Casp? 121-150
Application sandboxing
Input validation
Penetration testing
Code reviews
Install the new solution, migrate to the new solution, and test the new solution.
Purchase the new solution, test the new solution, and migrate to the new solution.
Decommission the old solution, install the new solution, and test the new solution.
Test the new solution, migrate to the new solution, and decommission the old solution.
Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.
Introduce a peer review process that is mandatory before a document can be officially made final.
Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.
Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.
Data User
Data Owner
Business Owner
Data Custodian
Virtual Private Network
Secure Sockets Layer for web servers
Network monitoring
Multifactor authentication for users
Full disk encryption
Intrusion detection systems
A device lockdown according to policies
An IDS on the internal networks
A data disclosure policy
A privacy policy
Encrypt data in transit for remote access
LUN masking
Deduplication
Multipathing
Snapshots
Users only have to remember one password.
Applications need to validate authentication tokens.
Authentication is secured by the certificate authority.
Less time and complexity removing user access.
All password transactions are encrypted.
Implement an enforceable change management system.
Implement a software development life cycle policy.
Enable user level auditing on all servers.
Implement a federated identity management system.
Configure automatic updates on all servers.
Enable RADIUS and end point security on Company B’s network devices.
Enable LDAP authentication on Company A’s network devices.
Enable LDAP/TLS authentication on Company A’s network devices.
Enable 802.1x on Company B’s network devices.
Visibility on the traffic between the virtual machines can impact confidentiality
NIC utilization can exceed 50 percent and impact availability
Shared virtual switches can negatively impact the integrity of network packets
Additional overhead from network bridging can affect availability
The hypervisor host does not have hardware acceleration enabled and does not allow DEP.
The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution.
The virtual machine is configured to require administrator rights to execute all programs.
The virus is trying to access a virtual device which the hypervisor is configured to restrict.
The existing SAN may be read-only.
The existing SAN used LUN masking.
The new SAN is not FCoE based.
The data may not be in a usable format.
1. Deploy an HTTP interceptor on the switch span port; 2. Adjust the external facing NIDS; 3. Reconfigure the firewall ACLs to block the all traffic above port 2000; 4. Verify the proxy server is configured correctly and hardened; 5. Review the logs weekly in the future.
1. Deploy a protocol analyzer on the switch span port; 2. Adjust the internal HIDS; 3. Reconfigure the firewall ACLs to block outbound HTTP traffic; 4. Reboot the proxy server; 5. Continue to monitor the network.
1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports; 4. Verify the proxy server is configured correctly and hardened; 5. Continue to monitor the network.
1. Deploy a network fuzzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the proxy server to block the attacks; 4. Verify the firewall is configured correctly and hardened.
Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.
Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.
Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.
Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.
An employee copying gigabytes of personal video files from the employee’s personal laptop to their company desktop to share files.
An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company.
An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.
An employee accidentally infecting the network with a virus by connecting a USB drive to the employee’s personal laptop.
Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans
Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups.
Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices
Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality Mitigations: GPS tracking, centralized approved application deployment, over-the-air backups, QoS implementation
Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.
Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.
Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
The system shall send a status message to a network monitoring console every five seconds while in an error state and the system should email the administrator when the number of input errors exceeds five.
The system shall alert the administrator upon the loss of network communications and when error flags are thrown.
The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.
The system shall email the administrator when an error condition is detected and a flag is thrown and the system shall send an email to the administrator when network communications are disrupted.
The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.
The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.
The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.
The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.
Malware originating from Company XYZ’s network
Co-mingling of company networks
Lack of an IPSec connection between the two networks
Loss of proprietary plant information
Build an organization-wide fine grained access control model stored in a centralized policy data store.
Implement self service provisioning of identity information, coarse grained, and fine grained access control.
Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.
Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.
Implement automated provisioning of identity information; coarse grained, and fine grained access control.
Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.
Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.
Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications.
Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility.
Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.
Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
Explain how customer data is gathered, used, disclosed, and managed.
Remind staff of the company’s data handling policy and have staff sign an NDA.
Focus on explaining the “how” and “why” customer data is being collected.
Republish the data classification and the confidentiality policy.
Limit source ports on the firewall to specific IP addresses.
Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
Implement stateful UDP filtering on UDP ports above 1024.
Configure the firewall to use IPv6 by default.
Employees publishing negative information and stories about company management on social network sites and blogs.
An employee remotely configuring the email server at a relative’s company during work hours.
Employees posting negative comments about the company from personal phones and PDAs.
External parties cloning some of the company’s externally facing web pages and creating lookalike sites.
Modify the SRC and DST ports of ACL 1
Modify the SRC IP of ACL 1 to 0.0.0.0/32
Modify the ACTION of ACL 2 to Permit
Modify the PROTO of ACL 1 to TCP
Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.
Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.
Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.
Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
RED ZONE. none ORANGE ZONE. WAF YELLOW ZONE. SPAM Filter GREEN ZONE. none
RED ZONE. Virus Scanner, SPAM Filter ORANGE ZONE. NIPS YELLOW ZONE. NIPS GREEN ZONE. NIPS
RED ZONE. WAF, Virus Scanner ORANGE ZONE. NIPS YELLOW ZONE. NIPS GREEN ZONE. SPAM Filter
RED ZONE. NIPS ORANGE ZONE. WAF YELLOW ZONE. Virus Scanner, SPAM Filter GREEN ZONE. none
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
Wait!
Here's an interesting quiz for you.