controls is information? A Data classification B Deduplication C Clean desk policy D Encryption
A Data classification
What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A Enticement B Entrapment C Deceit D Sting
A Enticement
Which of the following fire suppression systems is MOST likely used in a datacenter? A FM-200 B Dry-pipe C Wet-pipe D Vacuum
A FM-200
Ann is starting a disaster recovery program. She has gathered specifies and team members for a meeting on site. Which of the following types of tests in this? A Structured walkthrough B Full Interruption test C Checklist test D Tabletop exercise
A Structured walkthrough
Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete? A Succession planning B Disaster recovery C Separation of duty D Removing single loss expectancy
A Succession planning
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in questions from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO). A Take hashes B Begin the chain of custody paperwork C Take screen shots D Capture the system image E Decompile suspicious files
A Take hashes D Capture the system image
Which of the following is an example of a false negative? A The IDS does not identify a buffer overflow B Anti-virus identifies a benign application as malware C Anti-virus protection interferes with the normal operation of an application D A user account is locked out after the user mistypes the password too many times
A The IDS does not identify a buffer overflow
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles? A User rights reviews B Incident management C Risk based controls D Annual loss expectancy
A User rights reviews
Digital certificates can be used to ensure which of the following? (Select TWO). A Availability B Confidentiality C Verification D Authorization E Non-repudiation
B Confidentiality E Non-repudiation
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause? A Application hardening B False positive C Baseline code review D False negative
B False positive
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information? A Business Impact Analysis B First Responder C Damage and Loss Control D Contingency Planning
B First Responder
Digital signatures are used for ensuring which of the following items? (Select TWO). A Confidentiality B Integrity C Non-Repudiation D Availability E Algorithm strength
B Integrity C Non-Repudiation
Which of the following concepts is a term that directly relates to customer privacy considerations? A Data handling policies B Personally identifiable information C Information classification D Clean desk policies
B Personally identifiable information
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware? A Lessons Learned B Preparation C Eradication D Identification
B Preparation
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? A Job rotation B Separation of duties C Mandatory Vacations D Least Privilege
B Separation of duties
The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur? A EMI emanations B Static electricity C Condensation D Dry-pipe fire suppression
B Static electricity
A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing the executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the could network they do not match. Which of the following describes how the employee is leaking these secrets? A Social engineering B Steganography C Hashing D Digital signatures
B Steganography
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT? A Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant B Tell the application development manager to code the application to adhere to the company's password policy C Ask the application development manager to submit a risk acceptance memo so that the issue can be documented D Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded
B Tell the application development manager to code the application to adhere to the company's password policy
Which of the following assets is MOST likely considered for DLP? A Application server content B USB mass storage devices C Reverse proxy D Print server
B USB mass storage devices
Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed? A Bollards B Video surveillance C Proximity readers D Fencing
B Video surveillance
A company replaces a number of devices with a mobile appliance, combining several functions. Which of the following descriptions fits this new implementation? (Select TWO). A Cloud computing B Virtualization C All-in-one device D Load balancing E Single point of failure
C All-in-one device E Single point of failure
Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems? A Incident management B Server clustering C Change management D Forensic analysis
C Change management
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access? A CCTV system access B Dial-up access C Changing environmental controls D Ping of death
C Changing environmental controls
Which of the following concepts defines the requirement for data availability? A Authentication to RADIUS B Non-repudiation of email messages C Disaster recovery planning D Encryption of email messages
C Disaster recovery planning
Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issue for a different website's address." A The website certificate was issued by a different CA than what the browser recognizes in its trusts CAs B The website is using a wildcard certificate issued for the company's domain C HTTPS://127.0.01 was used instead of HTTPS://localhost D The website is using an expired self signed certificate
C HTTPS://127.0.01 was used instead of HTTPS://localhost
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment? A Water base sprinkler system B Electrical C HVAC D Video surveillance
C HVAC
A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal? A Visitor logs B Firewall C Hardware locks D Environmental monitoring
C Hardware locks
A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall? A Mandatory vacations B Job rotation C Least privilege D Time of day restrictions
C Least privilege
Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding? A Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing B MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high C MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities D MOUs between two companies working together cannot be held to the same legal standards as SLAs
C MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities
A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A Policies B Procedures C Metrics D Standards
C Metrics
Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability? A Email Encryption B Steganography C Non Repudiation D Access Control
C Non Repudiation
Which of the following defines a business goal for system restoration and acceptable data loss? A MTTR B MTBF C RPO D Warm site
C RPO
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment? A Chain of custody B Tracking man hours C Record time offset D Capture video traffic
