Q1. - (Topic 1) 

A security manager has received the following email from the Chief Financial Officer (CFO): 

“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?” 

Based on the information provided, which of the following would be the MOST appropriate response to the CFO? 

A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed. 

B. Allow VNC access to corporate desktops from personal computers for the users working from home. 

C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home. 

D. Work with the executive management team to revise policies before allowing any remote access. 

View Answer

Q2. - (Topic 3) 

An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management? 

A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware. 

B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware. 

C. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management. 

D. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency. 

View Answer

Q3. - (Topic 5) 

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO). 

A. Demonstration of IPS system 

B. Review vendor selection process 

C. Calculate the ALE for the event 

D. Discussion of event timeline 

E. Assigning of follow up items 

View Answer

Q4. - (Topic 2) 

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE? 

A. $6,000 

B. $24,000 

C. $30,000 

D. $96,000 

View Answer

Q5. - (Topic 1) 

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue? 

A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption. 

B. Require each user to log passwords used for file encryption to a decentralized repository. 

C. Permit users to only encrypt individual files using their domain password and archive all old user passwords. 

D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI. 

View Answer

Q6. - (Topic 2) 

ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst? 

A. Accept the risk in order to keep the system within the company’s standard security configuration. 

B. Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution. 

C. Secure the data despite the need to use a security control or solution that is not within company standards. 

D. Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration. 

View Answer

Q7. - (Topic 2) 

The following has been discovered in an internally developed application: 

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; 

printf(“Welcome to: %s\n”, myBuffer); 

} 

exit(0); 

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). 

A. Static code analysis 

B. Memory dumping 

C. Manual code review 

D. Application sandboxing 

E. Penetration testing 

F. Black box testing 

View Answer

Q8. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 

View Answer

Q9. - (Topic 4) 

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed? 

A. Establish a risk matrix 

B. Inherit the risk for six months 

C. Provide a business justification to avoid the risk 

D. Provide a business justification for a risk exception 

View Answer

Q10. - (Topic 1) 

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns? 

A. Ensure web services hosting the event use TCP cookies and deny_hosts. 

B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions. 

C. Contract and configure scrubbing services with third-party DDoS mitigation providers. 

D. Purchase additional bandwidth from the company’s Internet service provider. 

View Answer