Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).
A. Passive banner grabbing
B. Password cracker
C.
http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp =packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4
D. 443/tcp open http
E. dig host.company.com
F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length
G. Nmap
Answer: A,F,G
Q2. - (Topic 3)
A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?
A. Data retention policy
B. Business continuity plan
C. Backup and archive processes
D. Electronic inventory
Answer: A
Q3. - (Topic 5)
An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1. Selective sandboxing of suspicious code to determine malicious intent.
2. VoIP handling for SIP and H.323 connections.
3. Block potentially unwanted applications.
Which of the following devices would BEST meet all of these requirements?
A. UTM
B. HIDS
C. NIDS
D. WAF
E. HSM
Answer: A
Q4. - (Topic 4)
A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:
The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).
A. Implement WS-Security for services authentication and XACML for service authorization.
B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users.
E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.
Answer: A,F
Q5. - (Topic 3)
The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?
A. Identity proofing
B. Non-repudiation
C. Key escrow
D. Digital rights management
Answer: B
Q6. - (Topic 3)
Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.
B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.
C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site.
D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.
Answer: C
Q7. - (Topic 2)
A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?
A. Commercially available software packages are typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits.
B. Commercially available software packages are often widely available. Information concerning vulnerabilities is often kept internal to the company that developed the software.
C. Commercially available software packages are not widespread and are only available in limited areas. Information concerning vulnerabilities is often ignored by business managers.
D. Commercially available software packages are well known and widely available. Information concerning vulnerabilities and viable attack patterns are always shared within the IT community.
Answer: B
Q8. - (Topic 3)
Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
A. Purchase the product and test it in a lab environment before installing it on any live system.
B. Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it.
C. Purchase the product and test it on a few systems before installing it throughout the entire company.
D. Use Company A’s change management process during the evaluation of the new product.
Answer: D
Q9. - (Topic 2)
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
A. Apply a hidden field that triggers a SIEM alert
B. Cross site scripting attack
C. Resource exhaustion attack
D. Input a blacklist of all known BOT malware IPs into the firewall
E. SQL injection
F. Implement an inline WAF and integrate into SIEM
G. Distributed denial of service
H. Implement firewall rules to block the attacking IP addresses
Answer: C,F
Q10. - (Topic 4)
During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40% of the desktops do not meet requirements. Which of the following is the cause of the noncompliance?
A. The devices are being modified and settings are being overridden in production.
B. The patch management system is causing the devices to be noncompliant after issuing the latest patches.
C. The desktop applications were configured with the default username and password.
D. 40% of the devices have been compromised.
Answer: A
Q11. - (Topic 1)
A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?
A. Update company policies and procedures
B. Subscribe to security mailing lists
C. Implement security awareness training
D. Ensure that the organization vulnerability management plan is up-to-date
Answer: B
Q12. - (Topic 3)
In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?
A. Creation and secure destruction of mail accounts, emails, and calendar items
B. Information classification, vendor selection, and the RFP process
C. Data provisioning, processing, in transit, at rest, and de-provisioning
D. Securing virtual environments, appliances, and equipment that handle email
Answer: C
Q13. - (Topic 1)
A company is deploying a new iSCSI-based SAN. The requirements are as follows:
Which of the following design specifications meet all the requirements? (Select TWO).
A. Targets use CHAP authentication
B. IPSec using AH with PKI certificates for authentication
C. Fiber channel should be used with AES
D. Initiators and targets use CHAP authentication
E. Fiber channel over Ethernet should be used
F. IPSec using AH with PSK authentication and 3DES
G. Targets have SCSI IDs for authentication
Answer: B,D
Q14. - (Topic 2)
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).
A. Use AES in Electronic Codebook mode
B. Use RC4 in Cipher Block Chaining mode
C. Use RC4 with Fixed IV generation
D. Use AES with cipher text padding
E. Use RC4 with a nonce generated IV
F. Use AES in Counter mode
Answer: E,F
Q15. - (Topic 3)
A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?
A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
B. The Java developers accounted for network latency only for the read portion of the processing and not the write process.
C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.
Answer: D