Which of the following are management challenges and risks associated with this style of technology lifecycle
An administrator at a small company replaces servers whenever budget money becomes
available. Over the past several years the company has acquired and still uses 20 servers and 50
desktops from five different computer manufacturers. Which of the following are management
challenges and risks associated with this style of technology lifecycle management?
Which of the following should the Security Manager suggest to BEST secure this environment?
A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP
cameras with built-in web management. The Security Manager has several security guard desks
on different networks that must be able to view the cameras without unauthorized people viewing
the video as well. The selected IP camera vendor does not have the ability to authenticate users at
the camera level. Which of the following should the Security Manager suggest to BEST secure this
environment?
which of the following?
In single sign-on, the secondary domain needs to trust the primary domain to do which of the
following? (Select TWO).
Which of the following should the ISO consider to provide the independent functionality required by each depar
A corporation has Research and Development (R&D) and IT support teams, each requiring
separate networks with independent control of their security boundaries to support department
objectives. The corporation’s Information Security Officer (ISO) is responsible for providing firewall
services to both departments, but does not want to increase the hardware footprint within the
datacenter. Which of the following should the ISO consider to provide the independent
functionality required by each department’s IT teams?
Which of the following would be the MOST appropriate method for dealing with this issue going forward?
A manager who was attending an all-day training session was overdue entering bonus and payroll
information for subordinates. The manager felt the best way to get the changes entered while in
training was to log into the payroll system, and then activate desktop sharing with a trusted
subordinate. The manager granted the subordinate control of the desktop thereby giving the
subordinate full access to the payroll system. The subordinate did not have authorization to be in
the payroll system. Another employee reported the incident to the security team. Which of the
following would be the MOST appropriate method for dealing with this issue going forward?
Which of the following should the auditor recommend FIRST?
After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the
SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal
development servers use the same certificate. After installing the certificate on dev1.xyz.com, one
of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored.
Which of the following should the auditor recommend FIRST?
Which of the following can the administrator do in the short term to minimize the attack?
A morphed worm carrying a 0-day payload has infiltrated the company network and is now
spreading across the organization. The security administrator was able to isolate the worm
communication and payload distribution channel to TCP port 445. Which of the following can the
administrator do in the short term to minimize the attack?
Which of the following can the security administrator do to further increase security after having exhausted a
A security administrator wants to verify and improve the security of a business process which is
tied to proven company workflow. The security administrator was able to improve security by
applying controls that were defined by the newly released company security standard. Such
controls included code improvement, transport encryption, and interface restrictions. Which of the
following can the security administrator do to further increase security after having exhausted all
the technical controls dictated by the company’s security standard?
How many years of data MUST the company legally provide?
A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data.
The storage administrator reports that the data retention policy relevant to their industry only
requires one year of email data. However the storage administrator also reports that there are
three years of email data on the server and five years of email data on backup tapes. How many
years of data MUST the company legally provide?
which of the following types of attacks is underway and how can it be remediated?
The VoIP administrator starts receiving reports that users are having problems placing phone
calls. The VoIP administrator cannot determine the issue, and asks the security administrator for
help. The security administrator reviews the switch interfaces and does not see an excessive
amount of network traffic on the voice network. Using a protocol analyzer, the security
administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy.
Based on the information given, which of the following types of attacks is underway and how can it
be remediated?