Deck J Flashcards by Jerry Brinson

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

A. Penetration testing

B. WAF testing

C. Vulnerability scanning

D. White box testing

Vulnerability scanning

How well did you know this?

Not at all

Perfectly

After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

A. Fencing

B. Proximity readers

C. Video surveillance

D. Bollards

Bollards

How well did you know this?

Not at all

Perfectly

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.

B. Install anti-virus software on the USB drives.

C. Disable USB within the workstations BIOS.

D. Apply the concept of least privilege to USB devices.

E. Run spyware detection against all workstations.

Disable the USB root hub within the OS.

Disable USB within the workstations BIOS.

How well did you know this?

Not at all

Perfectly

In PKI, a key pair consists of: (Select TWO).

A. A key ring

B. A public key

C. A private key

D. Key escrow

E. A passphrase

A public key

A private key

How well did you know this?

Not at all

Perfectly

A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?

A. Adding a heat deflector

B. Redundant HVAC systems

C. Shielding

D. Add a wireless network

Shielding

How well did you know this?

Not at all

Perfectly

Which of the following is an application security coding problem?

A. Error and exception handling

B. Patch management

C. Application hardening

D. Application fuzzing

Error and exception handling

How well did you know this?

Not at all

Perfectly

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store.

B. Publish the new certificates to the global address list.

C. Make the certificates available to the operating system.

D. Recover the previous smart card certificates.

Publish the new certificates to the global address list.

How well did you know this?

Not at all

Perfectly

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege

B. Job rotation

C. Mandatory vacations

D. Separation of duties

Job rotation

How well did you know this?

Not at all

Perfectly

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

A. Penetration test

B. Code review

C. Baseline review

D. Design review

Baseline review

How well did you know this?

Not at all

Perfectly

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?

A. SNMPv3

B. TFTP

C. SSH

D. TLS

SNMPv3

How well did you know this?

Not at all

Perfectly

A network engineer is configuring a VPN tunnel connecting a company’s network to a business partner. Which of the following protocols should be used for key exchange?

A. SHA-1

B. RC4

C. Blowfish

D. Diffie-Hellman

SHA-1

How well did you know this?

Not at all

Perfectly

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers

B. NIDS

C. Firewalls

D. Web proxies

E. Layer 2 switches

Firewalls

How well did you know this?

Not at all

Perfectly

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

A. Event

B. SQL_LOG

C. Security

D. Access

Event

How well did you know this?

Not at all

Perfectly

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

A. Least privilege access

B. Separation of duties

C. Mandatory access control

D. Mandatory vacations

Mandatory vacations

How well did you know this?

Not at all

Perfectly

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing

B. Transport encryption

C. Digital signatures

D. Steganography

Steganography

How well did you know this?

Not at all

Perfectly

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport

B. This would not constitute unauthorized data sharing

C. This may violate data ownership and non-disclosure agreements

D. Acme Corp should send the data to ABC Services’ vendor instead

This may violate data ownership and non-disclosure agreements

How well did you know this?

Not at all

Perfectly

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

A. Acceptable use policy

B. Telecommuting policy

C. Data ownership policy

D. Non disclosure policy

Acceptable use policy

How well did you know this?

Not at all

Perfectly

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?

A. WPA2 CCMP

B. WPA

C. WPA with MAC filtering

D. WPA2 TKIP

WPA2 CCMP

How well did you know this?

Not at all

Perfectly

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

A. Least privilege

B. Sandboxing

C. Black box

D. Application hardening

Sandboxing

How well did you know this?

Not at all

Perfectly

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.

C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.

D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.

Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

How well did you know this?

Not at all

Perfectly

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

A. Single sign-on

B. Authorization

C. Access control

D. Authentication

Authentication

How well did you know this?

Not at all

Perfectly

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.

B. Data can only be stored on local workstations.

C. Wi-Fi networks should use WEP encryption by default.

D. Only USB devices supporting encryption are to be used.

Only USB devices supporting encryption are to be used.

How well did you know this?

Not at all

Perfectly

To ensure proper evidence collection, which of the following steps should be performed FIRST?

A. Take hashes from the live system

B. Review logs

C. Capture the system image

D. Copy all compromised files

Capture the system image

How well did you know this?

Not at all

Perfectly

Which of the following should an administrator implement to research current attack methodologies?

A. Design reviews

B. Honeypot

C. Vulnerability scanner

D. Code reviews

Honeypot

How well did you know this?

Not at all

Perfectly

Which of the following attacks involves the use of previously captured network traffic? A. Replay B. Smurf C. Vishing D. DDoS

Replay

A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data? A. PII B. PCI C. Low D. Public

PII

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step? A. Generate a new private key based on AES. B. Generate a new public key based on RSA. C. Generate a new public key based on AES. D. Generate a new private key based on RSA.

Generate a new private key based on RSA.

