Q1. - (Topic 4) 

Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned. Which of the following is the reason for wiping the SAN LUNs? 

A. LUN masking will prevent the next server from accessing the LUNs. 

B. The data may be replicated to other sites that are not as secure. 

C. Data remnants remain on the LUN that could be read by other servers. 

D. The data is not encrypted during transport. 

View Answer

Q2. - (Topic 1) 

Which of the following provides the BEST risk calculation methodology? 

A. Annual Loss Expectancy (ALE) x Value of Asset 

B. Potential Loss x Event Probability x Control Failure Probability 

C. Impact x Threat x Vulnerability 

D. Risk Likelihood x Annual Loss Expectancy (ALE) 

View Answer

Q3. - (Topic 4) 

Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct? 

A. Only security related alerts should be forwarded to the network team for resolution. 

B. All logs must be centrally managed and access to the logs restricted only to data storage staff. 

C. Logging must be set appropriately and alerts delivered to security staff in a timely manner. 

D. Critical logs must be monitored hourly and adequate staff must be assigned to the network team. 

View Answer

Q4. - (Topic 1) 

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management? 

A. Guest users could present a risk to the integrity of the company’s information 

B. Authenticated users could sponsor guest access that was previously approved by management 

C. Unauthenticated users could present a risk to the confidentiality of the company’s information 

D. Meeting owners could sponsor guest access if they have passed a background check 

View Answer

Q5. - (Topic 1) 

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company’s online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation? 

A. $60,000 

B. $100,000 

C. $140,000 

D. $200,000 

View Answer

Q6. - (Topic 2) 

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology? 

A. Insider threat 

B. Network reconnaissance 

C. Physical security 

D. Industrial espionage 

View Answer

Q7. - (Topic 1) 

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? 

A. Least privilege 

B. Job rotation 

C. Mandatory vacation 

D. Separation of duties 

View Answer

Q8. - (Topic 3) 

The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent? 

A. Identity proofing 

B. Non-repudiation 

C. Key escrow 

D. Digital rights management 

View Answer

Q9. - (Topic 2) 

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome? 

A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation. 

B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased. 

C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. 

D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data. 

E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product. 

View Answer

Q10. - (Topic 2) 

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? 

A. Revise the corporate policy to include possible termination as a result of violations 

B. Increase the frequency and distribution of the USB violations report 

C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense 

D. Implement group policy objects 

View Answer