C Record time offset
Which of the following is a best practice when a mistake is made during a forensics examination? A The examiner should verify the tools before, during, and after an examination B The examiner should attempt to hide the mistake during cross-examination C The examiner should document the mistake and workaround the problem D The examiner should disclose the mistake and assess another area of the disc
C The examiner should document the mistake and workaround the problem
A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future? A Procedure and policy management B Chain of custody management C Change management D Incident management
D Incident management
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A Password resuse B Phishing C Social engineering D Tailgating
D Tailgating
Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hold in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk? A Accept the risk saving $10,000 B Ignore the risk saving $5,000 C Mitigate the risk saving $10,000 D Transfer the risk saving $5,000
D Transfer the risk saving $5,000
Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company's information systems? A Acceptable Use Policy B Privacy Policy C Security Policy D Human Resource Policy
A Acceptable Use Policy
Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO). A Acceptable use policy B Risk acceptance policy C Privacy policy D Email policy E Security policy
A Acceptable use policy C Privacy policy
A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution? A Attach a cable locks to each laptop B Require each customer to sign an AUP C Install a GPS tracking device onto each laptop D Install security cameras within the perimeter of the cafe
A Attach a cable locks to each laptop
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information? A Automatically encrypt impacted outgoing emails B Automatically encrypt impacted incoming emails C Monitor impacted outgoing emails D Prevent impacted outgoing emails
A Automatically encrypt impacted outgoing emails
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives? A Business Impact Analysis B IT Contingency Plan C Disaster Recovery Plan D Continuity of Operations
A Business Impact Analysis
An advantage of virtualizing servers, databases, and office application is: A Centralized management B Providing greater resources to users C Stronger access control D Decentralized management
A Centralized management
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this? A Certificate, private key, and intermediate certificate chain B Certificate, intermediate certificate chain, and root certificate C Certificate, root certificate, and certificate signing request D Certificate, public key, and certificate signing request
A Certificate, private key, and intermediate certificate chain
The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved? A Chain of custody B System image C Take hashes D Order of volatility
A Chain of custody
Certificates are used for: (Select TWO). A Client authentication B WEP encryption C Access control lists D Code signing E Password hashing
A Client authentication D Code signing
Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service? A Clustering B RAID C Backup Redundancy D Cold site
A Clustering
Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE). A Confidentiality B Availability C Integrity D Authorization E Authentication F Continuity
A Confidentiality B Availability C Integrity
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives? A DLP B Asset tracking C HSM D Access control
A DLP
Which of the following is a security risk regarding the use of public P2P as a method of collaboration? A Data integrity is susceptible to being compromised B Monitoring data changes induces a higher cost C Users are not responsible for data usage tracking D Limiting the amount of necessary space for data storage
A Data integrity is susceptible to being compromised
The use of social networking sites introduces the risk of: A Disclosure of proprietary information B Data classification issues C Data availability issues D Broken chain of custody
A Disclosure of proprietary information
Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information? A Employ encryption on all outbound emails containing confidential information B Employ exact data matching and prevent inbound emails with Data Loss Prevention C Employ hashing on all outbound emails containing confidential information D Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention
A Employ encryption on all outbound emails containing confidential information
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO). A Fire- or water-proof safe B Department door locks C Proximity card D 24-hour security guard E Locking cabinets and drawers
A Fire- or water-proof safe E Locking cabinets and drawers
Mandatory vacations are a security control which can be used to uncover which of the following? A Fraud committed by a system administrator B Poor password security among users C The need for additional security staff D Software vulnerabilities in vendor code
A Fraud committed by a system administrator
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement? A Full backups on the weekend and incremental during the week B Full backups on the weekend and full backups every day C Incremental backups on the weekend and differential backups every day D Differential backups on the weekend and full backups every day
A Full backups on the weekend and incremental during the week
A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented? A Guards B CCTV C Bollards D Spike strip
A Guards
Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program? A Hashing B Key escrow C Non-repudiation D Steganography
A Hashing
Which of the following functions provides an output which cannot be reversed and converts data into a string of characters? A Hashing B Stream ciphers C Steganography D Block ciphers
A Hashing
A network administrator recently updated various network devices to ensure redundancy the network. If an interface on any of the Later 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts? A High availability B Load balancing C Backout contingency plan D Clustering
A High availability
The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermine direction. AN infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed? A Hot and cold aisles B Humidity control C HVAC system D EMI shielding
A Hot and cold aisles
A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the data. Which of the following types of interoperability agreement is this? A ISA B MOU C SLA D BPA
A ISA
After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation? A Information Security Awareness B Social Media and BYOD C Data handling and Disposal D Acceptable Use of IT Systems
A Information Security Awareness
An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts? A Integrity B Availability C Confidentiality D Remediation
