The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
31. Which of the following is the MOST appropriate control measure for lost mobile devices?
A.
Disable unnecessary wireless interfaces such as Bluetooth.
B.
Reduce the amount of sensitive data stored on the device.
C.
Require authentication before access is given to the device.
D.
Require that the compromised devices be remotely wiped.
Correct Answer
D. Require that the compromised devices be remotely wiped.
Explanation Requiring that compromised devices be remotely wiped is the most appropriate control measure for lost mobile devices because it ensures that any sensitive data on the device will be erased, preventing unauthorized access. Disabling unnecessary wireless interfaces such as Bluetooth can help reduce the risk of data leakage, but it does not address the issue of the lost device itself. Similarly, reducing the amount of sensitive data stored on the device is a good practice, but it does not guarantee the protection of the data if the device is lost. Requiring authentication before access is given to the device is a general security measure, but it does not specifically address the control of lost devices.
Rate this question:
2.
32. Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive
information on it?
A.
Write over the data
B.
Purge the data
C.
Incinerate the DVD
D.
Shred the DVD
Correct Answer
D. Shred the DVD
Explanation Shredding the DVD is the most cost-effective solution for sanitizing it with sensitive information. Shredding ensures that the data on the DVD is completely destroyed and cannot be recovered. This method is relatively inexpensive compared to other options like incineration or purging, which may require specialized equipment or services. Writing over the data may not completely erase the sensitive information, leaving it vulnerable to recovery. Shredding the DVD is a secure and efficient way to ensure that the sensitive information cannot be accessed or misused.
Rate this question:
3.
33. A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-
01-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-LanguagE. en
Connection: close
CookiE. java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
A.
The HTTPS is not being enforced so the system is vulnerable.
B.
The numerical encoding on the session ID is limited to hexadecimal characters, making it
susceptible to a brute force attack.
C.
Sensitive data is transmitted in the URL.
D.
The dates entered are outside a normal range, which may leave the system vulnerable to a
denial of service attack.
Correct Answer
C. Sensitive data is transmitted in the URL.
Explanation The engineer's greatest concern should be that sensitive data is being transmitted in the URL. This can pose a security risk as the data can be easily intercepted and accessed by unauthorized individuals. It is recommended to transmit sensitive data through secure methods such as HTTPS to ensure its confidentiality and integrity.
Rate this question:
4.
34. Driven mainly by cost, many companies outsource computing jobs which require a large amount of
processor cycles over a short duration to cloud providers. This allows the company to avoid a
large investment in computing resources which will only be used for a short time. Assuming the
provisioned resources are dedicated to a single company, which of the following is the MAIN
vulnerability associated with on-demand provisioning?
A.
Traces of proprietary data which can remain on the virtual machine and be exploited
B.
Remnants of network data from prior customers on the physical servers during a compute job
C.
Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D.
Failure of the de-provisioning mechanism resulting in excessive charges for the resources
Correct Answer
A. Traces of proprietary data which can remain on the virtual machine and be exploited
Explanation When companies outsource computing jobs to cloud providers, there is a risk that traces of proprietary data can remain on the virtual machine even after the job is completed. This poses a vulnerability as these traces can be exploited by unauthorized individuals, potentially leading to the exposure or misuse of sensitive information. Therefore, it is important for companies to ensure proper data sanitization measures are in place to mitigate this risk.
Rate this question:
5.
35. A security administrator needs a secure computing solution to use for all of the company’s security
audit log storage, and to act as a central server to execute security functions from. Which of the
following is the BEST option for the server in this scenario?
A.
A hardened Red Hat Enterprise Linux implementation running a software firewall
B.
Windows 7 with a secure domain policy and smartcard based authentication
C.
A hardened bastion host with a permit all policy implemented in a software firewall
D.
Solaris 10 with trusted extensions or SE Linux with a trusted policy
Correct Answer
D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
Explanation Solaris 10 with trusted extensions or SE Linux with a trusted policy is the best option for the server in this scenario because both Solaris 10 and SE Linux have strong security features and trusted extensions/policies that can ensure the secure storage of security audit logs and execute security functions. These operating systems provide robust access controls, mandatory access controls, and isolation mechanisms, making them suitable for handling sensitive security data and performing security-related tasks.
