Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability?
A. Source code vulnerability scanning
B. Time-based access control lists
C. ISP to ISP network jitter
D. File-size validation
E. End to end network encryption
Answer: B
Q2. - (Topic 3)
A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task?
A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
B. Implement server virtualization and move the application from the desktop to the server.
C. Implement VDI and disable hardware and storage mapping from the thin client.
D. Move the critical applications to a private cloud and disable VPN and tunneling.
Answer: C
Q3. - (Topic 5)
The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?
A. hash = sha512(password + salt);for (k = 0; k < 4000; k++) {hash = sha512 (hash);}
B. hash = md5(password + salt);for (k = 0; k < 5000; k++) {hash = md5 (hash);}
C. hash = sha512(password + salt);for (k = 0; k < 3000; k++) {hash = sha512 (hash + password + salt);}
D. hash1 = sha1(password + salt);hash = sha1 (hash1);
Answer: C
Q4. - (Topic 5)
Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?
A. Block in-bound connections to the company’s NTP servers.
B. Block IPs making monlist requests.
C. Disable the company’s NTP servers.
D. Disable monlist on the company’s NTP servers.
Answer: D
Q5. - (Topic 4)
A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Knowing this, which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important?
A. Insecure direct object references, CSRF, Smurf
B. Privilege escalation, Application DoS, Buffer overflow
C. SQL injection, Resource exhaustion, Privilege escalation
D. CSRF, Fault injection, Memory leaks
Answer: A
Q6. - (Topic 5)
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Answer: A,D
Q7. - (Topic 4)
A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life.
The two initial migrations include:
Which of the following should the security consultant recommend based on best practices?
A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.
B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.
C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.
D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.
Answer: C
Q8. - (Topic 1)
There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?
A. 92.24 percent
B. 98.06 percent
C. 98.34 percent
D. 99.72 percent
Answer: C
Q9. - (Topic 1)
Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?
A. Enable multipath to increase availability
B. Enable deduplication on the storage pools
C. Implement snapshots to reduce virtual disk size
D. Implement replication to offsite datacenter
Answer: B
Q10. - (Topic 3)
The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year’s worth of email records on the server and is now concerned about the possible legal implications of not complying with the request. Which of the following should the security administrator check BEFORE responding to the request?
A. The company data privacy policies
B. The company backup logs and archives
C. The company data retention policies and guidelines
D. The company data retention procedures
Answer: B
Q11. - (Topic 5)
The sales team is considering the deployment of a new CRM solution within the enterprise. The IT and Security teams are members of the project; however, neither team has expertise or experience with the proposed system. Which of the following activities should be performed FIRST?
A. Visit a company who already has the technology, sign an NDA, and read their latest risk assessment.
B. Contact the top vendor, assign IT and Security to work together to implement a demo and pen test the system.
C. Work with Finance to do a second ROI calculation before continuing further with the project.
D. Research the market, select the top vendors and solicit RFPs from those vendors.
Answer: D
Q12. - (Topic 5)
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).
A. Block traffic from the ISP’s networks destined for blacklisted IPs.
B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network.
D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
E. Notify customers when services they run are involved in an attack.
Answer: C,E
Q13. - (Topic 3)
Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?
A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.
B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.
C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.
D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.
Answer: D
Q14. - (Topic 5)
An internal committee comprised of the facilities manager, the physical security manager, the network administrator, and a member of the executive team has been formed to address a recent breach at a company’s data center. It was discovered that during the breach, an HVAC specialist had gained entry to an area that contained server farms holding sensitive financial data. Although the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be provided for the two entry and exit points for the server farm. Which of the following should be implemented to accomplish the recommendations of the investigation?
A. Implement a policy that all non-employees should be escorted in the data center.
B. Place a mantrap at the points with biometric security.
C. Hire an HVAC person for the company, eliminating the need for external HVAC people.
D. Implement CCTV cameras at both points.
Answer: B
Q15. - (Topic 3)
An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?
A. The IDS generated too many false negatives.
B. The attack occurred after hours.
C. The IDS generated too many false positives.
D. No one was reviewing the IDS event logs.
Answer: D