A Integrity
It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control? A Integrity B Safety C Availability D Confidentiality
A Integrity
A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address: A Integrity of downloaded software B Availability of the FTP site C Confidentiality of downloaded software D Integrity of the server logs
A Integrity of downloaded software
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? A Internal account audits B Account disablement C Time of day restriction D Password complexity
A Internal account audits
In order to prevent and detect fraud, which of the following should be implemented? A Job rotation B Risk analysis C Incident management D Employee evaluations
A Job rotation
When a communication plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO). A Methods and templates to respond to press requests,institutional and regulatory reporting requirements B Methods to exchange essential information to and from all response team members, employees, suppliers, and customers C Developed recovery strategies, text plans, post-test evaluation and update processes D Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential E Methods to review and report on system logs, incident response, and incident handling
A Methods and templates to respond to press requests,institutional and regulatory reporting requirements B Methods to exchange essential information to and from all response team members, employees, suppliers, and customers
Which of the following policies is implemented in order to minimize data loss or theft? A PII handling B Password policy C Chain of custody D Zero day exploits
A PII handling
Which of the following provides the LEAST availability? A RAID 0 B RAID 1 C RAID 3 D RAID 5
A RAID 0
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews? A Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned B Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively C Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced D Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources
A Review all user permissions and group memberships to ensure only the minimum set of permissions
Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint? A SHA1 B MD2 C MD4 D MD5
A SHA1
The method to provide end users of IT systems and application with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is: A Security awareness training B BYOD security training C Role-based security training D Legal compliance training
A Security awareness training
A major security risk with co-mingling of hosts with different security requirements is: A Security policy violations B Zombie attacks C Password compromises D Privilege creep
A Security policy violations
Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print check while only two other employees may sign the checks. Which of the following concepts would enforce this process? A Separation of Duties B Mandatory Vacations C Discretionary Access Control D Job Rotation
A Separation of Duties
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity's of Joe's certificate? (Select TWO). A The CA's public key B Joe's private key C Ann's public key D The CA's private key E Joe's public key F Ann's private key
A The CA's public key E Joe's public key
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem? A The intermediate CA certificates were not installed on the server B The certificate is not the correct type for a virtual server C The encryption key used in the certificate is too short D The client's browser is trying to negotiate SSL instead of TLS
A The intermediate CA certificates were not installed on the server
Why would a technician use a password cracker? A To look for weak passwords on the network B To change a user's passwords when they leave the company C To enforce password complexity requirements D To change users passwords if they have forgotten them
A To look for weak passwords on the network
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option? A Use hardware already at an offsite location and configure it to be quickly utilized B Move the servers and data to another part of the company's main campus from the server room C Retain data back-ups on the main campus and establish redundant servers in a virtual environment D Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy
A Use hardware already at an offsite location and configure it to be quickly utilized
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes? A User rights and permissions review B Configuration management C Incident management D Implement security controls on Layer 3 devices
A User rights and permissions review
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this? A User rights reviews B Least privilege and job rotation C Change management D Change control
A User rights reviews
A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? A Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup B Keep the data partition, restore the OS from the most current backup and run a full system, antivirus scan C Format the storage and reinstall both the OS and the data from the most current backup D Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised
A Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach? A $1,500 B $3,750 C $15,000 D $75,000
B $3,750
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? A $500 B $5,000 C $25,000 D $50,000
B $5,000
Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO). A DAC B ALE C SLE D ARO E ROI
B ALE C SLE
A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts? A Confidentiality B Availability C Succession planning D Integrity
B Availability
In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified? A Security control frameworks B Best practice C Access control methodologies D Compliance activity
B Best practice
Which of the following is the MOST important step for preserving evidence during forensic procedures? A Involve law enforcement B Chain of custody C Record the time of the incident D Report within one hour of discovery
B Chain of custody
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO). A Patch Audit Policy B Change Control Policy C Incident Management Policy D Regression Testing Policy E Escalation Policy F Application Audit Policy
B Change Control Policy D Regression Testing Policy
Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages? A Risk transference B Change management C Configuration management D Access control re validation
B Change management
Separation of duties is often implemented between developers and administrators in order to separate which of the following? A More experienced employees from less experienced employees B Changes to program code and the ability to deploy to production C Upper level management users from standard development employees D The network access layer from the application access layer
