Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Practices, Exams of Computer Security

A range of cybersecurity topics, including incident response, risk assessment, security controls, and cloud security. It provides explanations and examples related to various cybersecurity concepts and best practices. The content is designed to help readers understand the fundamental principles and techniques used in securing information systems and networks. Common security challenges, mitigation strategies, and the role of different stakeholders in maintaining a robust cybersecurity posture. It can be a valuable resource for students, it professionals, and anyone interested in enhancing their knowledge of cybersecurity.

Typology: Exams

2024/2025

Available from 10/16/2024

Academician
Academician 🇺🇸

4.5

(14)

3.9K documents

Partial preview of the text

Download Cybersecurity Concepts and Practices and more Exams Computer Security in PDF only on Docsity!

CASP Practice Exam 3 Questions And Answers With Verified

Solutions 2023

You are the security administrator for your company. You are required to implement a solution that will provide the highest level of confidentiality possible to all data on the network. Two-factor token and biometric-based authentication is implemented for all users. Administrator-level accounts are tightly controlled and issued separately to each user needing administrative access. Auditing is enabled to log all transactions. All hard drives are protected using full disk encryption. All resources have access control lists (ACLs) that can only be changed by an administrator. All server resources are virtualized. LUN masking is implemented to segregate storage area network (SAN) data. All switches are configured with port security. The network is protected with a firewall using ACLs, a NIPS device, and secured wireless access points. You need to improve the current architecture to provide the stated goal. What should you do? Options: A. Implement transport encryption. B. Implement MAC filtering on all network devices. C. Implement data-at-rest encryption. D. Implement PKI authorization. ✔✔Answer: A Explanation: You should implement transport encryption to provide the highest level of confidentiality possible for all data on the network. The public relations department at your company regularly sends out emails signed by the company's CEO with announcements about the company. The CEO sends company and personal emails from a different email account. A competitor is suing your company for copyright infringement. As part of the investigation, you must provide legal counsel with a copy of all emails that came from the CEO, including those generated by the public relations department. The email server allows emails to be digitally signed, and the corporate PKI provisioning allows for one certificate per user. The CEO did not share his password with anyone. You need to provide legal counsel with information on how to determine whether a particular email came from the public relations department or from the CEO. What should you do?

Options: A. Implement digital rights management (DRM). B. Use non-repudiation. C. Implement encryption. D. Employ key escrow. ✔✔Answer: B Explanation: You should use non-repudiation. Non-repudiation is provided when an email includes a digital signature. After connecting to a secure payment server at https://checkout.pearson.com, an auditor notices that the SSL certificate was issued to *.pearson.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on Srv1.pearson.com, one of the developers reports misplacing the USB thumb drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST? Options: A. Generate a new public key for each server. B. Generate a new private key for each server. C. Replace the SSL certificate on Srv1.pearson.com. D. Replace the SSL certificate on checkout.pearson.com. ✔✔Answer: C Explanation: You should replace the SSL certificate on Srv1.pearson.com. The development servers need to have a new SSL certificate. A new company requirement says that multi-factor authentication is required to access network resources. You have been asked to research and implement the most cost- effective solution that would authenticate both hardware and users. The company wants to leverage PKI, which is already well established. You issue individual private/public key pairs to each user and install the public key on the central authentication system. What should you do next? Options: A. Require each user to install the private key on his or her computer and protect it with his or her credentials.

B. Deploy biometrics on each client computer. C. Issue each user one hardware token. D. Require each user to install the private key on his or her computer and protect it with a password. ✔✔Answer: D Explanation: You should require each user to install the private key on his or her computer and protect it with a password. Your company wants to set up a new online business. The new solution must be extendable for new products to be developed and added. Customers and business partners must be able to log in to the system. The new system must be usable and manageable. Non-core functions must integrate seamlessly with third parties. Customers' personal and financial information must be protected during transport and while at rest. The application will consist of a three-tiered architecture for the front-end components and an ESB to provide services. It will include transformation capability, legacy system integration, and a web services gateway. You implement WS-Security for services authentication and XACML for service authorization. What else should you do? Options: A. Use application-level encryption to encrypt sensitive fields, database encryption on sensitive flows, and SSL encryption for sensitive data storage. B. Use database encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and application-level encryption for sensitive data storage. C. Use application-level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage. D. Use SSL encryption to encrypt sensitive fields, application-level encryption on sensitive flows, and database encryption for sensitive data storage. ✔✔Answer: C Explanation: You should use application-level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage. You attempt to install the package oped.8.7.6- 12 - x86_64.rpm on a server. Even though the package was downloaded from the official repository, the server states that the package cannot be installed because no GPG key is found. What should you do to allow the program to be installed?

