Q131. - (Topic 2) 

A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection? 

A. Implement an Acceptable Use Policy which addresses malware downloads. 

B. Deploy a network access control system with a persistent agent. 

C. Enforce mandatory security awareness training for all employees and contractors. 

D. Block cloud-based storage software on the company network. 

Answer:


Q132. - (Topic 4) 

In developing a new computing lifecycle process for a large corporation, the security team is developing the process for decommissioning computing equipment. In order to reduce the potential for data leakage, which of the following should the team consider? (Select TWO). 

A. Erase all files on drive 

B. Install of standard image 

C. Remove and hold all drives 

D. Physical destruction 

E. Drive wipe 

Answer: D,E 


Q133. - (Topic 1) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19: 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 

Answer:


Q134. - (Topic 4) 

An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the package cannot be installed because no GPG key is found. Which of the following should the administrator perform to allow the program to be installed? 

A. Download the file from the program publisher's website. 

B. Generate RSA and DSA keys using GPG. 

C. Import the repository's public key. 

D. Run sha1sum and verify the hash. 

Answer:


Q135. - (Topic 1) 

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test? 

A. Test password complexity of all login fields and input validation of form fields 

B. Reverse engineering any thick client software that has been provided for the test 

C. Undertaking network-based denial of service attacks in production environment 

D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks 

E. Running a vulnerability scanning tool to assess network and host weaknesses 

Answer:


Q136. - (Topic 3) 

An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management? 

A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware. 

B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware. 

C. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management. 

D. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency. 

Answer:


Q137. - (Topic 3) 

A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible. 

Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes. 

Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff? 

A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts. 

B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts. 

C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network. 

D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts. 

Answer:


Q138. - (Topic 5) 

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). 

A. Physical penetration test of the datacenter to ensure there are appropriate controls. 

B. Penetration testing of the solution to ensure that the customer data is well protected. 

C. Security clauses are implemented into the contract such as the right to audit. 

D. Review of the organizations security policies, procedures and relevant hosting certifications. 

E. Code review of the solution to ensure that there are no back doors located in the software. 

Answer: C,D 


Q139. - (Topic 2) 

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred? 

A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data. 

B. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment. 

C. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access. 

D. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk. 

Answer:


Q140. - (Topic 2) 

A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity? 

A. RDP server 

B. Client-based VPN 

C. IPSec 

D. Jump box 

E. SSL VPN 

Answer: