Q1. - (Topic 3) 

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator? 

A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ. 

B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ. 

C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks. 

D. Enable ESP on the internal network, and place NIPS on both networks. 


Q2. - (Topic 4) 

Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two company’s networks, application, and several basic services. 

The initial integration of the two companies has specified the following requirements: 

Which of the following network security solutions will BEST meet the above requirements? 

A. Place a Company ABC managed firewall in Company XYZ’s hub site; then place Company ABC’s file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABC’s business partner firewalls are opened up for web intranet access and other required services. 

B. Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access. 

C. Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access. 

D. Place file, print, secure FTP server and authentication domain servers at Company XYZ’s hub site. Open up Company ABC’s business partner firewall to permit access to ABC’s web intranet access and other required services. 


Q3. - (Topic 4) 

Which of the following is an example of single sign-on? 

A. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms. 

B. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application. 

C. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform. 

D. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications. 


Q4. - (Topic 1) 

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO). 

A. Add guests with more memory to increase capacity of the infrastructure. 

B. A backup is running on the thin clients at 9am every morning. 

C. Install more memory in the thin clients to handle the increased load while booting. 

D. Booting all the lab desktops at the same time is creating excessive I/O. 

E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity. 

F. Install faster SSD drives in the storage system used in the infrastructure. 

G. The lab desktops are saturating the network while booting. 

H. The lab desktops are using more memory than is available to the host systems. 

Answer: D,F 

Q5. - (Topic 5) 

An administrator’s company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organization’s security manager to prevent an authorized user from conducting internal reconnaissance on the organization’s network? (Select THREE). 

A. Network file system 

B. Disable command execution 

C. Port security 


E. Search engine reconnaissance 


G. BIOS security 


I. IdM 

Answer: B,G,I 

Q6. - (Topic 3) 

Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users? 

A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking. 

B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site. 

C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site. 

D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site. 


Q7. - (Topic 5) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 


Q8. - (Topic 5) 

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? 

A. Implement an IPS to block the application on the network 

B. Implement the remote application out to the rest of the servers 

C. Implement SSL VPN with SAML standards for federation 

D. Implement an ACL on the firewall with NAT for remote access 


Q9. - (Topic 4) 

A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met: 

1. Ability to log entry of all employees in and out of specific areas 

2. Access control into and out of all sensitive areas 

3. Two-factor authentication 

Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO). 

A. Proximity readers 

B. Visitor logs 

C. Biometric readers 

D. Motion detection sensors 

E. Mantrap 

Answer: A,C 

Q10. - (Topic 3) 

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network? 

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access. 

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments. 

C. Provide sales staff with a separate laptop with no administrator access just for sales visits. 

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.