Rate this question:
6.
36. After implementing port security, restricting all network traffic into and out of a network, migrating
to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced
that the network is secure. The administrator now focuses on securing the hosts on the network,
starting with the servers. Which of the following is the MOST complete list of end-point security
software the administrator could plan to implement?
A.
Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor
authentication.
B.
Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factor
authentication.
C.
Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric
authentication.
D.
Anti-malware/spam software, as well as a host based firewall and strong, three-factor
authentication.
Correct Answer
A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor
authentication.
Explanation The administrator should implement anti-malware/virus/spyware/spam software to protect the servers from malicious software and spam. A host-based firewall should be implemented to monitor and control network traffic to and from the servers. Strong two-factor authentication should be used to ensure that only authorized individuals can access the servers. This combination of software and authentication measures will provide a comprehensive approach to securing the hosts on the network.
Rate this question:
7.
37. A security architect is assigned to a major software development project. The software
development team has a history of writing bug prone, inefficient code, with multiple security flaws
in every release. The security architect proposes implementing secure coding standards to the
project manager. The secure coding standards will contain detailed standards for:
A.
Error handling, input validation, memory use and reuse, race condition handling, commenting,
and preventing typical security problems.
B.
Error prevention, requirements validation, memory use and reuse, commenting typical security
problems, and testing code standards.
Error handling, input validation, commenting, preventing typical security problems, managing
customers, and documenting extra requirements.
Correct Answer
A. Error handling, input validation, memory use and reuse, race condition handling, commenting,
and preventing typical security problems.
Explanation The security architect proposes implementing secure coding standards that include error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. This means that the architect wants to establish guidelines and practices for the development team to follow in order to address these specific areas of concern. By implementing these standards, the team can reduce the number of bugs, improve code efficiency, and enhance the overall security of the software.
Rate this question:
8.
38. A number of security incidents have been reported involving mobile web-based code developed by
a consulting company. Performing a root cause analysis, the security administrator of the
consulting company discovers that the problem is a simple programming error that results in extra
information being loaded into the memory when the proper format is selected by the user. After
repeating the process several times, the security administrator is able to execute unintentional
instructions through this method. Which of the following BEST describes the problem that is
occurring, a good mitigation technique to use to prevent future occurrences, and why it a security
concern?
A.
Problem: Cross-site scripting
Mitigation TechniquE. Input validation
Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious
actors to compromise the confidentiality of network connections or interrupt the availability of the
network.
B.
Problem: Buffer overflow
Mitigation TechniquE. Secure coding standards
Security Concern: Exposes the company to liability buffer overflows and can enable malicious
actors to compromise the confidentiality/availability of the data.
C.
Problem: SQL injection
Mitigation TechniquE. Secure coding standards
Security Concern: Exposes the company to liability SQL injection and can enable malicious actors
to compromise the confidentiality of data or interrupt the availability of a system.
D.
Problem: Buffer overflow
Mitigation TechniquE. Output validation
Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious
actors to interrupt the availability of a system.
Correct Answer
B. Problem: Buffer overflow
Mitigation TechniquE. Secure coding standards
Security Concern: Exposes the company to liability buffer overflows and can enable malicious
actors to compromise the confidentiality/availability of the data.
Explanation The correct answer is "Problem: Buffer overflow, Mitigation Technique: Secure coding standards, Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data." In this scenario, the extra information being loaded into memory when the proper format is selected by the user indicates a buffer overflow vulnerability. This vulnerability can be mitigated by following secure coding standards, which ensure that input is properly validated to prevent buffer overflows. Buffer overflows are a security concern because they can lead to unauthorized access and compromise the confidentiality and availability of data.
Rate this question:
9.
