Q1. - (Topic 1) 

A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year? 

A. -45 percent 

B. 5.5 percent 

C. 45 percent 

D. 82 percent 

View Answer

Q2. - (Topic 4) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19: 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 

View Answer

Q3. - (Topic 4) 

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives? 

A. CoBIT 

B. UCF 

C. ISO 27002 

D. eGRC 

View Answer

Q4. - (Topic 1) 

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary? 

A. The corporate network is the only network that is audited by regulators and customers. 

B. The aggregation of employees on a corporate network makes it a more valuable target for attackers. 

C. Home networks are unknown to attackers and less likely to be targeted directly. 

D. Employees are more likely to be using personal computers for general web browsing when they are at home. 

View Answer

Q5. - (Topic 2) 

A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO). 

A. Perform penetration testing over the HR solution to identify technical vulnerabilities 

B. Perform a security risk assessment with recommended solutions to close off high-rated risks 

C. Secure code review of the HR solution to identify security gaps that could be exploited 

D. Perform access control testing to ensure that privileges have been configured correctly 

E. Determine if the information security standards have been complied with by the project 

View Answer

Q6. - (Topic 4) 

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements? 

A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator. 

B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud. 

C. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change control team. 

D. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware. 

View Answer

Q7. - (Topic 3) 

A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve? 

A. Increased customer data availability 

B. Increased customer data confidentiality 

C. Increased security through provisioning 

D. Increased security through data integrity 

View Answer

Q8. - (Topic 2) 

A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection? 

A. Implement an Acceptable Use Policy which addresses malware downloads. 

B. Deploy a network access control system with a persistent agent. 

C. Enforce mandatory security awareness training for all employees and contractors. 

D. Block cloud-based storage software on the company network. 

View Answer

Q9. - (Topic 3) 

Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause? 

A. Purchase the product and test it in a lab environment before installing it on any live system. 

B. Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it. 

C. Purchase the product and test it on a few systems before installing it throughout the entire company. 

D. Use Company A’s change management process during the evaluation of the new product. 

View Answer

Q10. - (Topic 1) 

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. 

Which of the following would be the advantage of conducting this kind of penetration test? 

A. The risk of unplanned server outages is reduced. 

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on. 

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness. 

D. The results should reflect what attackers may be able to learn about the company. 

View Answer