B Changes to program code and the ability to deploy to production
Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss? A Record time offset B Clean desk policy C Cloud computing D Routine log review
B Clean desk policy
A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? A The certificate will be added to the Certificate Revocation List (CRL) B Clients will be notified that the certificate is invalid C The ecommerce site will not function until the certificate is renewed D The ecommerce site will no longer use encryption
B Clients will be notified that the certificate is invalid
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data? A Configure a VPN concentrator to log all traffic destined for ports 80 and 443 B Configure a proxy server to log all traffic destined for ports 80 and 443 C Configure a switch to log all traffic destined for ports 80 and 443 D Configure a NIDS to log all traffic destined for ports 80 and 443
B Configure a proxy server to log all traffic destined for ports 80 and 443
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The use has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT? A Contact their manager and request guidance on how to best move forward B Contact the help desk and/or incident response team to determine next steps C Provide the requester with the email information since it will be released soon anyway D Reply back to the requester to gain their contact information and call them
B Contact the help desk and/or incident response team to determine next steps
Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns? A Hardware integrity B Data confidentiality C Availability of servers D Integrity of data
B Data confidentiality
Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE). A Authentication B Data leakage C Compliance D Malware E Non-repudiation F Network loading
B Data leakage C Compliance D Malware
When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation? A Humidity senors B EMI shielding C Channel interference D Cable kinking
B EMI shielding
Which of the following results in datacenters with failed humidity controls? (Select TWO). A Excessive EMI B Electrostatic charge C Improper ventilation D Condensation E Irregular temperature
B Electrostatic charge D Condensation
After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss way to better protect the privacy of customer data. Which of the following controls support this goal? A Contingency planning B Encryption and stronger access control C Hashing and non-repudiation D Redundancy and fault tolerance
B Encryption and stronger access control
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk? A Implement privacy policies B Enforce mandatory vacations C Implement a security policy D Enforce time of day restrictions
B Enforce mandatory vacations
When implementing fire suppression controls in a datacenter it is important to: A Select a fire suppression system which protects equipment buy may harm technicians B Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers C Integrate maintenance procedures to include regularly discharging the system D Use a system with audible alarms to ensure technicians have 20 minutes to evacuate
B Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? A Enticement B Entrapment C Deceit D Sting
B Entrapment
A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO). A Disk hashing procedures B Full disk encryption C Data retention policies D Disk wiping procedures E Removable media encryption
B Full disk encryption D Disk wiping procedures
The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand? A Warm site implementation for the datacenter B Geographically disparate site redundant datacenter C Localized clustering of the datacenter D Cold site implementation for the datacenter
B Geographically disparate site redundant datacenter
A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection? A Prohibiting removable media B Incorporating a full-disk encryption system C Biometric controls on data center entry points D A host-based intrusion detection system
B Incorporating a full-disk encryption system
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity? A Place a full-time guard at the entrance to confirm user identity B Install a camera and DVR at the entrance to monitor access C Revoke all proximity badge access to make users justify access D Install a motion detector near the entrance
B Install a camera and DVR at the entrance to monitor access
Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts? A Availability B Integrity C Accounting D Confidentiality
B Integrity
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented? A Mandatory vacations B Job rotation C Least privilege D Separation of duties
B Job rotation
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented? A Least privilege B Job rotation C Mandatory vacations D Separation of duties
B Job rotation
Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network? A Cross-platform compatibility issues between personal devices and server-based applications B Lack of controls in place to ensure that the devices have the latest system patches and signature files C Non-corporate devices are more difficult to locate when a user is terminated D Non-purchased or leased equipment may cause failure during the audits of company-owned assets
B Lack of controls in place to ensure that the devices have the latest system patches and signature files
Which of the following provides the BEST application availability and is easily expanded as demand grows? A Server virtualization B Load balancing C Active-Passive Cluster D RAID 6
B Load balancing
Which of the following technologies uses multiple devices to share work? A Switching B Load balancing C RAID D VPN concentrator
B Load balancing
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter? A Increased availability of network services due to higher throughput B Longer MTBF of hardware due to lower operating temperatures C Higher data integrity due to more efficient SSD cooling D Longer UPS run time due to increased airflow
B Longer MTBF of hardware due to lower operating temperatures
A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe? A Fencing B Mantrap C A guard D Video surveillance
B Mantrap
Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection? A Sign in and sign out logs B Mantrap C Video surveillance D HVAC
B Mantrap
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? A Matt should implement access control lists and turn on EFS B Matt should implement DLP and encrypt the company database C Matt should install Truecrypt and encrypt the company server D Matt should install TPMs and encrypt the company database
B Matt should implement DLP and encrypt the company database
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence? A Using a software file recovery disc B Mounting the drive in read-only mode C Imaging based on order of volatility D Hashing the image after capture
