New Questions 1

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

A. Configure a firewall with deep packet inspection that restricts traffic to the systems

B. Configure a separate zone for the systems and restrict access to known ports

C. Configure the systems to ensure only necessary applications are able to run

D. Configure the host firewall to ensure only the necessary applications have listening ports

View Answer

New Questions 2

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?

A. Interconnection Security Agreement

B. Memorandum of Understanding

C. Business Partnership Agreement

D. Non-Disclosure Agreement

View Answer

New Questions 3

Company A has a remote work force that often includes independent contractors and out of state full time employees.

Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:

Which of the following solutions should the security engineer recommend to meet the MOST goals?

A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.

B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.

C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.

D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server

A. Gateway, use remote installation services to standardize application on useru2021s laptops.

View Answer

New Questions 4

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end- to-end?

A. Creation and secure destruction of mail accounts, emails, and calendar items

B. Information classification, vendor selection, and the RFP process

C. Data provisioning, processing, in transit, at rest, and de-provisioning

D. Securing virtual environments, appliances, and equipment that handle email

View Answer

New Questions 5

The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designeru2021s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?

Linux Server: 192.168.10.10/24 Mac Laptop: 192.168.10.200/24

A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.

C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.

D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.

View Answer

New Questions 6

The IT Security Analyst for a small organization is working on a customeru2021s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?

A. Contact the local authorities so an investigation can be started as quickly as possible.

B. Shut down the production network interfaces on the server and change all of the DBMS account passwords.

C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.

D. Refer the issue to management for handling according to the incident response process.

View Answer

New Questions 7

Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?

A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.

B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.

C. Port security on switches, point to point VPN tunnels for user server connections, two- factor cryptographic authentication, physical locks, and a standby hot site.

D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.

View Answer

New Questions 8

Company XYZ recently acquired a manufacturing plant from Company ABC which uses a different manufacturing ICS platform. Company XYZ has strict ICS security regulations while Company ABC does not. Which of the following approaches would the network security administrator for Company XYZ MOST likely proceed with to integrate the new manufacturing plant?

A. Conduct a network vulnerability assessment of acquired plant ICS platform and correct all identified flaws during integration.

B. Convert the acquired plant ICS platform to the Company XYZ standard ICS platform solely to eliminate potential regulatory conflicts.

C. Conduct a risk assessment of the acquired plant ICS platform and implement any necessary or required controls during integration.

D. Require Company ABC to bring their ICS platform into regulatory compliance prior to integrating the new plant into Company XYZu2021s network.

View Answer

New Questions 9

Company A needs to export sensitive data from its financial system to company Bu2021s database, using company Bu2021s API in an automated manner. Company Au2021s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company Au2021s financial system and company Bu2021s destination server using the supplied API. Additionally, company Au2021s legacy financial software does not support encryption, while company Bu2021s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

A. Company A must install an SSL tunneling service on the financial system.

B. Company Au2021s security administrator should use an HTTPS capable browser to transfer the data.

C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.

A. D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.

View Answer

New Questions 10

A corporation has expanded for the first time by integrating several newly acquired businesses.

Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).

A. Remove acquired companies Internet access.

B. Federate identity management systems.

C. Install firewalls between the businesses.

D. Re-image all end user computers to a standard image.

E. Develop interconnection policy.

F. Conduct a risk analysis of each acquired companyu2021s networks.

View Answer