Options: A. Verify the hash by using SHA. B. Verify the hash by using MD5. C. Import the repository's public key. D. Import the repository's private key. ✔✔Answer: C Explanation: You should import the repository's public key. The GPG key is needed for the package to run. A project has been established in a large online retailer to develop a new secure online retail platform. During the development, you discover that a key piece of software used as part of the base platform is now susceptible to recently published exploits. Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements? Options: A. stakeholders B. project sponsor C. upper management D. change control board ✔✔Answer: D Explanation: The change control board should be contacted first to discuss the potential changes to the platform requirements. The change control board should always be contacted first when a change must be made to the project. A newly hired CSO is faced with improving security for your company, which is suffering from low morale and numerous disgruntled employees. After reviewing the situation for several weeks, the CSO publishes a more comprehensive security policy with associated standards. Which issue could be addressed through the use of technical controls specified in the new security policy? Options: A. an employee posting negative comments about the company from a personal mobile device

B. an employee remotely configuring the database server from a relative's home during work hours C. a third party cloning some of the company's externally facing web pages and creating lookalike sites D. an employee publishing negative information and stories about company management on social media ✔✔Answer: B Explanation: Of the issues listed, the only issues that could be addressed through the use of technical controls is an employee remotely configuring the database server from a relative's home during work hours. You can configure a specific control to prevent this from occurring. An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows: Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)} Customer and Vendor Information = {(Confidentiality, High), (Integrity, Low), (Availability, Low)} Payroll Data = {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)} Which of the following is the aggregate risk impact on the accounting system? Options: A. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)} B. {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)} C. {(Confidentiality, High), (Integrity, Low), (Availability, Low)} D. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)} ✔✔Answer: B Explanation: The aggregate risk impact on the accounting is the highest risk level for each category for all of the systems components. For this example, the aggregate risk impact is: {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}

A security incident happens three times a year on a company's database server, costing the company $1,500 in downtime per occurrence. The database server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk? Options: A. Transfer the risk. B. Accept the risk. C. Avoid the risk. D. Mitigate the risk. ✔✔Answer: D Explanation: The most cost-effective manner to deal with this risk is to mitigate it. Over the next five years, the security incident can occur 15 times. At $1,500 per occurrence, the total is $22,500. The software to prevent the incident would cost $15,000 plus $1,000 each year, or $20,000. Because the control costs less than the expected costs of the incident, you should mitigate the risk. You are the security analyst for your company. Management has asked you to provide a list of technologies that will provide data integrity. What should you recommend? Options: A. encryption, steganography, data classifications B. load balancing, hot site, RAID C. ACLs, MAC filters, firewall rules D. digital signatures, checksums, hashes ✔✔Answer: D Explanation: The technologies that will provide data integrity are digital signatures, checksums, and hashes. You are hired by a small business to recommend which security policies and procedures would be most helpful to the business. The business is composed of 15 employees, operating off of two shared servers. One server houses employee data, and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but they do not remotely access either of the servers. Assuming that no security policies or procedures are in place right now, which two policies are most applicable for implementation?

