A developer is coding the crypto routine of an application that will be installed on a standard
headless and diskless server connected to a NAS housed in the datacenter. The developer has
written the following six lines of code to add entropy to the routine:
1 - If VIDEO input exists, use video data for entropy
2 - If AUDIO input exists, use audio data for entropy
3 - If MOUSE input exists, use mouse data for entropy
4 - IF KEYBOARD input exists, use keyboard data for entropy
5 - IF IDE input exists, use IDE data for entropy
6 - IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?Options are :
A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance
manufacturer claims the new device is hardened against all known attacks and several undisclosed
zero day exploits. The code base used for the device is a combination of compiled C
and TC/TKL scripts. Which of the following methods should the security research use to
enumerate the ports and protocols in use by the appliance?Options are :
A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select
A. Remove acquired companies Internet access.
B. Federate identity management systems.
C. Install firewalls between the businesses.
D. Re-image all end user computers to a standard image.
E. Develop interconnection policy.
F. Conduct a risk analysis of each acquired company’s networks.Options are :
A WAF without customization will protect the infrastructure from which of the following attack
combinations?Options are :
At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed
read/write access to the backend database of a financial company. At 10:45 a.m. the security
administrator received multiple alerts from the company’s statistical anomaly-based IDS about a
company database administrator performing unusual transactions. At 10:55 a.m. the security
administrator resets the database administrator’s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual
transactions from the same user. Which of the following is MOST likely the cause of the alerts?Options are :
An intrusion detection system logged an attack attempt from a remote IP address. One week later,
the attacker successfully compromised the network. Which of the following MOST likely occurred?Options are :
Staff from the sales department have administrator rights to their corporate standard operating
environment, and often connect their work laptop to customer networks when onsite during
meetings and presentations. This increases the risk and likelihood of a security incident when the
sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect
the corporate network?Options are :
Company XYZ has transferred all of the corporate servers, including web servers, to a cloud
hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of
Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider,
but it is encrypted when not in use. Only the DNS server is configured to audit user and
administrator actions and logging is disabled on the other virtual machines. Given this scenario,
which of the following is the MOST significant risk to the system?Options are :
An administrator receives a notification from legal that an investigation is being performed on
members of the finance department. As a precaution, legal has advised a legal hold on all
documents for an unspecified period of time. Which of the following policies will MOST likely be
violated? (Select TWO).
A. Data Storage Policy
B. Data Retention Policy
C. Corporate Confidentiality Policy
D. Data Breach Mitigation Policy
Company A is purchasing Company B. Company A uses a change management system for all IT
processes while Company B does not have one in place. Company B’s IT staff needs to purchase
a third party product to enhance production. Which of the following NEXT steps should be
implemented to address the security impacts this product may cause?Options are :
A newly-appointed risk management director for the IT department at Company XYZ, a major
pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the
developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and
well-written report from the independent contractor who performed a security assessment of the
system. The report details what seem to be a manageable volume of infrequently exploited
security vulnerabilities. The director decides to implement continuous monitoring and other
security controls to mitigate the impact of the vulnerabilities. Which of the following should the
director require from the developers before agreeing to deploy the system?Options are :
A University uses a card transaction system that allows students to purchase goods using their
student ID. Students can put money on their ID at terminals throughout the campus. The security
administrator was notified that computer science students have been using the network to illegally
put money on their cards. The administrator would like to attempt to reproduce what the students
are doing. Which of the following is the BEST course of action?Options are :
Which of the following provides the HIGHEST level of security for an integrated network providing
services to authenticated corporate users?Options are :
A large financial company has a team of security-focused architects and designers that contribute
into broader IT architecture and design solutions. Concerns have been raised due to the security
contributions having varying levels of quality and consistency. It has been agreed that a more
formalized methodology is needed that can take business drivers, capabilities, baselines, and reusable
patterns into account. Which of the following would BEST help to achieve these objectives?Options are :
A company’s security policy states that its own internally developed proprietary Internet facing
software must be resistant to web application attacks. Which of the following methods provides the
MOST protection against unauthorized access to stored database information?Options are :
A new company requirement mandates the implementation of multi-factor authentication to access
network resources. The security administrator was asked to research and implement the most
cost-effective solution that would allow for the authentication of both hardware and users. The
company wants to leverage the PKI infrastructure which is already well established. Which of the
following solutions should the security administrator implement?Options are :
An IT administrator wants to restrict DNS zone transfers between two geographically dispersed,
external company DNS name servers, and has decided to use TSIG. Which of the following are
critical when using TSIG? (Select TWO).