B Mounting the drive in read-only mode
An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? A CRL B Non-repudiation C Trust models D Recovery agents
B Non-repudiation
Which of the following is the BEST approach to perform risk mitigation of user access control rights? A Conduct surveys and rank the results B Perform routine user permission reviews C Implement periodic vulnerability scanning D Disable user accounts that have not been used within the last two weeks
B Perform routine user permission reviews
Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement? A Set up mantraps to avoid tailgating of approved users B Place a guard at the entrance to approve access C Install a fingerprint scanner at the entrance D Implement proximity readers to scan users' badges
B Place a guard at the entrance to approve access
Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? A No competition with the company's official social presence B Protection against malware introduced by banner ads C Increased user productivity based upon fewer distractions D Elimination of risks caused by unauthorized P2P file sharing
B Protection against malware introduced by banner ads
A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform? A Remove all previous smart card certificates from the local certificate store B Publish the new certificates to the global address list C Make the certificates available to the operating system D Recover the previous smart card certificates
B Publish the new certificates to the global address list
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure? A Hardware load balancing B RAID C A cold site D A host standby
B RAID
Identifying residual risk is MOST important to which of the following concepts? A Risk deterrence B Risk acceptance C Risk mitigation D Risk avoidance
B Risk acceptance
Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO). A Scanning printing of documents B Scanning of outbound IM (Instance Messaging) C Scanning copying of documents to USB D Scanning of SharePoint document library E Scanning of shared drives F Scanning of HTTP user traffic
B Scanning of outbound IM (Instance Messaging) F Scanning of HTTP user traffic
Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender? A Recipient's private key B Sender's public key C Recipient's public key D Sender's private key
B Sender's public key
Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following? A Fault tolerance B Succession planning C Business continuity testing D Recover point objectives
B Succession planning
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate? A Taking screenshots B System image capture C Chain of custody D Order of volatility
B System image capture
A Malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This cause the electronic locks on the datacenter door to release because the: A Badge reader was improperly installed B System was designed to fail open for life-safety C System was installed in a fail closed configuration D System used magnetic locks and the locks became demagnetized
B System was designed to fail open for life-safety
An information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important? A A full scan must be run on the network after the DAT file is installed B The signatures must have a hash value equal to what is displayed on the vendor site C The definition file must be updated within seven days D All users must be logged off of the network prior to the installation of the definition file
B The signatures must have a hash value equal to what is displayed on the vendor site
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring? A The user is encrypting the data in the outgoing messages B The user is using steganography C The user is spamming to obfuscate the activity D The user is using hashing to embed data in the emails
B The user is using steganography
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO). A To allow load balancing for cloud support B To allow for business continuity if one provider goes out of business C To eliminate a single point of failure D To allow for a hot site in case of disaster E To improve intranet communication speeds
B To allow for business continuity if one provider goes out of business C To eliminate a single point of failure
Which of the following is the BEST reason to provide user awareness and training programs for organizational staff? A To ensure proper use of social media B To reduce organization IT risk C To detail business impact analyses D To train staff on zero-days
B To reduce organization IT risk
A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace fiver servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company? A $7,000 B $10,000 C $17,500 D $35,000
C $17,500
Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received? A Configure an ACL B Implement a URL filter C Add the domain to a block list D Enable TLS on the mail server
C Add the domain to a block list
The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity? A Application hardening B Application firewall review C Application change management D Application patch management
C Application change management
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools? A Identify user habits B Disconnect system from network C Capture system image D Interview witnesses
C Capture system image
To ensure proper evidence collection, which of the following steps should be performed FIRST? A Take hashes from the live system B Review logs C Capture the system image D Copy all compromised files
C Capture the system image
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident? A Eye Witness B Data Analysis of the hard drive C Chain of custody D Expert Witness
C Chain of custody
Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? A Warm site B Load balancing C Clustering D RAID
C Clustering
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? A Restoration and recovery strategies B Deterrent strategies C Containment strategies D Detection strategies
C Containment strategies
Which of the following is being tested when a company's payroll server is powered off for eight hours? A Succession plan B Business impact document C Continuity of operations plan D Risk assessment plan
C Continuity of operations plan
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used? A Detective B Deterrent C Corrective D Preventive
C Corrective
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the follow can be implemented to provide for data confidentiality assurance during and after the mitigation to the could? A HPM technology B Full disk encryption C DLP policy D TPM technology
C DLP policy
An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future? A Business continuity planning B Quantitative assessment C Data classification D Qualitative assessment
C Data classification