39. A security administrator has been conducting a security assessment of Company XYZ for the past
two weeks. All of the penetration tests and other assessments have revealed zero flaws in the
systems at Company XYZ. However, Company XYZ reports that it has been the victim of
numerous security incidents in the past six months. In each of these incidents, the criminals have
managed to exfiltrate large volumes of data from the secure servers at the company. Which of the
following techniques should the investigation team consider in the next phase of their assessment
in hopes of uncovering the attack vector the criminals used?
A.
Vulnerability assessment
B.
Code review
C.
Social engineering
D.
Reverse engineering
Correct Answer
C. Social engineering
Explanation The investigation team should consider social engineering in the next phase of their assessment. Even though the penetration tests and other assessments have revealed no flaws in the systems, the fact that the criminals were able to exfiltrate large volumes of data suggests that they may have used social engineering techniques to exploit human vulnerabilities rather than technical vulnerabilities. Social engineering involves manipulating individuals into performing actions or divulging confidential information, and it is a common attack vector used by criminals to gain unauthorized access to secure systems. Therefore, investigating social engineering can help uncover the attack vector used by the criminals in these incidents.
Rate this question:
10.
40. A security manager at Company ABC, needs to perform a risk assessment of a new mobile device
which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the
company. The product is commercially available, runs a popular mobile operating system, and can
connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the
upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers
but experts estimate that over 73 million of the devices have been sold worldwide. Which of the
following is the BEST list of factors the security manager should consider while performing a risk
assessment?
A.
Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the
track record of the vendor in publicizing and correcting security flaws in their products; predicted
costs associated with maintaining, integrating and securing the devices.
B.
Ability to remotely administer the devices, apply security controls remotely, and remove the
SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs
associated with securing the devices.
C.
Ability to remotely monitor the devices, remove security controls remotely, and decrypt the
SSD; the track record of the vendor in publicizing and preventing security flaws in their products;
predicted costs associated with maintaining, destroying and tracking the devices.
D.
Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the
track record of the vendor in adapting the open source operating system to their platform;
predicted costs associated with inventory management, maintaining, integrating and securing the
devices.
Correct Answer
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the
track record of the vendor in publicizing and correcting security flaws in their products; predicted
costs associated with maintaining, integrating and securing the devices.
Explanation The security manager should consider the ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD. This is important to ensure that in case of loss or theft, sensitive data can be protected and the devices can be remotely controlled. The track record of the vendor in publicizing and correcting security flaws in their products is also important as it indicates their commitment to addressing vulnerabilities. Additionally, the predicted costs associated with maintaining, integrating, and securing the devices should be considered to assess the financial implications of deploying the new mobile devices.
Rate this question:
11.
41. A newly-appointed risk management director for the IT department at Company XYZ, a major
pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the
developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and
well-written report from the independent contractor who performed a security assessment of the
system. The report details what seems to be a manageable volume of infrequently exploited
security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is
low; however, the director still has some reservations about approving the system because of
which of the following?
A.
The resulting impact of even one attack being realized might cripple the company financially.
B.
Government health care regulations for the pharmaceutical industry prevent the director from
approving a system with vulnerabilities.
C.
The director is new and is being rushed to approve a project before an adequate assessment
has been performed.
D.
The director should be uncomfortable accepting any security vulnerabilities and should find time
to correct them before the system is deployed.
Correct Answer
A. The resulting impact of even one attack being realized might cripple the company financially.
Explanation The correct answer is that the resulting impact of even one attack being realized might cripple the company financially. This means that although the likelihood of a malicious attacker exploiting the vulnerabilities is low, the potential consequences of an attack could be severe and have a significant financial impact on the company. Therefore, the risk management director is justified in having reservations about approving the system.
Rate this question:
12.
42. A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise
class router, and a firewall at the boundary to the ISP. The workstations have the latest patches
and all have up-to-date anti-virus software. User authentication is a two-factor system with
fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network
is configured to use IPv4 and is a standard Ethernet network. The network also has a captive
portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with
the security posture of this company?
A.
No effective controls in place
B.
No transport security controls are implemented
C.
Insufficient user authentication controls are implemented
D.