A. Periodic key changes once the initial keys are established between the DNS name servers.
B. Secure exchange of the key values between the two DNS name servers.
C. A secure NTP source used by both DNS name servers to avoid message rejection.
D. DNS configuration files on both DNS name servers must be identically encrypted.
E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS
name servers.Options are :
As part of the ongoing information security plan in a large software development company, the
Chief Information officer (CIO) has decided to review and update the company’s privacy policies
and procedures to reflect the changing business environment and business requirements.
Training and awareness of the new policies and procedures has been incorporated into the
security awareness program which should be:Options are :
The Universal Research Association has just been acquired by the Association of Medical
Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part
of the acquisition, but cannot fund labor for major software projects. Which of the following will
MOST likely result in some IT resources not being integrated?Options are :
The <nameID> element in SAML can be provided in which of the following predefined formats?
A. X.509 subject name
B. PTR DNS record
C. EV certificate OID extension
D. Kerberos principal name
E. WWN record nameOptions are :
“We need the system to produce a series of numbers with no discernible mathematical
progression for use by our Java based, PKI-enabled, customer facing website.”
Which of the following BEST restates the customer need?Options are :
A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data.
The storage administrator reports that the data retention policy relevant to their industry only
requires one year of email data. However the storage administrator also reports that there are
three years of email data on the server and five years of email data on backup tapes. How many
years of data MUST the company legally provide?Options are :
The internal audit department is investigating a possible breach of security. One of the auditors is
sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data into the
Employee B. Works in the accounts payable office and is in charge of approving purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and Employee B,
and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?Options are :
A security administrator must implement a SCADA style network overlay to ensure secure remote
management of all network management and infrastructure devices. Which of the following BEST
describes the rationale behind this architecture?Options are :
An administrator receives reports that the network is running slow for users connected to a certain
switch. Viewing the network traffic, the administrator reviews the following:
18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 18.104.22.168.inaddr.
18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)
18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.inaddr.
18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)
18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq
1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr
215646227], length 48
18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 22.214.171.124.inaddr.
18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win
124, options [nop,nop,TS val 215647479 ecr 16021424], length 48
18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525,
options [nop,nop,TS val 16021424 ecr 215647479], length 0
18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)
18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46
18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 126.96.36.199.inaddr.
Given the traffic report, which of the following is MOST likely causing the slow traffic?Options are :
The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing
regiment into the security management plan specifically for the development area. The CISO’s
requirements are that testing must have a low risk of impacting system stability, can be scripted,
and is very thorough. The development team claims that this will lead to a higher degree of test
script maintenance and that it would be preferable if the testing was outsourced to a third party.
The CISO still maintains that third-party testing would not be as thorough as the third party lacks
the introspection of the development team. Which of the following will satisfy the CISO
requirements?Options are :
The marketing department at Company A regularly sends out emails signed by the company’s
Chief Executive Officer (CEO) with announcements about the company. The CEO sends company
and personal emails from a different email account. During legal proceedings against the
company, the Chief Information Officer (CIO) must prove which emails came from the CEO and
which came from the marketing department. The email server allows emails to be digitally signed
and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their
password with anyone. Which of the following will allow the CIO to state which emails the CEO
sent and which the marketing department sent?Options are :
Company ABC is planning to outsource its Customer Relationship Management system (CRM)
and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the
service?Options are :
Due to cost and implementation time pressures, a security architect has allowed a NAS to be used
instead of a SAN for a non-critical, low volume database. Which of the following would make a
NAS unsuitable for a business critical, high volume database application that required a high
degree of data confidentiality and data availability? (Select THREE).
A. File level transfer of data
B. Zoning and LUN security
C. Block level transfer of data
E. Broadcast storms
F. File level encryption
G. LatencyOptions are :
Company ABC was formed by combining numerous companies which all had multiple databases,
web portals, and cloud data sets. Each data store had a unique set of custom developed
authentication mechanisms and schemas. Which of the following approaches to combining the
disparate mechanisms has the LOWEST up front development costs?Options are :