Which of the following is the primary security concern when deploying a mobile device on a network? A Strong authentication B Interoperability C Data security D Cloud storage technique
C Data security
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario? A Site visit to the backup data center B Disaster recovery plan review C Disaster recovery exercise D Restore from backup
C Disaster recovery exercise
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action? A Create a single, shared user account for every system that is audited and logged based upon time of use B Implement a single sign-on application on equipment with sensitive data and high-profile shares C Enact a policy that employees must use their vacation time in a staggered schedule D Separate employees into teams led by a person who acts as a single point of contact for observation purposes
C Enact a policy that employees must use their vacation time in a staggered schedule
Ann, a security technician, is reviewing the IDS log file. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results? A True negatives B True positives C False positives D False negatives
C False positives
Which of the following can result in significant administrative overhead from incorrect reporting? A Job rotation B Acceptable usage policies C False positives D Mandatory vacations
C False positives
The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware? A TwoFish B SHA-512 C Fuzzy hashes D HMAC
C Fuzzy hashes
An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. Which of the following database designs provides the BEST security for the online store? A Use encryption for the credential fields and hash the credit card field B Encrypt the username and hash the password C Hash the credential fields and use encryption for the credit card field D Hash both the credential fields and the credit card field
C Hash the credential fields and use encryption for the credit card field
A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern? A Create conduct policies prohibiting sharing credentials B Enforce a policy shortening the credential expiration timeframe C Implement biomtric readers on laptops and restricted areas D Install security camera in areas containing sensitive systems
C Implement biomtric readers on laptops and restricted areas
Requiring technicians to report spyware infections is a step in which of the following? A Routine audits B Change management C Incident management D Clean desk policy
C Incident management
Who should be contacted FIRST in the event of a security breach? A Forensics analysis team B Internal auditors C Incident response team D Software vendors
C Incident response team
Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Sara using? A Confidentiality B Compliance C Integrity D Availability
C Integrity
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations? A Subnetting B NAT C Jabber D DMZ
C Jabber
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? A Mandatory access B Rule-based access control C Lease privilege D Job rotation
C Lease privilege
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? A TCP/IP socket design review B Executable code review C OS Baseline comparison D Software architecture review
C OS Baseline comparison
Three of the primary security control types that can be implemented are. A Supervisory, subordinate, and peer B Personal, procedural, and legal C Operational, technical, and management D Mandatory, discretionary, and permanent
C Operational, technical, and management
Ann a technician received a spear-phishing email asking her to update her personal information by clocking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? A User Awareness B Acceptable Use Policy C Personal Identifiable Information D Information Sharing
C Personal Identifiable Information
A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost? A Clustering B Mirrored server C RAID D Tape backup
C RAID
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal? A CCTV B Environmental monitoring C RFID D EMI shielding
C RFID
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager? A User permissions B Policy enforcement C Routine audits D Change management
C Routine audits
A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as: A Symmetric cryptography B Private key cryptography C Salting D Rainbow tables
C Salting
Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again? A Disable the wireless access and implement strict router ACLs B Reduce restrictions on the corporate web security gateway C Security policy and threat awareness training D Perform user rights and permissions reviews
C Security policy and threat awareness training
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues? A Adding a heat deflector B Redundant HVAC systems C Shielding D Add a wireless network
C Shielding
Which of the following risks could IT management by mitigating by removing an all-in-one device? A Continuity of operations B Input validation C Single point of failure D Single sign on
C Single point of failure
A network administrator has recently updated their network devices to ensure redundancy is in place so that: A Switches can redistribute routes across the network B Environmental monitoring can be performed C Single points of failure are removed D Hot and cold aisles are functioning
C Single points of failure are removed
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following? A Peer to Peer B Mobile devices C Social networking D Personally owned devices
C Social networking
A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing? A Systems should be restored within six hours and no later than two days after the incident B Systems should be restored within two days and should remain operational for at least six hours C Systems should be restored within six hours with a minimum of two days worth of data D Systems should be restored within two days with a minimum of six hours worth of data
C Systems should be restored within six hours with a minimum of two days worth of data
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A Management B Administrative C Technical D Operational
C Technical
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed? A The request needs to be sent to the incident management team B The request needs to be approved through the incident management process C The request needs to be approved through the change management process D The request needs to be sent to the change management team
C The request needs to be approved through the change management process
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party? A The data should be encrypted prior to transport B This would not constitute unauthorized data sharing C This may violate data ownership and non-disclosure agreements D Acme Corp should send the data to ABC Services' vendor instead
C This may violate data ownership and non-disclosure agreements
