Question No: 11

A company Chief Information Officer (CIO) is unsure which set of standards should govern

the companyu2021s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company.

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company.

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.

D. Issue a RFI for vendors to determine which set of security standards is best for the company.

View Answer

Question No: 12

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the companyu2021s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

A. Block traffic from the ISPu2021s networks destined for blacklisted IPs.

B. Prevent the ISPu2021s customers from querying DNS servers other than those hosted by the ISP.

C. Scan the ISPu2021s customer networks using an up-to-date vulnerability scanner.

D. Notify customers when services they run are involved in an attack.

E. Block traffic with an IP source not allocated to customers from exiting the ISP's network.

View Answer

Question No: 13

The following has been discovered in an internally developed application:

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) {

*myBuffer = STRING_WELCOME_MESSAGE; printf(u201cWelcome to: %snu201d, myBuffer);

}

exit(0);

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).

A. Static code analysis

B. Memory dumping

C. Manual code review

D. Application sandboxing

E. Penetration testing

F. Black box testing

View Answer

Question No: 14

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

A. Agile

B. Waterfall

C. Scrum

D. Spiral

View Answer

Question No: 15

A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.

B. A DLP gateway should be installed at the company border.

C. Strong authentication should be implemented via external biometric devices.

D. Full-tunnel VPN should be required for all network communication.

E. Full-drive file hashing should be implemented with hashes stored on separate storage.

A. F. Split-tunnel VPN should be enforced when transferring sensitive data.

View Answer

Question No: 16

The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).

A. SIMu2021s PIN

B. Remote wiping

C. Chargeback system

D. MDM software

E. Presence software

F. Email profiles

A. G. Identity attestation

H. GPS tracking

View Answer

Question No: 17

After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?

A. The binary files used by the application have been modified by malware.

B. The application is unable to perform remote attestation due to blocked ports.

C. The restored image backup was encrypted with the wrong key.

D. The hash key summary of hardware and installed software no longer match.

View Answer

Question No: 18

A network engineer wants to deploy user-based authentication across the companyu2021s wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each useru2021s network access be controlled based on the useru2021s role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO).

A. SAML

B. WAYF

C. LDAP

D. RADIUS

E. Shibboleth

F. PKI

View Answer

Question No: 19

A company sales manager received a memo from the companyu2021s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial departmentu2021s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?

A. Discuss the issue with the software product's user groups

B. Consult the companyu2021s legal department on practices and law

C. Contact senior finance management and provide background information

D. Seek industry outreach for software practices and law

View Answer

Question No: 20

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?

A. Software-based root of trust

B. Continuous chain of trust

C. Chain of trust with a hardware root of trust

D. Software-based trust anchor with no root of trust

View Answer