Q1. - (Topic 1) 

There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month? 

A. 92.24 percent 

B. 98.06 percent 

C. 98.34 percent 

D. 99.72 percent 

View Answer

Q2. - (Topic 2) 

A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de-merger. From a high-level perspective, which of the following BEST provides the procedure that the consultant should follow? 

A. Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests. 

B. Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline. 

C. Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well versed in corporate law. 

D. Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective. 

View Answer

Q3. - (Topic 5) 

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager’s requirements, which of the following types of IPS products would be BEST suited for use in this situation? 

A. Signature-based 

B. Rate-based 

C. Anomaly-based 

D. Host-based 

View Answer

Q4. - (Topic 3) 

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action? 

A. Notify the transaction system vendor of the security vulnerability that was discovered. 

B. Use a protocol analyzer to reverse engineer the transaction system’s protocol. 

C. Contact the computer science students and threaten disciplinary action if they continue their actions. 

D. Install a NIDS in front of all the transaction system terminals. 

View Answer

Q5. - (Topic 4) 

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO). 

A. Code review 

B. Sandbox 

C. Local proxy 

D. Fuzzer 

E. Web vulnerability scanner 

View Answer

Q6. - (Topic 1) 

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements? 

A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator. 

B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud. 

C. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change control team. 

D. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware. 

View Answer

Q7. - (Topic 2) 

Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO). 

A. Synchronous copy of data 

B. RAID configuration 

C. Data de-duplication 

D. Storage pool space allocation 

E. Port scanning 

F. LUN masking/mapping 

G. Port mapping 

View Answer

Q8. - (Topic 4) 

The security administrator is reviewing the business continuity plan which consists of virtual infrastructures at corporate headquarters and at the backup site. The administrator is concerned that the VLAN used to perform live migrations of virtual machines to the backup site is across the network provider’s MPLS network. This is a concern due to which of the following? 

A. The hypervisor virtual switches only support Q-in-Q VLANS, not MPLS. This may cause live migrations to the backup site to fail. 

B. VLANs are not compatible with MPLS, which may cause intermittent failures while performing live migrations virtual machines during a disaster. 

C. Passwords are stored unencrypted in memory, which are then transported across the MPLS network. 

D. Transport encryption is being used during the live migration of virtual machines which will impact the performance of the MPLS network. 

View Answer

Q9. - (Topic 3) 

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO). 

A. Periodic key changes once the initial keys are established between the DNS name servers. 

B. Secure exchange of the key values between the two DNS name servers. 

C. A secure NTP source used by both DNS name servers to avoid message rejection. 

D. DNS configuration files on both DNS name servers must be identically encrypted. 

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers. 

View Answer

Q10. - (Topic 1) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? 

A. Agile 

B. Waterfall 

C. Scrum 

D. Spiral 

View Answer