IPv6 is not incorporated in the network
Correct Answer
B. No transport security controls are implemented
Explanation The problem with the security posture of this company is that no transport security controls are implemented. While the company has taken measures to secure the workstations, such as patching, antivirus software, and encryption of sensitive data, it has not implemented any controls to secure the transmission of data over the network. This means that data sent between the workstations, printers, switch, router, and firewall is not protected from unauthorized access or interception. Without transport security controls, the company's network is vulnerable to attacks and data breaches.
Rate this question:
13.
43. Statement: “The system shall implement measures to notify system administrators prior to a
security incident occurring.”
Which of the following BEST restates the above statement to allow it to be implemented by a team
of software developers?
A.
The system shall cease processing data when certain configurable events occur.
B.
The system shall continue processing in the event of an error and email the security
administrator the error logs.
C.
The system shall halt on error.
D.
The system shall throw an error when specified incidents pass a configurable threshold.
Correct Answer
D. The system shall throw an error when specified incidents pass a configurable threshold.
Explanation The correct answer is the option that states "The system shall throw an error when specified incidents pass a configurable threshold." This answer restates the original statement by specifying that the system should generate an error when certain incidents exceed a predefined threshold. This allows the software developers to implement a mechanism that notifies system administrators of potential security incidents before they occur.
Rate this question:
14.
44. A corporate executive lost their smartphone while on an overseas business trip. The phone was
equipped with file encryption and secured with a strong passphrase. The phone contained over
60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?
A.
File an insurance claim and assure the executive the data is secure because it is encrypted.
B.
Immediately implement a plan to remotely wipe all data from the device.
C.
Have the executive change all passwords and issue the executive a new phone.
D.
Execute a plan to remotely disable the device and report the loss to the police.
Correct Answer
B. Immediately implement a plan to remotely wipe all data from the device.
Explanation The best course of action in this scenario is to immediately implement a plan to remotely wipe all data from the lost smartphone. This is because the phone contained over 60GB of proprietary data, which could be sensitive and valuable to the company. By remotely wiping the data, the company can ensure that the information does not fall into the wrong hands and minimize the risk of data breaches or unauthorized access. The other options, such as filing an insurance claim or changing passwords, may provide some level of security, but they do not address the immediate concern of protecting the sensitive data on the lost device.
Rate this question:
15.
45. A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The
credential is cached by the authenticating server in domain A. Later, the user attempts to access a
resource in domain B. This initiates a request to the original authenticating server to somehow
attest to the resource server in the second domain that the user is in fact who they claim to be.
Which of the following is being described?
A.
Authentication
B.
Authorization
C.
SAML
D.
Kerberos
Correct Answer
C. SAML
Explanation The correct answer is SAML (Security Assertion Markup Language). SAML is a widely used protocol for exchanging authentication and authorization data between parties, particularly in web-based applications. In this scenario, when the user attempts to access a resource in domain B, the original authenticating server in domain A uses SAML to provide an assertion or proof of the user's identity to the resource server in domain B, verifying that the user is who they claim to be. This allows the user to access the resource in domain B without having to go through the authentication process again.
Rate this question:
16.
46. A certain script was recently altered by the author to meet certain security requirements, and
needs to be executed on several critical servers. Which of the following describes the process of
ensuring that the script being used was not altered by anyone other than the author?
A.
Digital encryption
B.
Digital signing
C.
Password entropy
D.
Code signing
Correct Answer
D. Code signing
Explanation Code signing is the process of digitally signing a script or software to ensure that it has not been altered by anyone other than the author. It involves using a cryptographic algorithm to create a unique signature for the script, which can be verified by the recipient. This provides assurance that the script has not been tampered with during transmission or storage. Digital encryption, digital signing, and password entropy are not directly related to verifying the integrity of a script.
Rate this question:
17.
47. A company has asked their network engineer to list the major advantages for implementing a
virtual environment in regards to cost. Which of the following would MOST likely be selected?
A.
Ease of patch testing
B.
Reducing physical footprint
C.
Reduced network traffic
D.
