Q11. - (Topic 1) 

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration? 

A. Virtualize the web servers locally to add capacity during registration. 

B. Move the database servers to an elastic private cloud while keeping the web servers local. 

C. Move the database servers and web servers to an elastic private cloud. 

D. Move the web servers to an elastic public cloud while keeping the database servers local. 


Q12. - (Topic 1) 

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary? 

A. The corporate network is the only network that is audited by regulators and customers. 

B. The aggregation of employees on a corporate network makes it a more valuable target for attackers. 

C. Home networks are unknown to attackers and less likely to be targeted directly. 

D. Employees are more likely to be using personal computers for general web browsing when they are at home. 


Q13. - (Topic 5) 

A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction? 

A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival. 

D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival. 


Q14. - (Topic 2) 

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow? 

A. File system information, swap files, network processes, system processes and raw disk blocks. 

B. Raw disk blocks, network processes, system processes, swap files and file system information. 

C. System processes, network processes, file system information, swap files and raw disk blocks. 

D. Raw disk blocks, swap files, network processes, system processes, and file system information. 


Q15. - (Topic 2) 

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. 

Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO). 

A. Static and dynamic analysis is run as part of integration 

B. Security standards and training is performed as part of the project 

C. Daily stand-up meetings are held to ensure security requirements are understood 

D. For each major iteration penetration testing is performed 

E. Security requirements are story boarded and make it into the build 

F. A security design is performed at the end of the requirements phase 

Answer: A,D 

Q16. - (Topic 5) 

The audit department at a company requires proof of exploitation when conducting internal network penetration tests. Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system? 

A. Provide a list of grabbed service banners. 

B. Modify a file on the system and include the path in the test’s report. 

C. Take a packet capture of the test activity. 

D. Add a new test user account on the system. 


Q17. - (Topic 1) 

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important? 

A. What are the protections against MITM? 

B. What accountability is built into the remote support application? 

C. What encryption standards are used in tracking database? 

D. What snapshot or “undo” features are present in the application? 

E. What encryption standards are used in remote desktop and file transfer functionality? 


Q18. - (Topic 5) 

During a software development project review, the cryptographic engineer advises the project manager that security can be greatly improved by significantly slowing down the runtime of a hashing algorithm and increasing the entropy by passing the input and salt back during each iteration. Which of the following BEST describes what the engineer is trying to achieve? 

A. Monoalphabetic cipher 

B. Confusion 

C. Root of trust 

D. Key stretching 

E. Diffusion 


Q19. - (Topic 5) 

A company wishes to purchase a new security appliance. A security administrator has extensively researched the appliances, and after presenting security choices to the company’s management team, they approve of the proposed solution. Which of the following documents should be constructed to acquire the security appliance? 






Q20. - (Topic 5) 

A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance? 

A. Tape backup policies 

B. Offsite backup policies 

C. Data retention policies 

D. Data loss prevention policies