A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy? A. NIDS B. HIPS C. NIPS D. HIDS

HIPS

A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak? A. Create a separate printer network B. Perform penetration testing to rule out false positives C. Install patches on the print server D. Run a full vulnerability scan of all the printers

Install patches on the print server

Which of the following BEST allows Peter, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? A. Switches B. Protocol analyzers C. Routers D. Web security gateways

Protocol analyzers

An encrypted message is sent using PKI from Emily, a client, to a customer. Emily claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? A. CRL B. Non-repudiation C. Trust models D. Recovery agents

Non-repudiation

Which of the following network architecture concepts is used to securely isolate at the boundary between networks? A. VLAN B. Subnetting C. DMZ D. NAT

DMZ

An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk? A. (Threats X vulnerability X asset value) x controls gap B. (Threats X vulnerability X profit) x asset value C. Threats X vulnerability X control gap D. Threats X vulnerability X asset value

Threats X vulnerability X asset value

Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? A. Smurf B. DoS C. Vishing D. Replay

Replay

Environmental control measures include which of the following? A. Access list B. Lighting C. Motion detection D. EMI shielding

EMI shielding

A password history value of three means which of the following? A. Three different passwords are used before one can be reused. B. A password cannot be reused once changed for three years. C. After three hours a password must be re-entered to continue. D. The server stores passwords in the database for three days.

Three different passwords are used before one can be reused.

Which of the following is the MOST important step for preserving evidence during forensic procedures? A. Involve law enforcement B. Chain of custody C. Record the time of the incident D. Report within one hour of discovery

Chain of custody

Which of the following is the LEAST volatile when performing incident response procedures? A. Registers B. RAID cache C. RAM D. Hard drive

Hard drive

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue? A. Too many incorrect authentication attempts have caused users to be temporarily disabled. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. The company IDS detected a wireless attack and disabled the wireless network. D. The Remote Authentication Dial-In User Service server certificate has expired.

The Remote Authentication Dial-In User Service server certificate has expired.

Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites? A. Spam filter B. URL filter C. Content inspection D. Malware inspection

URL filter

A company that has a mandatory vacation policy has implemented which of the following controls? A. Risk control B. Privacy control C. Technical control D. Physical control

Risk control

Which of the following is an indication of an ongoing current problem? A. Alert B. Trend C. Alarm D. Trap

Alarm

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid? A. Bank’s CRL B. Bank’s private key C. Bank’s key escrow D. Bank’s recovery agent

Bank's CRL

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections? A. WEP B. WPA2 CCMP C. Disable SSID broadcast and increase power levels D. MAC filtering

WPA2 CCMP

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal? A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management

Unified Threat Management

A security analyst noticed a colleague typing the following command: `Telnet some-host 443’ Which of the following was the colleague performing? A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443.

A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

Who should be contacted FIRST in the event of a security breach? A. Forensics analysis team B. Internal auditors C. Incident response team D. Software vendors

Incident response team

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program? A. Zero-day B. Trojan C. Virus D. Rootkit

Virus

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring? A. The user is encrypting the data in the outgoing messages. B. The user is using steganography. C. The user is spamming to obfuscate the activity. D. The user is using hashing to embed data in the emails.

The user is using steganography

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available? A. Cloud computing B. Full disk encryption C. Data Loss Prevention D. HSM

Cloud computing

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab? A. Armored virus B. Polymorphic malware C. Logic bomb D. Rootkit

Armored virus

Which of the following application security principles involves inputting random data into a program? A. Brute force attack B. Sniffing C. Fuzzing D. Buffer overflow

Fuzzing

In order to prevent and detect fraud, which of the following should be implemented? A. Job rotation B. Risk analysis C. Incident management D. Employee evaluations

Job rotation

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches? A. Spanning tree B. Flood guards C. Access control lists D. Syn flood

Spanning tree

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time? A. Import the recipient’s public key B. Import the recipient’s private key C. Export the sender’s private key D. Export the sender’s public key

Import the recipient's public key

A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the: A. badge reader was improperly installed. B. system was designed to fail open for life-safety. C. system was installed in a fail closed configuration. D. system used magnetic locks and the locks became demagnetized.

system was designed to fail open for life-safety.

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO). A. FTP service should be disabled B. HTTPS service should be disabled C. SSH service should be disabled D. HTTP service should disabled E. Telnet service should be disabled

SSH service should be disabled HTTP service should disabled

Which of the following is the difference between identification and authentication of a user? A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. B. Identification tells who the user is and authentication proves it. C. Identification proves who the user is and authentication is used to keep the users data secure. D. Identification proves who the user is and authentication tells the user what they are allowed to do.

Identification tells who the user is and authentication proves it.

Which of the following protocols allows for the LARGEST address space? A. IPX B. IPv4 C. IPv6 D. Appletalk

IPv6

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? A. TCP/IP socket design review B. Executable code review C. OS Baseline comparison D. Software architecture review

OS Baseline comparison

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected? A. VPN B. VLAN C. WPA2 D. MAC filtering

VLAN

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is: A. Security awareness training. B. BYOD security training. C. Role-based security training. D. Legal compliance training.

