The security engineer receives an incident ticket from the helpdesk stating that DNS lookup
requests are no longer working from the office. The network team has ensured that Layer 2 and
Layer 3 connectivity are working. Which of the following tools would a security engineer use to
make sure the DNS server is listening on port 53?

A large organization has recently suffered a massive credit card breach. During the months of
Incident Response, there were multiple attempts to assign blame as to whose fault it was that the
incident occurred. In which part of the incident response phase would this be addressed in a
controlled and productive manner?

A security administrator needs to deploy a remote access solution for both staff and contractors.
Management favors remote desktop due to ease of use. The current risk assessment suggests
protecting Windows as much as possible from direct ingress traffic exposure. Which of the
following solutions should be selected?

Due to compliance regulations, a company requires a yearly penetration test. The Chief
Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

The IT manager is evaluating IPS products to determine which would be most effective at stopping
network traffic that contains anomalous content on networks that carry very specific types of traffic.
Based on the IT manager’s requirements, which of the following types of IPS products would be
BEST suited for use in this situation?

A software project manager has been provided with a requirement from the customer to place
limits on the types of transactions a given user can initiate without external interaction from
another user with elevated privileges. This requirement is BEST described as an implementation
of:

Which of the following is the information owner responsible for?

A Chief Information Security Officer (CISO) is approached by a business unit manager who heard
a report on the radio this morning about an employee at a competing firm who shipped a VPN
token overseas so a fake employee could log into the corporate VPN. The CISO asks what can be
done to mitigate the risk of such an incident occurring within the organization. Which of the
following is the MOST cost effective way to mitigate such a risk?

Two universities are making their 802.11n wireless networks available to the other university’s
students. The infrastructure will pass the student’s credentials back to the home school for
authentication via the Internet.

The requirements are:
Mutual authentication of clients and authentication server
The design should not limit connection speeds
Authentication must be delegated to the home school
No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

A company has decided to move to an agile software development methodology. The company
gives all of its developers security training. After a year of agile, a management review finds that
the number of items on a vulnerability scan has actually increased since the methodology change.
Which of the following best practices has MOST likely been overlooked in the agile
implementation?