Deck J

Question 1

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

A. Penetration testing

B. WAF testing

C. Vulnerability scanning

D. White box testing

Answer 1

Vulnerability scanning

Question 2

After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

A. Fencing

B. Proximity readers

C. Video surveillance

D. Bollards

Answer 2

Bollards

Question 3

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.

B. Install anti-virus software on the USB drives.

C. Disable USB within the workstations BIOS.

D. Apply the concept of least privilege to USB devices.

E. Run spyware detection against all workstations.

Answer 3

Disable the USB root hub within the OS.

Disable USB within the workstations BIOS.

Question 4

In PKI, a key pair consists of: (Select TWO).

A. A key ring

B. A public key

C. A private key

D. Key escrow

E. A passphrase

Answer 4

A public key

A private key

Question 5

A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?

A. Adding a heat deflector

B. Redundant HVAC systems

C. Shielding

D. Add a wireless network

Answer 5

Shielding

Question 6

Which of the following is an application security coding problem?

A. Error and exception handling

B. Patch management

C. Application hardening

D. Application fuzzing

Answer 6

Error and exception handling

Question 7

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store.

B. Publish the new certificates to the global address list.

C. Make the certificates available to the operating system.

D. Recover the previous smart card certificates.

Answer 7

Publish the new certificates to the global address list.

Question 8

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege

B. Job rotation

C. Mandatory vacations

D. Separation of duties

Answer 8

Job rotation

Question 9

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

A. Penetration test

B. Code review

C. Baseline review

D. Design review

Answer 9

Baseline review

Question 10

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?

A. SNMPv3

B. TFTP

C. SSH

D. TLS

Answer 10

SNMPv3

Question 11

A network engineer is configuring a VPN tunnel connecting a company’s network to a business partner. Which of the following protocols should be used for key exchange?

A. SHA-1

B. RC4

C. Blowfish

D. Diffie-Hellman

Answer 11

SHA-1

Question 12

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers

B. NIDS

C. Firewalls

D. Web proxies

E. Layer 2 switches

Answer 12

Firewalls

Question 13

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

A. Event

B. SQL_LOG

C. Security

D. Access

Answer 13

Event

Question 14

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

A. Least privilege access

B. Separation of duties

C. Mandatory access control

D. Mandatory vacations

Answer 14

Mandatory vacations

Question 15

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing

B. Transport encryption

C. Digital signatures

D. Steganography

Answer 15

Steganography

Question 16

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport

B. This would not constitute unauthorized data sharing

C. This may violate data ownership and non-disclosure agreements

D. Acme Corp should send the data to ABC Services’ vendor instead

Answer 16

This may violate data ownership and non-disclosure agreements

Question 17

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

A. Acceptable use policy

B. Telecommuting policy

C. Data ownership policy

D. Non disclosure policy

Answer 17

Acceptable use policy

Question 18

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?

A. WPA2 CCMP

B. WPA

C. WPA with MAC filtering

D. WPA2 TKIP

Answer 18

WPA2 CCMP

Question 19

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

A. Least privilege

B. Sandboxing

C. Black box

D. Application hardening

Answer 19

Sandboxing

Question 20

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.

C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.

D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.

Answer 20

Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

Question 21

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

A. Single sign-on

B. Authorization

C. Access control

D. Authentication

Answer 21

Authentication

Question 22

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.

B. Data can only be stored on local workstations.

C. Wi-Fi networks should use WEP encryption by default.

D. Only USB devices supporting encryption are to be used.

Answer 22

Only USB devices supporting encryption are to be used.

Question 23

To ensure proper evidence collection, which of the following steps should be performed FIRST?

A. Take hashes from the live system

B. Review logs

C. Capture the system image

D. Copy all compromised files

Answer 23

Capture the system image

Question 24

Which of the following should an administrator implement to research current attack methodologies?

A. Design reviews

B. Honeypot

C. Vulnerability scanner

D. Code reviews

Answer 24

Honeypot

Question 25

Which of the following attacks involves the use of previously captured network traffic?

A. Replay

B. Smurf

C. Vishing

D. DDoS

Answer 25

Replay

Question 26

A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?

A. PII

B. PCI

C. Low

D. Public

Answer 26

PII

Question 27

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

A. Generate a new private key based on AES.

B. Generate a new public key based on RSA.

C. Generate a new public key based on AES.

D. Generate a new private key based on RSA.

Answer 27

Generate a new private key based on RSA.

Question 28

A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy?

