Q61. - (Topic 4)
A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO).
A. Data signing
C. Perfect forward secrecy
E. Data vaulting
G. Lock and key
Q62. - (Topic 4)
A security administrator is tasked with securing a company's headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users' email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO's goals while providing maximum unified communications security?
A. Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.
B. Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP
C. Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.
D. Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.
Q63. - (Topic 2)
An employee is performing a review of the organization’s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?
Q64. - (Topic 4)
An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives?
C. ISO 27002
Q65. - (Topic 3)
Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?
A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.
B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.
C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.
D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.
Q66. - (Topic 5)
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Q67. - (Topic 3)
A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?
D. 5 Answer: D
Q68. - (Topic 5)
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or “undo” features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
Q69. - (Topic 3)
At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly-based IDS about a company database administrator performing unusual transactions. At
10:55 a.m. the security administrator resets the database administrator’s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?
A. The IDS logs are compromised.
B. The new password was compromised.
C. An input validation error has occurred.
D. A race condition has occurred.
Q70. - (Topic 5)
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?
A. Integer overflow
C. Race condition
D. SQL injection
E. Use after free
F. Input validation