Options: A. password policies and data classification policies B. wireless access policies and virtual private network policies C. wireless access policies and password policies D. virtual private network policies and data classification policies ✔✔Answer: A Explanation: Password policies and data classification policies are most applicable for this implementation. Password policies ensure that users authenticate using a username/password combination. Data classification policies categorize data to ensure that users access only data they should. Your company purchases a new system. After implementation, security personnel are spending a great deal of time on system maintenance. A new third-party vendor has been selected to maintain and manage the company's system. Which of the following document types would need to be created before any work is performed? Options: A. BPA B. SLA C. OLA D. NDA ✔✔Answer: B Explanation: A service-level agreement (SLA) should be created before any work is performed. This will define the performance metrics that must be maintained. Your company is about to upgrade its databases through a third party. You have been asked to ensure that no sensitive information is compromised throughout the project. The project manager must also ensure that internal controls are set to mitigate the potential damage that one individual's actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met? Options: A. job rotation and an NDA B. job rotation and an MOU

C. separation of duties and an NDA D. separation of duties and an MOU ✔✔Answer: C Explanation: To make certain that both organizational requirements are met, you should implement separation of duties and a nondisclosure agreement (NDA). Which of the following activities could reduce the security benefits of mandatory vacations? Options: A. The replacement employee must perform the job from a different workstation than the vacationing employee. B. The replacement employee must perform tasks in a different order than the vacationing employee. C. The replacement employee must run the same applications as the vacationing employee. D. The replacement employee must run several daily scripts developed by the vacationing employee. ✔✔Answer: D Explanation: Making the replacement run several daily scripts developed by the vacationing employee could reduce the security benefits of mandatory vacations. It could be that the scripts include actions that are fraudulent in nature. During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak first? Options: A. data owner B. system owner C. data custodian D. data user ✔✔Answer: A Explanation: The response team should first speak with the data owner. The CEO of a corporation purchases the latest mobile device and connects it to the internal network. The CEO then downloads sensitive financial documents through his

email. The device is then lost in transit to a conference. The CEO notifies the company help desk about the lost device. A replacement device is shipped out. Then the help desk ticket is closed, with a statement that the issue was resolved. A week later, you realize that the original mobile device was never retrieved, nor was a remote wipe on the device completed. You then complete a remote wipe of the lost device. You report to management that this data breach was not properly reported due to insufficient training. Which process is responsible for this process? Options: A. e-discovery B. incident response C. data recovery and storage D. data handling ✔✔Answer: B Explanation: The incident response process is responsible for any data breaches. A properly designed incident response process will ensure that any incidents are handled properly. Your company did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The company was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations. What is MOST likely the cause for the company's inability to determine what really occurred? Options: A. too many layers of protection between the Internet and the internal network B. lack of a defined security auditing process C. poor intrusion detection system placement and maintenance D. insufficient logging and mechanisms for review ✔✔Answer: D Explanation: The most likely cause for the company's inability to determine what really occurred is insufficient logging and mechanisms for review.

You receive a subpoena for the release of all the email received and sent by the company's chief security officer (CSO) for the past three years. You are able to find only one year's worth of email records on the server. You are now concerned about the possible legal implications of not complying with the request. Which of the following should you check BEFORE responding to the request? Options: A. backup logs and archives B. data retention policies and guidelines C. data retention procedures D. e-discovery procedures ✔✔Answer: A Explanation: Before responding to the request, you should check the backup logs and archives. Older emails may be located in these files. New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should you do first to manage the risks of these attack vectors? A. Back up all device configurations. B. Establish an emergency response process. C. Create an inventory of applications and critical systems. D. Update all network diagrams. ✔✔Answer: C Explanation: To manage the risks of zero-day attacks, you should create an inventory of applications and critical systems. This will allow you to identify which systems are affected by zero-day attacks when they are discovered. A business wants to start using social media to promote the company and to ensure that customers have a good experience with its products. Which security policies should the company have in place before implementation? (Choose all that apply.) Options: A. All staff should be trained in the proper use of social media for the company. B. Specific staff must be dedicated to act as social media representatives of the company.