A. NIDS

B. HIPS

C. NIPS

D. HIDS

Answer 28

HIPS

Question 29

A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?

A. Create a separate printer network

B. Perform penetration testing to rule out false positives

C. Install patches on the print server

D. Run a full vulnerability scan of all the printers

Answer 29

Install patches on the print server

Question 30

Which of the following BEST allows Peter, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

A. Switches

B. Protocol analyzers

C. Routers

D. Web security gateways

Answer 30

Protocol analyzers

Question 31

An encrypted message is sent using PKI from Emily, a client, to a customer. Emily claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

A. CRL

B. Non-repudiation

C. Trust models

D. Recovery agents

Answer 31

Non-repudiation

Question 32

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

A. VLAN

B. Subnetting

C. DMZ

D. NAT

Answer 32

DMZ

Question 33

An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?

A. (Threats X vulnerability X asset value) x controls gap

B. (Threats X vulnerability X profit) x asset value

C. Threats X vulnerability X control gap

D. Threats X vulnerability X asset value

Answer 33

Threats X vulnerability X asset value

Question 34

Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?

A. Smurf

B. DoS

C. Vishing

D. Replay

Answer 34

Replay

Question 35

Environmental control measures include which of the following?

A. Access list

B. Lighting

C. Motion detection

D. EMI shielding

Answer 35

EMI shielding

Question 36

A password history value of three means which of the following?

A. Three different passwords are used before one can be reused.

B. A password cannot be reused once changed for three years.

C. After three hours a password must be re-entered to continue.

D. The server stores passwords in the database for three days.

Answer 36

Three different passwords are used before one can be reused.

Question 37

Which of the following is the MOST important step for preserving evidence during forensic procedures?

A. Involve law enforcement

B. Chain of custody

C. Record the time of the incident

D. Report within one hour of discovery

Answer 37

Chain of custody

Question 38

Which of the following is the LEAST volatile when performing incident response procedures?

A. Registers

B. RAID cache

C. RAM

D. Hard drive

Answer 38

Hard drive

Question 39

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?

A. Too many incorrect authentication attempts have caused users to be temporarily disabled.

B. The DNS server is overwhelmed with connections and is unable to respond to queries.

C. The company IDS detected a wireless attack and disabled the wireless network.

D. The Remote Authentication Dial-In User Service server certificate has expired.

Answer 39

The Remote Authentication Dial-In User Service server certificate has expired.

Question 40

Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?

A. Spam filter

B. URL filter

C. Content inspection

D. Malware inspection

Answer 40

URL filter

Question 41

A company that has a mandatory vacation policy has implemented which of the following controls?

A. Risk control

B. Privacy control

C. Technical control

D. Physical control

Answer 41

Risk control

Question 42

Which of the following is an indication of an ongoing current problem?

A. Alert

B. Trend

C. Alarm

D. Trap

Answer 42

Alarm

Question 43

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid?

A. Bank’s CRL

B. Bank’s private key

C. Bank’s key escrow

D. Bank’s recovery agent

Answer 43

Bank’s CRL

Question 44

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?

A. WEP

B. WPA2 CCMP

C. Disable SSID broadcast and increase power levels

D. MAC filtering

Answer 44

WPA2 CCMP

Question 45

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A. Unified Threat Management

B. Virtual Private Network

C. Single sign on

D. Role-based management

Answer 45

Unified Threat Management

Question 46

A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing?

A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.

D. A mistaken port being entered because telnet servers typically do not listen on port 443.

Answer 46

A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

Question 47

Who should be contacted FIRST in the event of a security breach?

A. Forensics analysis team

B. Internal auditors

C. Incident response team

D. Software vendors

Answer 47

Incident response team

Question 48

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

A. Zero-day

B. Trojan

C. Virus

D. Rootkit

Answer 48

Virus

Question 49

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?

A. The user is encrypting the data in the outgoing messages.

B. The user is using steganography.

C. The user is spamming to obfuscate the activity.

D. The user is using hashing to embed data in the emails.

Answer 49

The user is using steganography

Question 50

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

A. Cloud computing

B. Full disk encryption

C. Data Loss Prevention

D. HSM

Answer 50

Cloud computing

Question 51

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

A. Armored virus

B. Polymorphic malware

C. Logic bomb

D. Rootkit

Answer 51

Armored virus

Question 52

Which of the following application security principles involves inputting random data into a program?

A. Brute force attack

B. Sniffing

C. Fuzzing

D. Buffer overflow

Answer 52

Fuzzing

Question 53

In order to prevent and detect fraud, which of the following should be implemented?

