Q221. - (Topic 1) 

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented? 

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues 

B. Improper handling of client data, interoperability agreement issues and regulatory issues 

C. Cultural differences, increased cost of doing business and divestiture issues 

D. Improper handling of customer data, loss of intellectual property and reputation damage 


Q222. - (Topic 2) 

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations? 

A. Back office database 

B. Asset tracking 

C. Geo-fencing 

D. Barcode scanner 


Q223. - (Topic 2) 

Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors? 

A. Establish a cloud-based authentication service that supports SAML. 

B. Implement a new Diameter authentication server with read-only attestation. 

C. Install a read-only Active Directory server in the corporate DMZ for federation. 

D. Allow external connections to the existing corporate RADIUS server. 


Q224. - (Topic 2) 

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement? 

A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account. 

B. Perform an e-discover using the applicable search terms. Next, back up the user's email for a future investigation. 

C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails. 

D. Perform a back up of the user's email account. Next, export the applicable emails that match the search terms. 


Q225. - (Topic 3) 

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur? 

A. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request. 

B. Inform the litigators that the CIOs information has been deleted as per corporate policy. 

C. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation. 

D. Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date. 


Q226. - (Topic 1) 

A company is deploying a new iSCSI-based SAN. The requirements are as follows: 

Which of the following design specifications meet all the requirements? (Select TWO). 

A. Targets use CHAP authentication 

B. IPSec using AH with PKI certificates for authentication 

C. Fiber channel should be used with AES 

D. Initiators and targets use CHAP authentication 

E. Fiber channel over Ethernet should be used 

F. IPSec using AH with PSK authentication and 3DES 

G. Targets have SCSI IDs for authentication 

Answer: B,D 

Q227. - (Topic 2) 

An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are: 

1. Each lab must be on a separate network segment. 

2. Labs must have access to the Internet, but not other lab networks. 

3. Student devices must have network access, not simple access to hosts on the lab networks. 

4. Students must have a private certificate installed before gaining access. 

5. Servers must have a private certificate installed locally to provide assurance to the students. 

6. All students must use the same VPN connection profile. 

Which of the following components should be used to achieve the design in conjunction with directory services? 

A. L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment 

B. SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on routing equipment 

C. IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment 

D. Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment 


Q228. - (Topic 5) 

A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract’s SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment. Which of the following approaches presents the MOST risk to the security assessment? 

A. The security manager reviews the system description for the previous accreditation, but does not review application change records. 

B. The security manager decides to use the previous SRTM without reviewing the system description. 

C. The security manager hires an administrator from the previous contract to complete the assessment. 

D. The security manager does not interview the vendor to determine if the system description is accurate. 


Q229. - (Topic 1) 

A new piece of ransomware got installed on a company’s backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern? 

A. Determining how to install HIPS across all server platforms to prevent future incidents 

B. Preventing the ransomware from re-infecting the server upon restore 

C. Validating the integrity of the deduplicated data 

D. Restoring the data will be difficult without the application configuration 


Q230. - (Topic 4) 

An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization’s new web services gateway. All rendering of the content is performed on the mobile application. 

The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO? 

A. A registration process is implemented to have a random number stored on the client. 

B. The identity is passed between the applications as a HTTP header over REST. 

C. Local storage of the authenticated token on the mobile application is secured. 

D. Attestation of the XACML payload to ensure that the client is authorized.