9654234
Description
Flashcards by Stephen Williamson, updated more than 1 year ago
|
Created by Stephen Williamson
over 6 years ago
|
|
| Question | Answer |
| An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data? A. SMB B. NFS C. FCoE D iSCSI | SMB |
| A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Which of the following technologies should the administrator implement to meet these goals? (Select TWO). A. LUN masking B. Snapshots C. vSAN D. Dynamic disk pools E. Multipath F. Deduplication | Dynamic disk pools Multipath |
| A system administrator has just installed a new Linux distribution. The distribution is configured to be ìsecure out of the boxî. The system administrator cannot make updates to certain system files and services. Each time changes are attempted, they are denied and a system error is generated. Which of the following troubleshooting steps should the security administrator suggest? | Review settings in the SELinux configuration files |
| A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.Which of the following is the solutions architect MOST likely trying to implement? A. One time pads B. PKI C. Quantum cryptography D. Digital rights management | One time pads |
| A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? | Isolate the system on a secure network to limit its contact with other systems |
| ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst? | Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution |
| A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is also anticipated that the cityís emergency and first response communication systems will be required to operate across the same network. The project manager has experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN? A. NDA B. RFI C. RFP D. RFQ | RFI |
| In a situation where data is to be recovered from an attackerís location, which of the following are the FIRST things to capture? (Select TWO). A. Removable media B. Passwords written on scrap paper C. Snapshots of data on the monitor D. Documents on the printer E. Volatile system memory F. System hard drive | Snapshots of data on the monitor Volatile system memory |
| An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step? | Schedule a meeting with key human resource application stakeholders |
| An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and configuration parameters that technicians could follow during the deployment process? A. Automated workflow B. Procedure C. Corporate standard D. Guideline E. Policy | Guidline |
| An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? A. $0 B. $7,500 C. $10,000 D. $12,000 E.$15,000 | $7,500 |
| An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents? | Interconnection Security Agreement |
| A facilities manager has observed varying electric use on the companyís metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT departmentís needs? (Select TWO). | Facility management participation on a change control board Implementation of change management best practices |
| A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this? | Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables |
| The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point? | Conduct a bit level image, including RAM, of one or more of the Linux servers |
| Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem? | Implement change control practices at the organization level |
| A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning? | Test external interfaces to see how they function when they process fragmented IP packets |
| In an effort to minimize costs, the management of a small candy company wishes to explore a cloud service option for the development of its online applications. The company does not wish to invest heavily in IT infrastructure. Which of the following solutions should be recommended? A. A public IaaS B. A public PaaS C. A public SaaS D. A private SaaS E. A private IaaS F. A private PaaS | A public PaaS |
| An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are:1. Each lab must be on a separate network segment.2. Labs must have access to the Internet, but not other lab networks.3. Student devices must have network access, not simple access to hosts on the lab networks.4. Students must have a private certificate installed before gaining access.5. Servers must have a private certificate installed locally to provide assurance to the students.6. All students must use the same VPN connection profile.Which of the following components should be used to achieve the design in conjunction with directory services? | IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment |
| A small company is developing a new Internet-facing web application. The security requirements are:1. Users of the web application must be uniquely identified and authenticated.2. Users of the web application will not be added to the companyís directory services.3. Passwords must not be stored in the code.Which of the following meets these requirements? | Use OpenID and allow a third party to authenticate users |
| A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management. The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for this scenario? | Deploy a corporate Read-Only Domain Controller to the Branch location |
| A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology? A. Insider threat B. Network reconnaissance C. Physical security D. Industrial espionage | Physical security |
| A finance manager says that the company needs to ensure that the new system can ìreplayî data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the companyís transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance managerís needs? | User requirements |
| An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability? | Time-Based access control lists |
| The IT Security Analyst for a small organization is working on a customerís system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion? | Refer the issue to management for handling according to the incident response process |
| The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? | Implement group policy objects |
| Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors? | Establish a cloud-based authentication service that supports SAML |
| A network engineer wants to deploy user-based authentication across the companyís wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each userís network access be controlled based on the userís role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO). | LDAP RADIUS |
| A company Chief Information Officer (CIO) is unsure which set of standards should govern the companyís IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO? | Issue a policy specifying best practice security standards and a baseline to be implemented across the company |
| A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. Which of the following is the BEST time to make them address security issues in the project? A. In the middle of the project B. At the end of the project C. At the inception of the project D. At the time they request | At the inception of the project |
| A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailerís AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPNís no other security action was taken.To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed? A. Residual Risk calculation B. A cost/benefit analysis C. Quantitative Risk Analysis D. Qualitative Risk Analysis | Quantitative Risk Analysis |
| Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below:User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top downTask 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.Task 4) Other than allowing all hosts to do network time and SSL, modify | DST: 192.168.2.33 DST Port: 443 Protocol: any, TCP, TCP, UDP, any, any Action: Permit, Permit, Deny, Permit, Deny, Deny any across the board, left arrow up |
| Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost list for each item is listed below:1. Anti-Virus Server - $10,0002. Firewall-$15,0003. Load Balanced Server - $10,0004. NIDS/NIPS-$10,0005. Packet Analyzer - $5,0006. Patch Server-$15,0007. Proxy Server-$20,0008. Router-$10,0009. Spam Filter-$5,00010. Traffic Shaper - $20,00011. Web Application Firewall - $10,000Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place an object on the network diagram, you can remove it by clicking the (x) in the upper right-hand of the object.-Exhibit (04562fe3-62e8-4141-98d2-52b5f3d5c5eb)- | 1- Anti-Virus Server 2 - Firewall, server in between, 11 - Web Application Firewall Email, Web, DNS, 4 - NIDS/NIPS, 9-Spam Filter |
| A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:1. Developers have the ability to perform technical validation of development applications.2. End users have the ability to access internal web applications.3. Third-party vendors have the ability to support applications.In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled.-Exhibit (917dfe6a-795c-408d-a383-70ee3e2347f8)- | 1. Zone - Non-Production Data Access Mechanism - Browser 2. Zone - Virtual Desktops Access Mechanism - Management 3. Zone - Production Data Access Mechanism - Out of Band Jump Box |
| An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled.-Exhibit (c2aa1d2e-ee9a-4c09-a022-1251ece21194)- | 1. Permit staff to security work from home Ans: Implement a VPN with appropriate authentication and authorization 2. Permit customers to access their account only from certain countries Ans: Implement risk profiling of any connecting device 3. Detect credit cards leaving the organization Ans: Implement a DLP solution 4. Deploy infrastructure to permit users to access the Internet Ans: Implement FORWARD proxies with appropriate authentication and authorization 5. Deploy infrastructure to permit customers to access their account balance Ans: Implement REVERSE proxies with the appropriate authentication and authorization |
| IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.-Exhibit (e50140b7-145f-4f31-bec3-c4403f61c1dd)- | Vendor may accidentally or maliciously make changes to IT system Ans: ALLOW view-only access to third parties Desktop sharing traffic may be intercepted by network attackers Ans: PERFORM remote sessions over SSL/TLS No guarantees that shoulder surfing attacks not occurring at the vendor Ans: IDENTIFIED control gap Vendor may inadvertently see confidential material from the company, such as email or IM notifications Ans: LIMIT desktop sharing to specific application windows |
Want to create your own Flashcards for free with GoConqr? Learn more.