Q101. - (Topic 3) 

A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack? 

A. Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY – 445. 

B. Run a TCP 445 port scan across the organization and patch hosts with open ports. 

C. Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445. 

D. Force a signature update and full system scan from the enterprise anti-virus solution. 


Q102. - (Topic 4) 

A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojan’s behavior and the remote DNS and IP addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted? 


B. Vulnerability scanner 

C. Packet analyzer 

D. Firewall logs 

E. Disassembler 


Q103. - (Topic 1) 

A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action? 

A. Investigate the network traffic and block UDP port 3544 at the firewall 

B. Remove the system from the network and disable IPv6 at the router 

C. Locate and remove the unauthorized 6to4 relay from the network 

D. Disable the switch port and block the 2001::/32 traffic at the firewall 


Q104. - (Topic 5) 

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO). 

A. Availability 

B. Authentication 

C. Integrity 

D. Confidentiality 

E. Encryption 

Answer: B,C 

Q105. - (Topic 4) 

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices? 

A. Single sign-on 

B. Identity propagation 

C. Remote attestation 

D. Secure code review 


Q106. - (Topic 2) 

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome? 

A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation. 

B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased. 

C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. 

D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data. 

E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product. 


Q107. - (Topic 3) 

A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to: 

A. CISO immediately in an exception report. 

B. Users of the new web application system. 

C. The vendor who supplied the web application system. 

D. Team lead in a weekly report. 


Q108. - (Topic 4) 

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the following types of attacks is the user attempting? 

A. XML injection 

B. Command injection 

C. Cross-site scripting 

D. SQL injection 


Q109. - (Topic 2) 

A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Which of the following technologies should the administrator implement to meet these goals? (Select TWO). 

A. LUN masking 

B. Snapshots 

C. vSAN 

D. Dynamic disk pools 

E. Multipath 

F. Deduplication 

Answer: D,E 

Q110. - (Topic 4) 

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company’s flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested. 

The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments. 

The Security Assurance and Development teams highlighted their availability to redo the testing if required. 

Which of the following will provide the MOST thorough testing? 

A. Have the small consulting firm redo the Black box testing. 

B. Use the internal teams to perform Grey box testing. 

C. Use the internal team to perform Black box testing. 

D. Use the internal teams to perform White box testing. 

E. Use a larger consulting firm to perform Black box testing.