Isolation of applications
Correct Answer
B. Reducing pHysical footprint
Explanation Reducing physical footprint is the most likely advantage for implementing a virtual environment in regards to cost because it allows for consolidation of multiple physical servers onto a single virtual server, thereby reducing the amount of physical space required for housing the servers. This can result in cost savings related to data center space, power consumption, cooling, and maintenance.
Rate this question:
18.
48. The security administrator has been tasked with providing a solution that would not only eliminate
the need for physical desktops, but would also centralize the location of all desktop applications,
without losing physical control of any network devices. Which of the following would the security
manager MOST likely implement?
A.
VLANs
B.
VDI
C.
PaaS
D.
IaaS
Correct Answer
B. VDI
Explanation The security administrator would most likely implement VDI (Virtual Desktop Infrastructure) as a solution to eliminate the need for physical desktops and centralize the location of all desktop applications. VDI allows for virtual desktops to be hosted on a centralized server, which can be accessed remotely by users. This eliminates the need for physical desktops while still providing control over network devices. VLANs (Virtual Local Area Networks) would not directly address the need for eliminating physical desktops and centralizing desktop applications. PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) are cloud computing models that may not directly address the specific requirements mentioned in the question.
Rate this question:
19.
49. A company has decided to relocate and the security manager has been tasked to perform a site
survey of the new location to help in the design of the physical infrastructure. The current location
has video surveillance throughout the building and entryways. The following requirements must be
met:
Able to log entry of all employees in and out of specific areas
Access control into and out of all sensitive areas
Tailgating prevention
Which of the following would MOST likely be implemented to meet the above requirements and
provide a secure solution? (Select TWO).
A.
Discretionary Access control
B.
Man trap
C.
Visitor logs
D.
Proximity readers
E.
Motion detection sensors
Correct Answer(s)
B. Man trap D. Proximity readers
Explanation To meet the requirements of logging entry of employees in and out of specific areas, access control into and out of sensitive areas, and tailgating prevention, the company would likely implement a man trap and proximity readers. A man trap is a physical security measure that consists of two doors, allowing only one person to enter or exit at a time, preventing unauthorized access. Proximity readers, on the other hand, use RFID or similar technology to grant access to authorized individuals, ensuring only those with the proper credentials can enter specific areas. Together, these measures provide a secure solution for the company's relocation.
Rate this question:
20.
50. Which of the following refers to programs running in an isolated space to run untested code and
prevents the code from making permanent changes to the OS kernel and other data on the host
machine?
A.
Input Validation
B.
Application hardening
C.
Code signing
D.
Application sandboxing
Correct Answer
D. Application sandboxing
Explanation Application sandboxing refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine. This technique ensures that any malicious or untrusted code is contained within a restricted environment, preventing it from accessing sensitive resources or causing harm to the system. Sandboxing is commonly used in web browsers, mobile applications, and operating systems to enhance security and protect against potential threats.
Rate this question:
21.
51. The company is about to upgrade a financial system through a third party, but wants to legally
ensure that no sensitive information is compromised throughout the project. The project manager
must also make sure that internal controls are set to mitigate the potential damage that one
individual’s actions may cause. Which of the following needs to be put in place to make certain
both organizational requirements are met? (Select TWO).
A.
Separation of duties
B.
Forensic tasks
C.
MOU
D.
OLA
E.
NDA
F.
Job rotation
Correct Answer(s)
A. Separation of duties E. NDA
Explanation Separation of duties is needed to ensure that no single individual has complete control over sensitive information, reducing the risk of compromise. Non-Disclosure Agreements (NDA) are necessary to legally bind the third party and ensure that they do not disclose any sensitive information during the project.
Rate this question:
22.
52. The security administrator is worried about possible SPIT attacks against the VoIP system. Which
of the following security controls would MOST likely need to be implemented to detect this type of
attack?
A.
SIP and SRTP traffic analysis
B.
QoS audit on Layer 3 devices
C.
IP and MAC filtering logs
D.