A. Job rotation

B. Risk analysis

C. Incident management

D. Employee evaluations

Answer 53

Job rotation

Question 54

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

A. Spanning tree

B. Flood guards

C. Access control lists

D. Syn flood

Answer 54

Spanning tree

Question 55

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

A. Import the recipient’s public key

B. Import the recipient’s private key

C. Export the sender’s private key

D. Export the sender’s public key

Answer 55

Import the recipient’s public key

Question 56

A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:

A. badge reader was improperly installed.

B. system was designed to fail open for life-safety.

C. system was installed in a fail closed configuration.

D. system used magnetic locks and the locks became demagnetized.

Answer 56

system was designed to fail open for life-safety.

Question 57

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).

A. FTP service should be disabled

B. HTTPS service should be disabled

C. SSH service should be disabled

D. HTTP service should disabled

E. Telnet service should be disabled

Answer 57

SSH service should be disabled

HTTP service should disabled

Question 58

Which of the following is the difference between identification and authentication of a user?

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.

B. Identification tells who the user is and authentication proves it.

C. Identification proves who the user is and authentication is used to keep the users data secure.

D. Identification proves who the user is and authentication tells the user what they are allowed to do.

Answer 58

Identification tells who the user is and authentication proves it.

Question 59

Which of the following protocols allows for the LARGEST address space?

A. IPX

B. IPv4

C. IPv6

D. Appletalk

Answer 59

IPv6

Question 60

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

A. TCP/IP socket design review

B. Executable code review

C. OS Baseline comparison

D. Software architecture review

Answer 60

OS Baseline comparison

Question 61

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

A. VPN

B. VLAN

C. WPA2

D. MAC filtering

Answer 61

VLAN

Question 62

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

A. Security awareness training.

B. BYOD security training.

C. Role-based security training.

D. Legal compliance training.

Answer 62

Security awareness training

Question 63

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?

A. IaaS

B. MaaS

C. SaaS

D. PaaS

Answer 63

MaaS

Question 64

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

A. Cloud

B. Trusted

C. Sandbox

D. Snapshot

Answer 64

Sandbox

Question 65

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP

B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS

D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS

Answer 65

Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

Question 66

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date.
Which of the following BEST describes this system type?

A. NAT

B. NIPS

C. NAC

D. DMZ

Answer 66

NAC

Question 67

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A. Install a token on the authentication server

B. Install a DHCP server on the authentication server

C. Install an encryption key on the authentication server

D. Install a digital certificate on the authentication server

Answer 67

Install a digital certificate on the authentication server

Question 68

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption.
Which of the following should be implemented?

A. WPA2-CCMP with 802.1X

B. WPA2-PSK

C. WPA2-CCMP

D. WPA2-Enterprise

Answer 68

WPA2-Enterprise

Question 69

A security engineer is reviewing log data and sees the output below: 
POST: /payload.php HTTP/1.1 
HOST: localhost 
Accept: */* 
Referrer: http://localhost/ 
******* HTTP/1.1 403 Forbidden 
Connection: close 
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? 

A. Host-based Intrusion Detection System

B. Web application firewall

C. Network-based Intrusion Detection System

D. Stateful Inspection Firewall

E. URL Content Filter

Answer 69

Web application firewall

Question 70

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?

A. Proper error handling

B. Proper input validation

C. Improper input validation

D. Improper error handling

Answer 70

Proper input validation

Question 71

Which of the following protocols encapsulates an IP packet with an additional IP header?

A. SFTP

B. IPSec

C. HTTPS

D. SSL

Answer 71

IPSec

Question 72

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

A. Honeynet

B. Vulnerability scanner

C. Port scanner

D. Protocol analyzer

Answer 72

Honeynet

Question 73

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures

B. Hashing

C. Full-disk encryption

D. Steganography

Answer 73

Steganography

Question 74

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

A. Change management

B. Implementing policies to prevent data loss

C. User rights and permissions review

D. Lessons learned

Answer 74

Lessons learned

Question 75

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).

A. Mandatory access control enforcement.

B. User rights and permission reviews.

C. Technical controls over account management.

D. Account termination procedures.

E. Management controls over account management.

F. Incident management and response plan.

Answer 75

User rights and permission reviews.

Management controls over account management.

Question 76

Peter, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Peter search for in the log files?

A. Failed authentication attempts

B. Network ping sweeps

C. Host port scans

D. Connections to port 22

Answer 76

Connections to port 22

Question 77

Which of the following is a management control?

