Q1. - (Topic 1) 

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this? 

A. Access control lists 

B. SELinux 

C. IPtables firewall 

D. HIPS 

View Answer

Q2. - (Topic 4) 

A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically distributed network. Instrumentation is chosen to allow for monitoring and measuring the network. Which of the following is the BEST methodology to use in establishing this baseline? 

A. Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior. 

B. Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline. 

C. Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic. 

D. Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline. 

View Answer

Q3. - (Topic 1) 

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? 

A. Establish the security control baseline 

B. Build the application according to software development security standards 

C. Review the results of user acceptance testing 

D. Consult with the stakeholders to determine which standards can be omitted 

View Answer

Q4. - (Topic 1) 

Which of the following describes a risk and mitigation associated with cloud data storage? 

A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest 

B. Risk: Offsite replicationMitigation: Multi-site backups 

C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing 

D. Risk: Combined data archivingMitigation: Two-factor administrator authentication 

View Answer

Q5. CORRECT TEXT - (Topic 2) 

Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below: 

User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24 

Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down 

Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. 

Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications. 

Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. 

Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed. 

View Answer

Q6. - (Topic 2) 

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no other security action was taken. 

To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed? 

A. Residual Risk calculation 

B. A cost/benefit analysis 

C. Quantitative Risk Analysis 

D. Qualitative Risk Analysis 

View Answer

Q7. - (Topic 5) 

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented: 

-All business units must now identify IT risks and include them in their business risk profiles. 

-Key controls must be identified and monitored. 

-Incidents and events must be recorded and reported with management oversight. 

-Exemptions to the information security policy must be formally recorded, approved, and managed. 

-IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives. 

In addition to the above, which of the following would BEST help the CIO meet the requirements? 

A. Establish a register of core systems and identify technical service owners 

B. Establish a formal change management process 

C. Develop a security requirement traceability matrix 

D. Document legacy systems to be decommissioned and the disposal process 

View Answer

Q8. - (Topic 5) 

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might be a valid solution if the asset manager’s requirements were supported by current RFID capabilities. Which of the following requirements would be MOST difficult for the asset manager to implement? 

A. The ability to encrypt RFID data in transmission 

B. The ability to integrate environmental sensors into the RFID tag 

C. The ability to track assets in real time as they move throughout the facility 

D. The ability to assign RFID tags a unique identifier 

View Answer

Q9. - (Topic 2) 

VPN users cannot access the active FTP server through the router but can access any server in the data center. 

Additional network information: 

DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11) 

VPN network – 192.168.1.0/24 

Datacenter – 192.168.2.0/24 

User network - 192.168.3.0/24 

HR network – 192.168.4.0/24\ 

Traffic shaper configuration: 

VLAN Bandwidth Limit (Mbps) 

VPN50 

User175 

HR250 

Finance250 

Guest0 

Router ACL: 

ActionSourceDestination 

Permit192.168.1.0/24192.168.2.0/24 

Permit192.168.1.0/24192.168.3.0/24 

Permit192.168.1.0/24192.168.5.0/24 

Permit192.168.2.0/24192.168.1.0/24 

Permit192.168.3.0/24192.168.1.0/24 

Permit192.168.5.1/32192.168.1.0/24 

Deny192.168.4.0/24192.168.1.0/24 

Deny192.168.1.0/24192.168.4.0/24 

Denyanyany 

Which of the following solutions would allow the users to access the active FTP server? 

A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network 

B. Add a permit statement to allow traffic to 192.168.5.1 from the VPN network 

C. IPS is blocking traffic and needs to be reconfigured 

D. Configure the traffic shaper to limit DMZ traffic 

E. Increase bandwidth limit on the VPN network 

View Answer

Q10. - (Topic 4) 

A Linux security administrator is attempting to resolve performance issues with new software installed on several baselined user systems. After investigating, the security administrator determines that the software is not initializing or executing correctly. For security reasons, the company has implemented trusted operating systems with the goal of preventing unauthorized changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is set to: 

A. Enforcing mode with an incorrectly configured policy. 

B. Enforcing mode with no policy configured. 

C. Disabled with a correctly configured policy. 

D. Permissive mode with an incorrectly configured policy. 

View Answer