Email spam filter log
Correct Answer
A. SIP and SRTP traffic analysis
Explanation To detect SPIT (Spam over Internet Telephony) attacks on the VoIP system, implementing SIP (Session Initiation Protocol) and SRTP (Secure Real-time Transport Protocol) traffic analysis would be the most suitable security control. SPIT attacks involve the mass distribution of unsolicited and unwanted voice messages, similar to email spam. By analyzing the SIP and SRTP traffic, the security administrator can identify patterns and anomalies that indicate potential SPIT attacks, allowing for timely detection and mitigation of such threats. The other options, such as QoS audit, IP and MAC filtering logs, and email spam filter logs, are not directly related to detecting SPIT attacks.
Rate this question:
23.
53. The helpdesk is receiving multiple calls about slow and intermittent Internet access from the
finance department. The network administrator reviews the tickets and compiles the following
information for the security administrator:
------
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces.
The upstream router interface’s MAC is 00-01-42-32-ab-1a
------
The security administrator brings a laptop to the finance office, connects it to one of the wall jacks,
starts up a network analyzer, and notices the following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the security administrator determine from the above information?
A.
A man in the middle attack is underway - implementing static ARP entries is a possible solution.
B.
An ARP flood attack targeted at the router is causing intermittent communication –
implementing IPS is a possible solution.
C.
The default gateway is being spoofed - implementing static routing with MD5 is a possible
solution.
D.
The router is being advertised on a separate network - router reconfiguration is a possible
solution.
Correct Answer
A. A man in the middle attack is underway - implementing static ARP entries is a possible solution.
Explanation From the given information, the security administrator notices that there are multiple ARP replies coming from the same MAC address (0:12:3f:f1:da:52) for the IP address 172.16.34.1. This indicates that there is an attacker intercepting the communication between the finance department and the router, suggesting a man-in-the-middle attack. To mitigate this, implementing static ARP entries can be a possible solution to ensure that only legitimate MAC addresses are associated with the IP addresses.
Rate this question:
24.
54. On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request
for the release of all emails sent and received by the agency board of directors for the past five
years. The CIO has contacted the email administrator and asked the administrator to provide the
requested information by end of day on Friday. Which of the following has the GREATEST impact
on the ability to fulfill the e-discovery request?
A.
Data retention policy
B.
Backup software and hardware
C.
Email encryption software
D.
Data recovery procedures
Correct Answer
A. Data retention policy
Explanation The data retention policy has the greatest impact on the ability to fulfill the e-discovery request. A data retention policy outlines how long data should be retained and how it should be managed. If the agency has a well-defined and comprehensive data retention policy, it will be easier to locate and provide the requested emails. Without a clear policy, it may be more difficult to locate and retrieve the emails within the given timeframe. Backup software and hardware, email encryption software, and data recovery procedures are important, but they do not directly address the ability to fulfill the specific e-discovery request.
Rate this question:
25.
55. A company is evaluating a new marketing strategy involving the use of social networking sites to
reach its customers. The marketing director wants to be able to report important company news,
product updates, and special promotions on the social websites. After an initial and successful
pilot period, other departments want to use the social websites to post their updates as well. The
Chief Information Officer (CIO) has asked the company security administrator to document three
negative security impacts of allowing IT staff to post work related information on such websites.
Which of the following are the major risks the security administrator should report back to the CIO?
(Select THREE).
A.
Brute force attacks
B.
Malware infection
C.
DDOS attacks
D.
Phishing attacks
E.
SQL injection attacks
F.
Social engineering attacks
Correct Answer(s)
B. Malware infection D. pHishing attacks F. Social engineering attacks
Explanation The major risks that the security administrator should report back to the CIO are malware infection, phishing attacks, and social engineering attacks. Allowing IT staff to post work-related information on social networking sites increases the risk of malware infection, as malicious links or downloads can be disguised as legitimate updates. Phishing attacks can also occur, where attackers impersonate the company and trick employees or customers into revealing sensitive information. Additionally, social engineering attacks can be facilitated through the information shared on social networking sites, as attackers can manipulate employees into divulging confidential information or granting unauthorized access.
Rate this question:
26.
