Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
An insurance company is looking to purchase a smaller company in another country. Which of thefollowing tasks would the security administrator perform as part of the security due diligence? A. Review switch and router configurations B. Review the security policies and standards C. Perform a network penetration test D. Review the firewall rule set and IPS logs |
B. Review the security policies and standards |
|
|
A new piece of ransomware got installed on a company’s backup server which encrypted the harddrives containing the OS and backup application configuration but did not affect the deduplicationdata hard drives. During the incident response, the company finds that all backup tapes for thisserver are also corrupt. Which of the following is the PRIMARY concern? A. Determining how to install HIPS across all server platforms to prevent future incidents B. Preventing the ransomware from re-infecting the server upon restore C. Validating the integrity of the deduplicated data D. Restoring the data will be difficult without the application configuration |
D. Restoring the data will be difficult without the application configuration |
|
|
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reducebusiness costs by outsourcing to a third party company in another country. Functions to beoutsourced include: business analysts, testing, software development and back office functionsthat deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned aboutthe outsourcing plans. Which of the following risks are MOST likely to occur if adequate controlsare not implemented? A. Geographical regulation issues, loss of intellectual property and interoperability agreementissues B. Improper handling of client data, interoperability agreement issues and regulatory issues C. Cultural differences, increased cost of doing business and divestiture issues D. Improper handling of customer data, loss of intellectual property and reputation damage |
D. Improper handling of customer data, loss of intellectual property and reputation damage |
|
|
A security analyst has been asked to develop a quantitative risk analysis and risk assessment forthe company’s online shopping application. Based on heuristic information from the SecurityOperations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5times a year. The Business Operations department has determined the loss associated to eachattack is $40,000. After implementing application caching, the number of DoS attacks was reducedto one time a year. The cost of the countermeasures was $100,000. Which of the following is themonetary value earned during the first year of operation? A. $60,000 B. $100,000 C. $140,000 D. $200,000 |
A. $60,000 |
|
|
The Information Security Officer (ISO) is reviewing new policies that have been recently madeeffective and now apply to the company. Upon review, the ISO identifies a new requirement toimplement two-factor authentication on the company’s wireless system. Due to budget constraints,the company will be unable to implement the requirement for the next two years. The ISO isrequired to submit a policy exception form to the Chief Information Officer (CIO). Which of thefollowing are MOST important to include when submitting the exception form? (Select THREE). A. Business or technical justification for not implementing the requirements. B. Risks associated with the inability to implement the requirements. C. Industry best practices with respect to the technical implementation of the current controls. D. All sections of the policy that may justify non-implementation of the requirements. E. A revised DRP and COOP plan to the exception form. F. Internal procedures that may justify a budget submission to implement the new requirement. G. Current and planned controls to mitigate the risks. |
A. Business or technical justification for not implementing the requirements. B. Risks associated with the inability to implement the requirements. G. Current and planned controls to mitigate the risks. |
|
|
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. Thedocumentation shows that a single 24 hours downtime in a critical business function will cost thebusiness $2.3 million. Additionally, the business unit which depends on the critical businessfunction has determined that there is a high probability that a threat will materialize based onhistorical data. The CIO’s budget does not allow for full system hardware replacement in case of acatastrophic failure, nor does it allow for the purchase of additional compensating controls. Whichof the following should the CIO recommend to the finance director to minimize financial loss? A. The company should mitigate the risk. B. The company should transfer the risk. C. The company should avoid the risk. D. The company should accept the risk. |
B. The company should transfer the risk. |
|
|
A company is in the process of outsourcing its customer relationship management system to acloud provider. It will host the entire organization’s customer database. The database will beaccessed by both the company’s users and its customers. The procurement department hasasked what security activities must be performed for the deal to proceed. Which of the followingare the MOST appropriate security activities to be performed as part of due diligence? (SelectTWO). A. Physical penetration test of the datacenter to ensure there are appropriate controls. B. Penetration testing of the solution to ensure that the customer data is well protected. C. Security clauses are implemented into the contract such as the right to audit. D. Review of the organizations security policies, procedures and relevant hosting certifications. E. Code review of the solution to ensure that there are no back doors located in the software. |