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? A To ensure that false positives are identified B To ensure that staff conform to the policy C To reduce the organization risk D To require acceptable usage of IT systems
C To reduce the organization risk
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented? A Cold site B Load balancing C Warm site D Hot site
C Warm site
A company storing data on a secure server wants to en sure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this? A Command shell restrictions B Restricted interface C Warning banners D Session output pipe to /dev/null
C Warning banners
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device? A Authentication B Blacklisting C Whitelisting D Acceptable use policy
C Whitelisting
A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive? A cp/dev/sda/dev/sdb bs=8k B tail-f/dev/sda>/dev/sdb/ bs=8k C dd in=/dev/sda out=/dev/sdb bs=4k D locate/dev/sda/dev/sdb bs=4k
C dd in=/dev/sda out=/dev/sdb bs=4k
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement? A line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password B line console 0 password password line vty 0 4 password P@s5W0Rd C line vty 0 3 password Qwer++!y vty 4 password P@s5W0Rd D line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd
C line vty 0 3 password Qwer++!y vty 4 password P@s5W0Rd
Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must ave zero downtime during business hours. Which of the following should Joe take into consideration? A A disk-based image of every computer as they are being replaced B A plan that skips every other replaced computer to limit the area of affected users C An offsite contingency server farm that can act as a warm site should any issues appear D A back-out strategy planned out anticipating any unforeseen problems that may arise
D A back-out strategy planned out anticipating any unforeseen problems that may arise
A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application? A Avoid the risk the user base allowing them to re-enable their own accounts B Mitigate the risk by patching the application to increase security and saving money C Transfer the risk replacing the application now instead of in five years D Accept the risk and continue to enable the accounts each month saving money
D Accept the risk and continue to enable the accounts each month saving money
While rarely enforced, mandatory vacation policies are effective at uncovering: A Help desk technicians with oversight by multiple supervisors and detailed quality control systems B Collusion between two employees who perform the same business function C Acts of incompetence by a systems engineer designing complex architectures as a member of a team D Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight
D Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO). A The CA's public key B Ann's public key C Joe's private key D Ann's private key E The CA's private key F Joe's public key
D Ann's private key F Joe's public key
A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate? A Authentication B Integrity C Confidentiality D Availability
D Availability
Used in conjunction, which of the following are PII? (Select TWO). A Marital status B Favorite movie C Pet's name D Birthday E Full name
D Birthday E Full name
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future? A Fencing B Proximity readers C Video surveillance D Bollards
D Bollards
A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating? A Succession plan B Continuity of operation plan C Disaster recovery plan D Business impact analysis
D Business impact analysis
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate? A System image capture B Record time offset C Order of volatility D Chain of custody
D Chain of custody
Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk? A Incident management B Clean desk policy C Routine audits D Change management
D Change management
XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement? A Social media policy B Data retention policy C CCTV policy D Clean desk policy
D Clean desk policy
The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sits. The advice would BEST protect people from which of the following? A Rainbow table attacks B Brute force attacks C Birthday attacks D Cognitive password attacks
D Cognitive password attacks
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario? A Content filtering B IDS C Audit logs D DLP
D DLP
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement? A File encryption B Printer hardening C Clean desk policies D Data loss prevention
D Data loss prevention
Which of the following describes the purpose of an MOU? A Define interoperability requirements B Define data backup process C Define onboard/offboard procedure D Define responsibilities of each party
D Define responsibilities of each party
Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A? A Steganography B Hashing C Encryption D Digital Signatures
D Digital Signatures
Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host? A Installing anti-malware B Implementing an IDS C Taking a baseline configuration D Disabling unnecessary services
D Disabling unnecessary services
Environmental control measures include which of the following? A Access list B Lighting C Motion detection D EMI shielding
D EMI shielding
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future? A Application firewalls B Manual updates C Firmware version control D Encrypted TCP wrappers
D Encrypted TCP wrappers
Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely? A Digital Signatures B Hashing C Secret Key D Encryption
D Encryption
Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen? A Hashing B Screen locks C Device password D Encryption
D Encryption
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use? A Email scanning B Content discovery C Database fingerprinting D Endpoint protection
D Endpoint protection
After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage? A Whole disk encryption B Removable disk encryption C Database record level encryption D File level encryption
D File level encryption
Which of the following is the LEAST volatile when performing incident response procedures? A Registers B RAID cache C RAM D Hard drive
D Hard drive
Which of the following would a security administrator use to verify the integrity of a file? A Time stamp B MAC times C File descriptor D Hash
D Hash
Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter? A Fire suppression B Raised floor implementation C EMI shielding D Hot or cool aisle containment
D Hot or cool aisle containment
Which of the following is the MOST specific plan for various problems that can arise within a system? A Business Continuity Plan B Continuity of Operation Plan C Disaster Recovery Plan D IT Contingency Plan
D IT Contingency Plan
The helpdesk reports increased calls from clients reporting spike in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response? A Recovery B Follow-up C Validation D Identification E Eradication F Containment