Security awareness training

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into? A. IaaS B. MaaS C. SaaS D. PaaS

MaaS

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building? A. Cloud B. Trusted C. Sandbox D. Snapshot

Sandbox

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed? A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS

Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date. Which of the following BEST describes this system type? A. NAT B. NIPS C. NAC D. DMZ

NAC

Which of the following is a step in deploying a WPA2-Enterprise wireless network? A. Install a token on the authentication server B. Install a DHCP server on the authentication server C. Install an encryption key on the authentication server D. Install a digital certificate on the authentication server

Install a digital certificate on the authentication server

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented? A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise

WPA2-Enterprise

``` A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1.1 HOST: localhost Accept: */* Referrer: http://localhost/ ******* HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? ``` A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter

Web application firewall

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields’ Which of the following is this an example of? A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling

Proper input validation

Which of the following protocols encapsulates an IP packet with an additional IP header? A. SFTP B. IPSec C. HTTPS D. SSL

IPSec

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection? A. Honeynet B. Vulnerability scanner C. Port scanner D. Protocol analyzer

Honeynet

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal? A. Digital signatures B. Hashing C. Full-disk encryption D. Steganography

Steganography

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies? A. Change management B. Implementing policies to prevent data loss C. User rights and permissions review D. Lessons learned

Lessons learned

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO). A. Mandatory access control enforcement. B. User rights and permission reviews. C. Technical controls over account management. D. Account termination procedures. E. Management controls over account management. F. Incident management and response plan.

User rights and permission reviews. Management controls over account management.

Peter, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Peter search for in the log files? A. Failed authentication attempts B. Network ping sweeps C. Host port scans D. Connections to port 22

Connections to port 22

Which of the following is a management control? A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL)

Logon banners

Which of the following MOST interferes with network-based detection techniques? A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts

SSL

Peter, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? A. $500 B. $5,000 C. $25,000 D. $50,000

$5,000

Digital Signatures provide which of the following? A. Confidentiality B. Authorization C. Integrity D. Authentication E. Availability

Integrity

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system’s services to the list of standard services on the company’s system image. This review process depends on: A. MAC filtering. B. System hardening. C. Rogue machine detection. D. Baselining.

Baselining

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing

Fuzzing

Which of the following is used to certify intermediate authorities in a large PKI deployment? A. Root CA B. Recovery agent C. Root user D. Key escrow

Root CA

The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud? A. HPM technology B. Full disk encryption C. DLP policy D. TPM technology

DLP policy

By default, which of the following uses TCP port 22? (Select THREE). A. FTPS B. STELNET C. TLS D. SCP E. SSL F. HTTPS G. SSH H. SFTP

SCP SSH SFTP

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected? A. Write-once drives B. Database encryption C. Continuous monitoring D. Role-based access controls

Write-once drives

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network? A. Single sign on B. IPv6 C. Secure zone transfers D. VoIP

Secure zone transfers

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information? A. Automatically encrypt impacted outgoing emails B. Automatically encrypt impacted incoming emails C. Monitor impacted outgoing emails D. Prevent impacted outgoing emails

Automatically encrypt impacted outgoing emails

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO). A. Password age B. Password hashing C. Password complexity D. Password history E. Password length

Password age Password history

Which of the following tests a number of security controls in the least invasive manner? A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep

Vulnerability scan

Which of the following is considered a risk management BEST practice of succession planning? A. Reducing risk of critical information being known to an individual person who may leave the organization B. Implementing company-wide disaster recovery and business continuity plans C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats D. Considering departmental risk management practices in place of company-wide practices

Implementing company-wide disaster recovery and business continuity plans

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future? A. Procedure and policy management B. Chain of custody management C. Change management D. Incident management

Incident management

A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again? A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management

Application patch management

Public keys are used for which of the following? A. Decrypting wireless messages B. Decrypting the hash of an electronic signature C. Bulk encryption of IP based email traffic D. Encrypting web browser traffic

Decrypting the hash of an electronic signature

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail? A. cd ../../../../bin/bash B. whoami C. ls /root D. sudo -u root

cd ../../../../bin/bash

Which of the following is the BEST concept to maintain required but non-critical server availability? A. SaaS site B. Cold site C. Hot site D. Warm site

Warm site

Users can authenticate to a company’s web applications using their credentials form a popular social media site. Which of the following poses the greatest risk with this integration? A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media affect the company application as well

Password breaches to the social media affect the company application as well

Which of the following is the BEST reason for placing a password lock on a mobile device? A. Prevents an unauthorized user from accessing owner’s data B. Enables remote wipe capabilities C. Stops an unauthorized user from using the device again D. Prevents an unauthorized user from making phone calls

Prevents an unauthorized user from accessing owner’s data

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”? A. CRL B. PKI C. OCSP D. RA

OCSP

Which of the following BEST describes part of the PKI process? A. User1 decrypts data with User2’s private key B. User1 hashes data with User2’s public key C. User1 hashes data with User2’s private key D. User1 encrypts data with User2’s public key

User1 encrypts data with User2’s public key