Q121. - (Topic 4) 

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40% of the desktops do not meet requirements. Which of the following is the cause of the noncompliance? 

A. The devices are being modified and settings are being overridden in production. 

B. The patch management system is causing the devices to be noncompliant after issuing the latest patches. 

C. The desktop applications were configured with the default username and password. 

D. 40% of the devices have been compromised. 


Q122. - (Topic 4) 

A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered? 

A. During the product selection phase 

B. When testing the appliance 

C. When writing the RFP for the purchase process 

D. During the network traffic analysis phase 


Q123. - (Topic 5) 

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO). 

A. Establish the security control baseline to be assessed 

B. Build the application according to software development security standards 

C. Write the systems functionality requirements into the security requirements traceability matrix 

D. Review the results of user acceptance testing 

E. Categorize the applications according to use 

F. Consult with the stakeholders to determine which standards can be omitted 

Answer: A,E 

Q124. - (Topic 5) 

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations? 

A. Block in-bound connections to the company’s NTP servers. 

B. Block IPs making monlist requests. 

C. Disable the company’s NTP servers. 

D. Disable monlist on the company’s NTP servers. 


Q125. - (Topic 2) 

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package? 

A. 1 

B. 2 

C. 3 

D. 4 


Q126. - (Topic 2) 

VPN users cannot access the active FTP server through the router but can access any server in the data center. 

Additional network information: 

DMZ network – (FTP server is 

VPN network – 

Datacenter – 

User network - 

HR network –\ 

Traffic shaper configuration: 

VLAN Bandwidth Limit (Mbps) 






Router ACL: 











Which of the following solutions would allow the users to access the active FTP server? 

A. Add a permit statement to allow traffic from to the VPN network 

B. Add a permit statement to allow traffic to from the VPN network 

C. IPS is blocking traffic and needs to be reconfigured 

D. Configure the traffic shaper to limit DMZ traffic 

E. Increase bandwidth limit on the VPN network 


Q127. - (Topic 4) 

A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? 

A. Require all development to follow secure coding practices. 

B. Require client-side input filtering on all modifiable fields. 

C. Escape character sequences at the application tier. 

D. Deploy a WAF with application specific signatures. 


Q128. - (Topic 5) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication? 

A. Spiral 

B. Agile 

C. Waterfall 

D. Rapid 


Q129. - (Topic 1) 

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk? 

A. Deploy new perimeter firewalls at all stores with UTM functionality. 

B. Change antivirus vendors at the store and the corporate office. 

C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution. 

D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it. 


Q130. - (Topic 5) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? 

A. Agile 

B. Waterfall 

C. Scrum 

D. Spiral