C. Security clauses are implemented into the contract such as the right to audit. D. Review of the organizations security policies, procedures and relevant hosting certifications. |
|
|
An organization is selecting a SaaS provider to replace its legacy, in house Customer ResourceManagement (CRM) application. Which of the following ensures the organization mitigates the riskof managing separate user credentials? A. Ensure the SaaS provider supports dual factor authentication. B. Ensure the SaaS provider supports encrypted password transmission and storage. C. Ensure the SaaS provider supports secure hash file exchange. D. Ensure the SaaS provider supports role-based access control. E. Ensure the SaaS provider supports directory services federation. |
E. Ensure the SaaS provider supports directory services federation. |
|
|
After a security incident, an administrator would like to implement policies that would help reducefraud and the potential for collusion between employees. Which of the following would help meetthese goals by having co-workers occasionally audit another worker's position? A. Least privilege B. Job rotation C. Mandatory vacation D. Separation of duties |
B. Job rotation |
|
|
A large organization has recently suffered a massive credit card breach. During the months ofIncident Response, there were multiple attempts to assign blame for whose fault it was that theincident occurred. In which part of the incident response phase would this be addressed in acontrolled and productive manner? A. During the Identification Phase B. During the Lessons Learned phase C. During the Containment Phase D. During the Preparation Phase |
B. During the Lessons Learned phase |
|
|
A security manager for a service provider has approved two vendors for connections to the serviceprovider backbone. One vendor will be providing authentication services for its payment cardservice, and the other vendor will be providing maintenance to the service provider infrastructuresites. Which of the following business agreements is MOST relevant to the vendors and serviceprovider’s relationship? A. Memorandum of Agreement B. Interconnection Security Agreement C. Non-Disclosure Agreement D. Operating Level Agreement |
B. Interconnection Security Agreement |
|
|
A large enterprise acquires another company which uses antivirus from a different vendor. TheCISO has requested that data feeds from the two different antivirus platforms be combined in away that allows management to assess and rate the overall effectiveness of antivirus across theentire organization. Which of the following tools can BEST meet the CISO’s requirement? A. GRC B. IPS C. CMDB D. Syslog-ng E. IDS |
A. GRC |
|
|
Which of the following provides the BEST risk calculation methodology? A. Annual Loss Expectancy (ALE) x Value of Asset B. Potential Loss x Event Probability x Control Failure Probability C. Impact x Threat x Vulnerability D. Risk Likelihood x Annual Loss Expectancy (ALE) |
B. Potential Loss x Event Probability x Control Failure Probability |
|
|
A security policy states that all applications on the network must have a password length of eightcharacters. There are three legacy applications on the network that cannot meet this policy. Onesystem will be upgraded in six months, and two are not expected to be upgraded or removed fromthe network. Which of the following processes should be followed? A. Establish a risk matrix B. Inherit the risk for six months C. Provide a business justification to avoid the risk D. Provide a business justification for a risk exception |
D. Provide a business justification for a risk exception |
|
|
The senior security administrator wants to redesign the company DMZ to minimize the risksassociated with both external and internal threats. The DMZ design must support security in depth,change management and configuration processes, and support incident reconstruction. Which ofthe following designs BEST supports the given requirements? A. A dual firewall DMZ with remote logging where each firewall is managed by a separateadministrator. B. A single firewall DMZ where each firewall interface is managed by a separate administrator andlogging to the cloud. C. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed bythe change control team. D. A virtualized firewall, where each virtual instance is managed by a separate administrator andlogging to the same hardware. |
A. A dual firewall DMZ with remote logging where each firewall is managed by a separateadministrator. |
|
|
