New Questions 10

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:

The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway.

Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).

A. Implement WS-Security for services authentication and XACML for service authorization.

B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.

C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.

D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users.

E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.

F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.

View Answer

New Questions 11

An administrator receives a notification from legal that an investigation is being performed on members of the finance department. As a precaution, legal has advised a legal hold on all documents for an unspecified period of time. Which of the following policies will MOST likely be violated? (Select TWO).

A. Data Storage Policy

B. Data Retention Policy

C. Corporate Confidentiality Policy

D. Data Breach Mitigation Policy

E. Corporate Privacy Policy

View Answer

New Questions 12

A corporation implements a mobile device policy on smartphones that utilizes a white list for allowed applications. Recently, the security administrator notices that a consumer cloud based storage application has been added to the mobile device white list. Which of the following security implications should the security administrator cite when recommending the applicationu2021s removal from the white list?

A. Consumer cloud storage systems retain local copies of each file on the smartphone, as well as in the cloud, causing a potential data breach if the phone is lost or stolen.

B. Smartphones can export sensitive data or import harmful data with this application causing the potential for DLP or malware issues.

C. Consumer cloud storage systems could allow users to download applications to the smartphone. Installing applications this way would circumvent the application white list.

D. Smartphones using consumer cloud storage are more likely to have sensitive data remnants on them when they are repurposed.

View Answer

New Questions 13

A security administrator was doing a packet capture and noticed a system communicating with an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?

A. Investigate the network traffic and block UDP port 3544 at the firewall

B. Remove the system from the network and disable IPv6 at the router

C. Locate and remove the unauthorized 6to4 relay from the network

D. Disable the switch port and block the 2001::/32 traffic at the firewall

View Answer

New Questions 14

During a software development project review, the cryptographic engineer advises the project manager that security can be greatly improved by significantly slowing down the runtime of a hashing algorithm and increasing the entropy by passing the input and salt back during each iteration. Which of the following BEST describes what the engineer is trying to achieve?

A. Monoalphabetic cipher

A. B. Confusion

C. Root of trust

D. Key stretching

E. Diffusion

View Answer

New Questions 15

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:

user@hostname:~$ sudo nmap u2013O 192.168.1.54

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778

Based on this information, which of the following operating systems is MOST likely running on the unknown node?

A. Linux

A. B. Windows

C. Solaris

D. OSX

View Answer

New Questions 16

Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?

A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic.

B. Determine the necessary data flows between the two companies.

C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.

D. Implement inline NIPS on the connection points between the two companies.

View Answer

New Questions 17

Two universities are making their 802.11n wireless networks available to the other universityu2021s students. The infrastructure will pass the studentu2021s credentials back to the home school for authentication via the Internet.

The requirements are:

Mutual authentication of clients and authentication server

The design should not limit connection speeds Authentication must be delegated to the home school No passwords should be sent unencrypted

The following design was implemented:

WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority

A strong shared secret will be used for RADIUS server authentication

Which of the following security considerations should be added to the design?

A. The transport layer between the RADIUS servers should be secured

B. WPA Enterprise should be used to decrease the network overhead

C. The RADIUS servers should have local accounts for the visiting students

D. Students should be given certificates to use for authentication to the network

View Answer

New Questions 18

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.

B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.

C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.

D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

View Answer

New Questions 19

Which of the following is an example of single sign-on?

A. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.

B. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application.

C. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform.

D. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications.

View Answer