which of the following attack combinations?
A WAF without customization will protect the infrastructure from which of the following attack
combinations?
Which of the following is the MOST important to be considered before going ahead with the service?
Company ABC is planning to outsource its Customer Relationship Management system (CRM)
and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the
service?
Which of the following would the security engineer MOST likely implement to secure this connection?
The Linux server at Company A hosts a graphical application widely used by the company
designers. One designer regularly connects to the server from a Mac laptop in the designer’s
office down the hall. When the security engineer learns of this it is discovered the connection is not
secured and the password can easily be obtained via network sniffing. Which of the following
would the security engineer MOST likely implement to secure this connection?
Linux Server: 192.168.10.10/24
Mac Laptop: 192.168.10.200/24
Which of the following should occur?
A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has
resigned. The CIO’s laptop, cell phone and PC were all wiped of data per company policy. A
month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach
long before it was discovered and have issued a subpoena requesting all the CIO’s email from the
last 12 months. The corporate retention policy recommends keeping data for no longer than 90
days. Which of the following should occur?
Which of the following cryptographic improvements should be made to the current architecture to achieve the st
A security administrator at a Lab Company is required to implement a solution which will provide
the highest level of confidentiality possible to all data on the lab network.
The current infrastructure design includes:
Two-factor token and biometric based authentication for all users
Attributable administrator accounts
Logging of all transactions
Full disk encryption of all HDDs
Finely granular access controls to all resources
Full virtualization of all servers
The use of LUN masking to segregate SAN data
Port security on all switches
The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless
access points.
Which of the following cryptographic improvements should be made to the current architecture to
achieve the stated goals?
Which of the following is the MOST likely cause of the processing problem?
A data processing server uses a Linux based file system to remotely mount physical disks on a
shared SAN. The server administrator reports problems related to processing of files where the file
appears to be incompletely written to the disk. The network administration team has conducted a
thorough review of all network infrastructure and devices and found everything running at optimal
performance. Other SAN customers are unaffected. The data being processed consists of millions
of small files being written to disk from a network source one file at a time. These files are then
accessed by a local Java program for processing before being transferred over the network to a
SE Linux host for processing. Which of the following is the MOST likely cause of the processing
problem?
Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development co
Company ABC was formed by combining numerous companies which all had multiple databases,
web portals, and cloud data sets. Each data store had a unique set of custom developed
authentication mechanisms and schemas. Which of the following approaches to combining the
disparate mechanisms has the LOWEST up front development costs?
Which of the following methods should the security research use to enumerate the ports and protocols in use by
A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance
manufacturer claims the new device is hardened against all known attacks and several undisclosed zero day exploits. The code base used for the device is a combination of compiled C
and TC/TKL scripts. Which of the following methods should the security research use to
enumerate the ports and protocols in use by the appliance?
Which of the following BEST restates the customer need?
Customer Need:
“We need the system to produce a series of numbers with no discernible mathematical
progression for use by our Java based, PKI-enabled, customer facing website.”
Which of the following BEST restates the customer need?
which of the following?
A security engineer is implementing a new solution designed to process e-business transactions
and record them in a corporate audit database. The project has multiple technical stakeholders.
The database team controls the physical database resources, the internal audit division controls
the audit records in the database, the web hosting team is responsible for implementing the
website front end and shopping cart application, and the accounting department is responsible for
processing the transaction and interfacing with the payment processor. As the solution owner, the
security engineer is responsible for ensuring which of the following?