A large hospital has implemented BYOD to allow doctors and specialists the ability to accesspatient medical records on their tablets. The doctors and specialists access patient records overthe hospital’s guest WiFi network which is isolated from the internal network with appropriatesecurity controls. The patient records management system can be accessed from the guestnetwork and requires two factor authentication. Using a remote desktop type interface, the doctorsand specialists can interact with the hospital’s system. Cut and paste and printing functions aredisabled to prevent the copying of data to BYOD devices. Which of the following are of MOSTconcern? (Select TWO). A. Privacy could be compromised as patient records can be viewed in uncontrolled areas. B. Device encryption has not been enabled and will result in a greater likelihood of data loss. C. The guest WiFi may be exploited allowing non-authorized individuals access to confidentialpatient data. D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. |
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas. D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. |
|
|
The Chief Information Security Officer (CISO) at a company knows that many users storebusiness documents on public cloud-based storage, and realizes this is a risk to the company. Inresponse, the CISO implements a mandatory training course in which all employees are instructedon the proper use of cloud-based storage. Which of the following risk strategies did the CISOimplement? A. Avoid B. Accept C. Mitigate D. Transfer |
C. Mitigate |
|
|
A forensic analyst receives a hard drive containing malware quarantined by the antivirusapplication. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected? A. The malware file’s modify, access, change time properties. B. The timeline analysis of the file system. C. The time stamp of the malware in the swap file. D. The date/time stamp of the malware detection in the antivirus logs. |
B. The timeline analysis of the file system. |
|
|
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged theChief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEOargues that the company cannot protect its employees at home, so the risk at work is no different.Which of the following BEST explains why this company should proceed with protecting itscorporate network boundary? A. The corporate network is the only network that is audited by regulators and customers. B. The aggregation of employees on a corporate network makes it a more valuable target forattackers. C. Home networks are unknown to attackers and less likely to be targeted directly. D. Employees are more likely to be using personal computers for general web browsing when theyare at home. |
B. The aggregation of employees on a corporate network makes it a more valuable target forattackers. |
|
|
A security officer is leading a lessons learned meeting. Which of the following should becomponents of that meeting? (Select TWO). A. Demonstration of IPS system B. Review vendor selection process C. Calculate the ALE for the event D. Discussion of event timeline E. Assigning of follow up items |
D. Discussion of event timeline E. Assigning of follow up items |
|
|
An assessor identifies automated methods for identifying security control compliance throughvalidating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuousmonitoring of authorized information systems? A. Independent verification and validation B. Security test and evaluation C. Risk assessment D. Ongoing authorization |
D. Ongoing authorization |
|
|
The source workstation image for new accounting PCs has begun blue-screening. A techniciannotices that the date/time stamp of the image source appears to have changed. The desktopsupport director has asked the Information Security department to determine if any changes weremade to the source image. Which of the following methods would BEST help with this process?(Select TWO). A. Retrieve source system image from backup and run file comparison analysis on the twoimages. B. Parse all images to determine if extra data is hidden using steganography. C. Calculate a new hash and compare it with the previously captured image hash. D. Ask desktop support if any changes to the images were made. E. Check key system files to see if date/time stamp is in the past six months. |
A. Retrieve source system image from backup and run file comparison analysis on the twoimages. C. Calculate a new hash and compare it with the previously captured image hash. |
|
|
A software project manager has been provided with a requirement from the customer to placelimits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementationof: A. an administrative control B. dual control C. separation of duties D. least privilege E. collusion |
C. separation of duties |
|
|
The technology steering committee is struggling with increased requirements stemming from anincrease in telecommuting. The organization has not addressed telecommuting in the past. Theimplementation of a new SSL-VPN and a VOIP phone solution enables personnel to work fromremote locations with corporate assets. Which of the following steps must the committee takeFIRST to outline senior management’s directives? A. Develop an information classification scheme that will properly secure data on corporatesystems. B. Implement database views and constrained interfaces so remote users will be unable to accessPII from personal equipment. C. Publish a policy that addresses the security requirements for working remotely with companyequipment. D. Work with mid-level managers to identify and document the proper procedures fortelecommuting. |
C. Publish a policy that addresses the security requirements for working remotely with companyequipment. |
