Which of the following is the MOST appropriate control measure for lost mobile devices?
Which of the following is the MOST appropriate control measure for lost mobile devices?
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive
information on it?
Which of the following should be the engineer’s GREATEST concern?
A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-
01-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-Language: en
Connection: close
Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
which of the following is the MAIN vulnerability associated with on-demand provisioning?
Driven mainly by cost, many companies outsource computing jobs which require a large amount of
processor cycles over a short duration to cloud providers. This allows the company to avoid a
large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is
the MAIN vulnerability associated with on-demand provisioning?
Which of the following is the BEST option for the server in this scenario?
A security administrator needs a secure computing solution to use for all of the company’s security
audit log storage, and to act as a central server to execute security functions from. Which of the
following is the BEST option for the server in this scenario?
Which of the following is the MOST complete list of end-point security software the administrator could plan t
After implementing port security, restricting all network traffic into and out of a network, migrating
to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced
that the network is secure. The administrator now focuses on securing the hosts on the network,
starting with the servers.
Which of the following is the MOST complete list of end-point security software the administrator
could plan to implement?
The secure coding standards will contain detailed standards for:
A security architect is assigned to a major software development project. The software
development team has a history of writing bug prone, inefficient code, with multiple security flaws
in every release. The security architect proposes implementing secure coding standards to the
project manager. The secure coding standards will contain detailed standards for:
Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to pre
A number of security incidents have been reported involving mobile web-based code developed by
a consulting company. Performing a root cause analysis, the security administrator of the
consulting company discovers that the problem is a simple programming error that results in extra
information being loaded into the memory when the proper format is selected by the user. After
repeating the process several times, the security administrator is able to execute unintentional
instructions through this method. Which of the following BEST describes the problem that is
occurring, a good mitigation technique to use to prevent future occurrences, and why it a security
concern?
Which of the following techniques should the investigation team consider in the next phase of their assessment
A security administrator has been conducting a security assessment of Company XYZ for the past
two weeks. All of the penetration tests and other assessments have revealed zero flaws in the
systems at Company XYZ. However, Company XYZ reports that it has been the victim of
numerous security incidents in the past six months. In each of these incidents, the criminals have
managed to exfiltrate large volumes of data from the secure servers at the company. Which of the
following techniques should the investigation team consider in the next phase of their assessment
in hopes of uncovering the attack vector the criminals used?
Which of the following is the BEST list of factors the security manager should consider while performing a ris
A security manager at Company ABC, needs to perform a risk assessment of a new mobile device
which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the
company. The product is commercially available, runs a popular mobile operating system, and can
connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the
upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers
but experts estimate that over 73 million of the devices have been sold worldwide. Which of the
following is the BEST list of factors the security manager should consider while performing a risk
assessment?