Q1. - (Topic 5) 

An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization’s technology? 

A. An operational level agreement 

B. An interconnection security agreement 

C. A non-disclosure agreement 

D. A service level agreement 

View Answer

Q2. - (Topic 1) 

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations? 

A. vTPM 

B. HSM 

C. TPM 

D. INE 

View Answer

Q3. - (Topic 1) 

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO). 

A. Retrieve source system image from backup and run file comparison analysis on the two images. 

B. Parse all images to determine if extra data is hidden using steganography. 

C. Calculate a new hash and compare it with the previously captured image hash. 

D. Ask desktop support if any changes to the images were made. 

E. Check key system files to see if date/time stamp is in the past six months. 

View Answer

Q4. - (Topic 2) 

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? 

A. Isolate the system on a secure network to limit its contact with other systems 

B. Implement an application layer firewall to protect the payroll system interface 

C. Monitor the system’s security log for unauthorized access to the payroll application 

D. Perform reconciliation of all payroll transactions on a daily basis 

View Answer

Q5. - (Topic 1) 

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials? 

A. Ensure the SaaS provider supports dual factor authentication. 

B. Ensure the SaaS provider supports encrypted password transmission and storage. 

C. Ensure the SaaS provider supports secure hash file exchange. 

D. Ensure the SaaS provider supports role-based access control. 

E. Ensure the SaaS provider supports directory services federation. 

View Answer

Q6. - (Topic 5) 

An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements: 

1. Selective sandboxing of suspicious code to determine malicious intent. 

2. VoIP handling for SIP and H.323 connections. 

3. Block potentially unwanted applications. 

Which of the following devices would BEST meet all of these requirements? 

A. UTM 

B. HIDS 

C. NIDS 

D. WAF 

E. HSM 

View Answer

Q7. - (Topic 1) 

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable? 

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. 

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. 

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. 

D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. 

View Answer

Q8. - (Topic 1) 

An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO). 

A. The company’s IDS signatures were not updated. 

B. The company’s custom code was not patched. 

C. The patch caused the system to revert to http. 

D. The software patch was not cryptographically signed. 

E. The wrong version of the patch was used. 

F. Third-party plug-ins were not patched. 

View Answer

Q9. - (Topic 2) 

A company has noticed recently that its corporate information has ended up on an online forum. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO). 

A. Implement a URL filter to block the online forum 

B. Implement NIDS on the desktop and DMZ networks 

C. Security awareness compliance training for all employees 

D. Implement DLP on the desktop, email gateway, and web proxies 

E. Review of security policies and procedures 

View Answer

Q10. - (Topic 2) 

A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the following is the MOST appropriate? 

A. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime. 

B. The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. In addition, compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure. 

C. Outsourcing transfers all the risk to the third party. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. 

D. Outsourcing transfers the risk to the third party, thereby minimizing the cost and any legal obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly. 

View Answer