A university Chief Information Security Officer is analyzing various solutions for a new project
involving the upgrade of the network infrastructure within the campus. The campus has several
dorms (two-four person rooms) and administrative buildings. The network is currently setup to
provide only two network ports in each dorm room and ten network ports per classroom. Only
administrative buildings provide 2.4 GHz wireless coverage.
The following three goals must be met after the new implementation:
1. Provide all users (including students in their dorms) connections to the Internet.
2. Provide IT department with the ability to make changes to the network environment to improve
performance.
3. Provide high speed connections wherever possible all throughout campus including sporting
event areas.
Which of the following risk responses would MOST likely be used to reduce the risk of network
outages and financial expenditures while still meeting each of the goals stated above?

The security administrator of a large enterprise is tasked with installing and configuring a solution
that will allow the company to inspect HTTPS traffic for signs of hidden malware and to detect data
exfiltration over encrypted channels. After installing a transparent proxy server, the administrator is
ready to configure the HTTPS traffic inspection engine and related network equipment. Which of
the following should the security administrator implement as part of the network and proxy design
to ensure the browser will not display any certificate errors when browsing HTTPS sites? (Select

THREE).

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided
input to a web page login screen. The code ensures that only the upper case and lower case
letters are entered in the username field, and that only a 6-digit PIN is entered in the password
field. A security administrator is concerned with the following web server log:
10.235.62.11 – – [02/Mar/2014:06:13:04] “GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724
Given this log, which of the following is the security administrator concerned with and which fix
should be implemented by the developer?

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP
tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls

must be implemented to reduce the risk of an extended customer service outage due to the VoIP
system being unavailable. Which of the following BEST describes the scenario presented and the
document the ISO is reviewing?

The Information Security Officer (ISO) believes that the company has been targeted by
cybercriminals and it is under a cyber attack. Internal services that are normally available to the
public via the Internet are inaccessible, and employees in the office are unable to browse the
Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and
notices that the incoming bandwidth on the router’s external interface is maxed out. The security
engineer then inspects the following piece of log to try and determine the reason for the downtime,
focusing on the company’s external router’s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO
and the BEST solution for service restoration?

A security administrator is tasked with implementing two-factor authentication for the company
VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS
server. New company policies require a second factor of authentication, and the Information
Security Officer has selected PKI as the second factor. Which of the following should the security
administrator configure and implement on the VPN concentrator to implement the second factor
and ensure that no error messages are displayed to the user during the VPN connection? (Select
TWO).

A security engineer is troubleshooting a possible virus infection, which may have spread to
multiple desktop computers within the organization. The company implements enterprise antivirus
software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus
infection. The border firewall logs show suspicious activity from multiple internal hosts trying to
connect to the same external IP address. The security administrator decides to post the firewall
logs to a security mailing list and receives confirmation from other security administrators that the
firewall logs indicate internal hosts are compromised with a new variant of the
Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the
following would have detected the malware infection sooner?

The security administrator finds unauthorized tables and records, which were not present before,
on a Linux database server. The database server communicates only with one web server, which
connects to the database server via an account with SELECT only privileges. Web server logs
show the following:
90.76.165.40 – – [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden
HTTP/1.1” 200 5724
90.76.165.40 – – [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 5724
90.76.165.40 – – [08/Mar/2014:10:54:04] “GET index.php?user=<script>Create</script> HTTP/1.1”
200 5724
The security administrator also inspects the following file system locations on the database server
using the command ‘ls -al /root’
drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws—— 25 root root 4096 Mar 8 09:30 .bash_history
-rw——- 25 root root 4096 Mar 8 09:30 .bash_history
-rw——- 25 root root 4096 Mar 8 09:30 .profile
-rw——- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the
security administrator implement to detect such attacks in the future? (Select TWO).

A large international business has completed the acquisition of a small business and it is now in
the process of integrating the small business’ IT department. Both parties have agreed that the
large business will retain 95% of the smaller business’ IT staff. Additionally, the larger business
has a strong interest in specific processes that the smaller business has in place to handle its
regional interests. Which of the following IT security related objectives should the small business’
IT staff consider reviewing during the integration process? (Select TWO).

The Information Security Officer (ISO) is reviewing new policies that have been recently made
effective and now apply to the company. Upon review, the ISO identifies a new requirement to
implement two-factor authentication on the company’s wireless system. Due to budget constraints,
the company will be unable to implement the requirement for the next two years. The ISO is
required to submit a policy exception form to the Chief Information Officer (CIO). Which of the
following are MOST important to include when submitting the exception form? (Select THREE).