D Identification
Key elements of a business impact analysis should include which of the following tasks? A Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes B Identify institutional and regulatory reporting requirements, develop response teams and communication tress, and develop press release templates C Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management D Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential
D Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential
Which of the following is BEST carried out immediately after a security breach is discovered? A Risk transference B Access control revalidation C Change management D Incident management
D Incident management
Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data? A Social networking use training B Personally owned device policy training C Tailgating awareness policy training D Information classification training
D Information classification training
A software company has completed a security assessment. The assessment stats that the company should implement fencing and lighting around the property. Additionally the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO). A Fault tolerance B Encryption C Availability D Integrity E Safety F Confidentiality
D Integrity E Safety
After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies? A Change management B Implementing policies to prevent data loss C User rights and permissions review D Lessons learned
D Lessons learned
In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence? A Mitigation B Identification C Preparation D Lessons learned
D Lessons learned
Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company? A Privacy Policy B Least Privilege C Acceptable Use D Mandatory Vacations
D Mandatory Vacations
Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company? A Privacy Policy B Least Privilege C Acceptable Use D Mandatory Vacations
D Mandatory Vacations
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together? A Least privilege access B Separation of duties C Mandatory access control D Mandatory vacations
D Mandatory vacations
Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described? A Tailgating B Fencing C Screening D Mantrap
D Mantrap
Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services? A Hot site B Warm site C Cold site D Mobile site
D Mobile site
Which of the following statements is MOST likely to be included in the security awareness training about P2P? A P2P is always used to download copyrighted material B P2P can be used to improve computer system response C P2P may prevent viruses from entering the network D P2P may cause excessive network bandwidth
D P2P may cause excessive network bandwidth
Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration? A Malicious users can exploit local corporate credentials with their social media credentials B Changes to passwords on the social media site can be delayed from replicating to the company C Data loss from the corporate servers can create legal liabilities with the social media site D Password breaches to the social media site affect the company application as well
D Password breaches to the social media site affect the company application as well
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? A Host based firewall B Initial baseline configurations C Discretionary access control D Patch management system
D Patch management system
Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). A Acceptable us of social media B Data handling and disposal C Zero day exploits and viruses D Phishing threats and attacks E Clean desk and BYOD F Information security awareness
D Phishing threats and viruses F Information security awareness
Encryption of data at rest is important for sensitive information because of which of the following? A Facilitates tier 2 support, by preventing users from changing the OS B Renders the recovery of data harder in the event of user password loss C Allows the remote removal of data following eDiscovery requests D Prevents data from being accessed following theft of physical equipment
D Prevents data from being accessed following theft of physical equipment
Upper management decides which risk to mitigate based on cost. This is an example of: A Qualitative risk assessment B Business impact analysis C Risk management framework D Quantitative risk assessment
D Quantitative risk assessment
Which of the following provides data the best fault tolerance at the LOWEST cost? A Load balancing B Clustering C Server virtualization D RAID 6
D RAID 6
A company recently experienced data loss when a server crashed due to a midday power outage. Which of the following should be used to prevent this from occurring again? A Recovery procedures B EMI shielding C Environmental monitoring D Redundancy
D Redundancy
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future? A User permissions reviews B Incident response team C Change management D Routine auditing
D Routine auditing
A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls? A Integrity B Availability C Confidentiality D Safety
D Safety
Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following? A Acceptable Use Policy B Physical security controls C Technical controls D Security awareness training
D Security awareness training
A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company? A Account lockout policy B Account password enforcement C Password complexity enabled D Separation of duties
D Separation of duties
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? A Business continuity planning B Continuity of operations C Business impact analysis D Succession planning
D Succession planning
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk? A (Threats X vulnerability X asset value) x controls gap B (Threats X vulnerability X profit) x asset value C Threats X vulnerability X control gap D Threats X vulnerability X asset value
D Threats X vulnerability X asset value
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: A HDD hashes are accurate B The NTP server works properly C Chain of custody is preserved D Time offset can be calculated
D Time offset can be calculated
Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization? A Train employees on correct data disposal techniques and enforce policies B Only allow employees to enter or leave through one door at specified time of the day C Only allow employees to go on break one at a time and post security guards 24/7 at each entrance D Train employees in risks associated with social engineering attacks and enforce policies
D Train employees in risks associated with social engineering attacks and enforce policies
Which of the following is the BEST concept to maintain required but non-critical server availability? A SaaS site B Cold site C Hot site D Warm site
D Warm site