56. A telecommunication company has recently upgraded their teleconference systems to multicast.
Additionally, the security team has instituted a new policy which requires VPN to access the
company’s video conference. All parties must be issued a VPN account and must connect to the
company’s VPN concentrator to participate in the remote meetings. Which of the following settings
will increase bandwidth utilization on the VPN concentrator during the remote meetings?
A.
IPSec transport mode is enabled
B.
ICMP is disabled
C.
Split tunneling is disabled
D.
NAT-traversal is enabled
Correct Answer
C. Split tunneling is disabled
Explanation Split tunneling allows users to access both the VPN and local network simultaneously. When split tunneling is disabled, all traffic from the user's device is routed through the VPN concentrator, increasing the bandwidth utilization on the concentrator. This means that during remote meetings, all traffic, including video conference data, will be sent through the VPN concentrator, resulting in increased bandwidth usage.
Rate this question:
27.
57. An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded
computers from the warehouse dumpster. The security team was able to retrieve two older
computers and a broken MFD network printer. The security team was able to connect the hard
drives from the two computers and the network printer to a computer equipped with forensic tools.
The security team was able to retrieve PDF files from the network printer hard drive but the data
on the two older hard drives was inaccessible. Which of the following should the Warehouse
Manager do to remediate the security issue?
A.
Revise the hardware and software maintenance contract.
B.
Degauss the printer hard drive to delete data.
C.
Implement a new change control process.
D.
Update the hardware decommissioning procedures.
Correct Answer
D. Update the hardware decommissioning procedures.
Explanation The security issue in this scenario is that the data on the two older hard drives was inaccessible, indicating that the hardware decommissioning procedures were not effective. To remediate this issue, the Warehouse Manager should update the hardware decommissioning procedures to ensure that all data is properly wiped and inaccessible before discarding the computers. This will help prevent sensitive information from being retrieved from discarded devices in the future.
Rate this question:
28.
58. Which of the following precautions should be taken to harden network devices in case of
VMEscape?
A.
Database servers should be on the same virtual server as web servers in the DMZ network
segment.
B.
Web servers should be on the same physical server as database servers in the network
segment.
C.
Virtual servers should only be on the same physical server as others in their network segment.
D.
Physical servers should only be on the same WAN as other physical servers in their network.
Correct Answer
C. Virtual servers should only be on the same pHysical server as others in their network segment.
Explanation To harden network devices in case of VMEscape, it is important to isolate virtual servers from each other. Placing virtual servers only on the same physical server as others in their network segment helps to prevent VMEscape attacks, as it limits the potential for lateral movement and containment breaches. This segregation ensures that if one virtual server is compromised, the attacker will have limited access to other virtual servers on different physical servers.
Rate this question:
29.
59. Which of the following should be used with caution because of its ability to provide access to block
level data instead of file level data?
A.
CIFS
B.
NFS
C.
ISCSI
D.
NAS
Correct Answer
C. ISCSI
Explanation iSCSI should be used with caution because it has the ability to provide access to block level data instead of file level data. This means that iSCSI allows direct access to individual blocks of data on a storage device, bypassing the file system. While this can be advantageous in certain scenarios, it also requires careful management and can potentially lead to data corruption or loss if not handled properly. Therefore, caution should be exercised when using iSCSI to ensure proper configuration and monitoring of block-level access.
Rate this question:
30.
60. Which of the following can aid a buffer overflow attack to execute when used in the creation of
applications?
A.
Secure cookie storage
B.
Standard libraries
C.
State management
D.
Input validation
Correct Answer
B. Standard libraries
Explanation Standard libraries can aid a buffer overflow attack when used in the creation of applications. Standard libraries are pre-written code that developers use to perform common tasks. If these libraries contain vulnerabilities or are not properly implemented, they can be exploited by attackers to manipulate the application's memory and execute malicious code. This can lead to a buffer overflow attack, where an attacker overflows a buffer with excessive data, causing it to overwrite adjacent memory and potentially execute arbitrary code. Therefore, it is crucial to use secure and properly implemented standard libraries to mitigate the risk of buffer overflow attacks.
Rate this question:
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.