Q1. - (Topic 3) 

A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO). 

A. The company must dedicate specific staff to act as social media representatives of the company. 

B. All staff needs to be instructed in the proper use of social media in the work environment. 

C. Senior staff blogs should be ghost written by marketing professionals. 

D. The finance department must provide a cost benefit analysis for social media. 

E. The security policy needs to be reviewed to ensure that social media policy is properly implemented. 

F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic. 

View Answer

Q2. - (Topic 1) 

Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet. 

The requirements are: 

The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority 

A strong shared secret will be used for RADIUS server authentication 

Which of the following security considerations should be added to the design? 

A. The transport layer between the RADIUS servers should be secured 

B. WPA Enterprise should be used to decrease the network overhead 

C. The RADIUS servers should have local accounts for the visiting students 

D. Students should be given certificates to use for authentication to the network 

View Answer

Q3. - (Topic 4) 

A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? 

A. Require all development to follow secure coding practices. 

B. Require client-side input filtering on all modifiable fields. 

C. Escape character sequences at the application tier. 

D. Deploy a WAF with application specific signatures. 

View Answer

Q4. - (Topic 2) 

A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues? 

A. A separate physical interface placed on a private VLAN should be configured for live host operations. 

B. Database record encryption should be used when storing sensitive information on virtual servers. 

C. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data. 

D. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network. 

View Answer

Q5. - (Topic 2) 

Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO). 

A. Synchronous copy of data 

B. RAID configuration 

C. Data de-duplication 

D. Storage pool space allocation 

E. Port scanning 

F. LUN masking/mapping 

G. Port mapping 

View Answer

Q6. - (Topic 5) 

A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand? 

A. Threat actor types, threat actor motivation, and attack tools 

B. Unsophisticated agents, organized groups, and nation states 

C. Threat actor types, attack sophistication, and the anatomy of an attack 

D. Threat actor types, threat actor motivation, and the attack impact 

View Answer

Q7. - (Topic 4) 

An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization’s new web services gateway. All rendering of the content is performed on the mobile application. 

The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO? 

A. A registration process is implemented to have a random number stored on the client. 

B. The identity is passed between the applications as a HTTP header over REST. 

C. Local storage of the authenticated token on the mobile application is secured. 

D. Attestation of the XACML payload to ensure that the client is authorized. 

View Answer

Q8. - (Topic 5) 

A security manager is concerned about performance and patch management, and, as a result, wants to implement a virtualization strategy to avoid potential future OS vulnerabilities in the host system. The IT manager wants a strategy that would provide the hypervisor with direct communications with the underlying physical hardware allowing the hardware resources to be paravirtualized and delivered to the guest machines. Which of the following recommendations from the server administrator BEST meets the IT and security managers’ requirements? (Select TWO). 

A. Nested virtualized hypervisors 

B. Type 1 hypervisor 

C. Hosted hypervisor with a three layer software stack 

D. Type 2 hypervisor 

E. Bare metal hypervisor with a software stack of two layers 

View Answer

Q9. - (Topic 4) 

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations? 

A. vTPM 

B. HSM 

C. TPM 

D. INE 

View Answer

Q10. - (Topic 4) 

Two storage administrators are discussing which SAN configurations will offer the MOST confidentiality. Which of the following configurations would the administrators use? (Select TWO). 

A. Deduplication 

B. Zoning 

C. Snapshots 

D. Multipathing 

E. LUN masking 

View Answer