Q1. - (Topic 2) 

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? 

A. Revise the corporate policy to include possible termination as a result of violations 

B. Increase the frequency and distribution of the USB violations report 

C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense 

D. Implement group policy objects 

View Answer

Q2. - (Topic 2) 

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology? 

A. Insider threat 

B. Network reconnaissance 

C. Physical security 

D. Industrial espionage 

View Answer

Q3. - (Topic 3) 

An administrator is reviewing logs and sees the following entry: 

Message: Access denied with code 403 (phase 2). Pattern match "\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] 

Action: Intercepted (phase 2) Apache-Handler: php5-script 

Which of the following attacks was being attempted? 

A. Session hijacking 

B. Cross-site script 

C. SQL injection 

D. Buffer overflow 

View Answer

Q4. - (Topic 3) 

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities. Which of the following should the director require from the developers before agreeing to deploy the system? 

A. An incident response plan which guarantees response by tier two support within 15 minutes of an incident. 

B. A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months. 

C. Business insurance to transfer all risk from the company shareholders to the insurance company. 

D. A prudent plan of action which details how to decommission the system within 90 days of becoming operational. 

View Answer

Q5. - (Topic 1) 

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats? 

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates. 

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs. 

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs. 

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. 

View Answer

Q6. - (Topic 3) 

An organization determined that each of its remote sales representatives must use a smartphone for email access. 

The organization provides the same centrally manageable model to each person. 

Which of the following mechanisms BEST protects the confidentiality of the resident data? 

A. Require dual factor authentication when connecting to the organization’s email server. 

B. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks. 

C. Require encrypted communications when connecting to the organization’s email server. 

D. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs. 

View Answer

Q7. - (Topic 3) 

About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year. 

Which of the following is true in this scenario? 

A. It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure. 

B. It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract. 

C. It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage. 

D. It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract. 

View Answer

Q8. - (Topic 2) 

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO). 

A. Jailbroken mobile device 

B. Reconnaissance tools 

C. Network enumerator 

D. HTTP interceptor 

E. Vulnerability scanner 

F. Password cracker 

View Answer

Q9. - (Topic 5) 

A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends. This is an example of which of the following? (Select TWO). 

A. Supervisory control and data acquisition 

B. Espionage 

C. Hacktivism 

D. Data aggregation 

E. Universal description discovery and integration 

F. Open source intelligence gathering 

View Answer

Q10. - (Topic 5) 

A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract’s SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment. Which of the following approaches presents the MOST risk to the security assessment? 

A. The security manager reviews the system description for the previous accreditation, but does not review application change records. 

B. The security manager decides to use the previous SRTM without reviewing the system description. 

C. The security manager hires an administrator from the previous contract to complete the assessment. 

D. The security manager does not interview the vendor to determine if the system description is accurate. 

View Answer