A. Logon banners

B. Written security policy

C. SYN attack prevention

D. Access Control List (ACL)

Answer 77

Logon banners

Question 78

Which of the following MOST interferes with network-based detection techniques?

A. Mime-encoding

B. SSL

C. FTP

D. Anonymous email accounts

Answer 78

SSL

Question 79

Peter, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

A. $500

B. $5,000

C. $25,000

D. $50,000

Answer 79

$5,000

Question 80

Digital Signatures provide which of the following?

A. Confidentiality

B. Authorization

C. Integrity

D. Authentication

E. Availability

Answer 80

Integrity

Question 81

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system’s services to the list of standard services on the company’s system image. This review process depends on:

A. MAC filtering.

B. System hardening.

C. Rogue machine detection.

D. Baselining.

Answer 81

Baselining

Question 82

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

A. Input validation

B. Exception handling

C. Application hardening

D. Fuzzing

Answer 82

Fuzzing

Question 83

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA

B. Recovery agent

C. Root user

D. Key escrow

Answer 83

Root CA

Question 84

The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

A. HPM technology

B. Full disk encryption

C. DLP policy

D. TPM technology

Answer 84

DLP policy

Question 85

By default, which of the following uses TCP port 22? (Select THREE).

A. FTPS

B. STELNET

C. TLS

D. SCP

E. SSL

F. HTTPS

G. SSH

H. SFTP

Answer 85

SCP

SSH

SFTP

Question 86

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

A. Write-once drives

B. Database encryption

C. Continuous monitoring

D. Role-based access controls

Answer 86

Write-once drives

Question 87

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

A. Single sign on

B. IPv6

C. Secure zone transfers

D. VoIP

Answer 87

Secure zone transfers

Question 88

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?

A. Automatically encrypt impacted outgoing emails

B. Automatically encrypt impacted incoming emails

C. Monitor impacted outgoing emails

D. Prevent impacted outgoing emails

Answer 88

Automatically encrypt impacted outgoing emails

Question 89

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

A. Password age

B. Password hashing

C. Password complexity

D. Password history

E. Password length

Answer 89

Password age

Password history

Question 90

Which of the following tests a number of security controls in the least invasive manner?

A. Vulnerability scan

B. Threat assessment

C. Penetration test

D. Ping sweep

Answer 90

Vulnerability scan

Question 91

Which of the following is considered a risk management BEST practice of succession planning?

A. Reducing risk of critical information being known to an individual person who may leave the organization

B. Implementing company-wide disaster recovery and business continuity plans

C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats

D. Considering departmental risk management practices in place of company-wide practices

Answer 91

Implementing company-wide disaster recovery and business continuity plans

Question 92

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management

B. Chain of custody management

C. Change management

D. Incident management

Answer 92

Incident management

Question 93

A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines

B. Application hardening

C. Application access controls

D. Application patch management

Answer 93

Application patch management

Question 94

Public keys are used for which of the following?

A. Decrypting wireless messages

B. Decrypting the hash of an electronic signature

C. Bulk encryption of IP based email traffic

D. Encrypting web browser traffic

Answer 94

Decrypting the hash of an electronic signature

Question 95

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

A. cd ../../../../bin/bash

B. whoami

C. ls /root

D. sudo -u root

Answer 95

cd ../../../../bin/bash

Question 96

Which of the following is the BEST concept to maintain required but non-critical server availability?

A. SaaS site

B. Cold site

C. Hot site

D. Warm site

Answer 96

Warm site

Question 97

Users can authenticate to a company’s web applications using their credentials form a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials

B. Changes to passwords on the social media site can be delayed from replicating to the company

C. Data loss from the corporate servers can create legal liabilities with the social media site

D. Password breaches to the social media affect the company application as well

Answer 97

Password breaches to the social media affect the company application as well

Question 98

Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner’s data

B. Enables remote wipe capabilities

C. Stops an unauthorized user from using the device again

D. Prevents an unauthorized user from making phone calls

Answer 98

Prevents an unauthorized user from accessing owner’s data

Question 99

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”?

A. CRL

B. PKI

C. OCSP

D. RA

Answer 99

OCSP

Question 100

Which of the following BEST describes part of the PKI process?

A. User1 decrypts data with User2’s private key

B. User1 hashes data with User2’s public key

C. User1 hashes data with User2’s private key

D. User1 encrypts data with User2’s public key

Answer 100

User1 encrypts data with User2’s public key