Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).
A. The email system may become unavailable due to overload.
B. Compliance may not be supported by all smartphones.
C. Equipment loss, theft, and data leakage.
D. Smartphone radios can interfere with health equipment.
E. Data usage cost could significantly increase.
F. Not all smartphones natively support encryption.
G. Smartphones may be used as rogue access points.
Answer: B,C,F
Q2. - (Topic 5)
A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the “big data” platform
Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).
A. Secure storage and transmission of API keys
B. Secure protocols for transmission of log files and search results
C. At least two years retention of log files in case of e-discovery requests
D. Multi-tenancy with RBAC support
E. Sanitizing filters to prevent upload of sensitive log file contents
F. Encrypted storage of all customer log files
Answer: A,B,D
Q3. - (Topic 5)
An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).
A. Implement hashing of data in transit
B. Session recording and capture
C. Disable cross session cut and paste
D. Monitor approved credit accounts
E. User access audit reviews
F. Source IP whitelisting
Answer: C,E,F
Q4. CORRECT TEXT - (Topic 2)
An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner.
Instructions: The last install that is completed will be the final submission.
Answer: Please check the explanation part for full details on solution.
Q5. - (Topic 1)
A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).
A. Managed security service
B. Memorandum of understanding
C. Quality of service
D. Network service provider
E. Operating level agreement
Answer: B,E
Q6. - (Topic 2)
The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed?
A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially.
B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially.
C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%.
D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady.
Answer: B
Q7. - (Topic 5)
A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?
A. Outdated antivirus definitions
B. Insecure wireless
C. Infected USB device
D. SQL injection
Answer: C
Q8. - (Topic 1)
A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).
A. Demonstration of IPS system
B. Review vendor selection process
C. Calculate the ALE for the event
D. Discussion of event timeline
E. Assigning of follow up items
Answer: D,E
Q9. - (Topic 2)
Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:
Delivered-To: customer@example.com
Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500
(envelope-from <IT@company.com>)
Received: by smtpex.example.com (SMTP READY)
with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500 Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500 From: Company <IT@Company.com> To: "customer@example.com" <customer@example.com> Date: Mon, 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
www.examplesite.com
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.
Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).
A. Identify the origination point for malicious activity on the unauthorized mail server.
B. Block port 25 on the firewall for all unauthorized mail servers.
C. Disable open relay functionality.
D. Shut down the SMTP service on the unauthorized mail server.
E. Enable STARTTLS on the spam filter.
Answer: B,D
Q10. - (Topic 1)
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A. The malware file’s modify, access, change time properties.
B. The timeline analysis of the file system.
C. The time stamp of the malware in the swap file.
D. The date/time stamp of the malware detection in the antivirus logs.
Answer: B
Q11. - (Topic 3)
At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly-based IDS about a company database administrator performing unusual transactions. At
10:55 a.m. the security administrator resets the database administrator’s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?
A. The IDS logs are compromised.
B. The new password was compromised.
C. An input validation error has occurred.
D. A race condition has occurred.
Answer: D
Q12. - (Topic 5)
Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. Which of the following would be the advantage of conducting this kind of penetration test?
A. The risk of unplanned server outages is reduced.
B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
D. The results should reflect what attackers may be able to learn about the company.
Answer: D
Q13. - (Topic 3)
After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST?
A. Generate a new public key on both servers.
B. Replace the SSL certificate on dev1.xyz.com.
C. Generate a new private key password for both servers.
D. Replace the SSL certificate on pay.xyz.com.
Answer: D
Q14. - (Topic 1)
An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the
MOST heavily invested in rectifying the problem? (Select THREE).
A. Facilities management
B. Human resources
C. Research and development
D. Programming
E. Data center operations
F. Marketing
G. Information technology
Answer: A,E,G
Q15. - (Topic 4)
Which of the following BEST describes the implications of placing an IDS device inside or outside of the corporate firewall?
A. Placing the IDS device inside the firewall will allow it to monitor potential internal attacks but may increase the load on the system.
B. Placing the IDS device outside the firewall will allow it to monitor potential remote attacks while still allowing the firewall to block the attack.
C. Placing the IDS device inside the firewall will allow it to monitor potential remote attacks but may increase the load on the system.
D. Placing the IDS device outside the firewall will allow it to monitor potential remote attacks but the firewall will not be able to block the attacks.
Answer: B