C. Marketing professionals should write all senior staff blogs. D. You should review the security policy to ensure that social media policy is properly implemented. E. IT staff should ensure that the company has sufficient bandwidth to allow for social media traffic. ✔✔Answer: B, D Explanation: Before implementing social media for the company, the company should have the following security policies in place: Specific staff must be dedicated to act as social media representatives of the company. You should review the security policy to ensure the social media policy is properly implemented. You are researching and putting together a proposal to purchase an IDS. The specific IDS type has not been selected, and you need to gather information from several vendors to determine a specific product. Which document would assist in choosing a specific brand and model? A. RFQ B. RFC C. RFI D. RFP ✔✔Answer: C Explanation: A request for information (RFI) would assist in choosing a specific brand and model. A company is preparing to upgrade its NIDS at two locations around the world. The team plans to test four different platforms. All four platforms claim to have the most advanced features and lucrative pricing. Assuming that all the platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform? Options: A. Evaluate each platform based on TCO. B. Perform a cost/benefit analysis for each platform. C. Evaluate each platform based on ROI.

D. Develop an SLA to ensure that the selected NIDS meets all performance requirements. ✔✔Answer: A Explanation: To select the best platform, you should evaluate each platform based on total cost of ownership (TCO). This is the best metric to use because it includes all the costs associated with the device. You notice a range of network problems affecting your company's proxy server. After reviewing the logs, you notice that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which strategy would be MOST effective in conducting an in-depth assessment and remediation of the issue? Options: A.

  1. Deploy a network fuzzer on the switch span port.
  2. Adjust the external-facing IPS.
  3. Reconfigure the proxy server to block the attacks.
  4. Verify that the firewall is configured correctly and hardened. B.
  5. Deploy an HTTP interceptor on the switch span port.
  6. Adjust the external-facing NIDS.
  7. Reconfigure the firewall ACLs to block all traffic above port 2000.
  8. Verify that the proxy server is configured correctly and hardened.
  9. Review the logs weekly in the future. C.
  10. Deploy a protocol analyzer on the switch span port.
  11. Adjust the external-facing IPS.
  12. Reconfigure the firewall ACLs to block unnecessary ports.
  13. Verify that the proxy server is configured correctly and hardened.
  14. Continue to monitor the network. D.
  15. Deploy a protocol analyzer on the switch span port.
  16. Adjust the internal HIDS.
  17. Reconfigure the firewall ACLs to block outbound HTTP traffic.
  18. Reboot the proxy server.
  19. Continue to monitor the network. ✔✔Answer: C Explanation: You should perform the following steps to conduct an in-depth assessment and remediation of the issue:
  20. Deploy a protocol analyzer on the switch span port.
  1. Adjust the external-facing IPS.
  2. Reconfigure the firewall ACLs to block unnecessary ports.
  3. Verify that the proxy server is configured correctly and hardened.
  4. Continue to monitor the network. A protocol analyzer on the switch span port will allow you to analyze all the traffic on that port. You should adjust the external-facing IPS because the problem is originating from outside your network. If configured correctly, the IPS can prevent the problem communication from entering the network. Then, once you have determined which of the packets are responsible for the problem, you can block the unnecessary ports on the firewall. Finally, you must continue to monitor the network to see if the problem has been handled and to determine whether any new problems arise. Your company is preparing to upgrade its intrusion detection systems (IDSs) at three locations in the southeastern United States. Three vendors have submitted RFP responses that you must evaluate. Each of the three vendor's RFP responses is in line with the security and other requirements. What should you do to ensure that the IDS platform is appropriate for your company? Options: A. Develop criteria and rate each IDS based on information in the RFP responses. B. Create a lab environment to evaluate each of the three IDSs. C. Benchmark each IDS's capabilities and experiences with those of similar-sized companies. D. Correlate current industry research with the RFP responses to ensure validity. ✔✔Answer: B Explanation: You should create a lab environment to evaluate each of the three IDSs. This is the only way to fully determine whether the products will meet the needs of your organization. This solution will also help to validate any metrics that were given in the RFP. As your company's security analyst, you have recently deployed several new security controls as a result of research that you completed. After deploying the controls, you ensure that the controls meet the business needs for which they were deployed. What is the last step of this process? Options: A. Perform a cost/benefit analysis.

B. Create a lessons learned report. C. Create benchmarks and compare to baselines. D. Test multiple solutions. ✔✔Answer: B Explanation: The last step of any process is to create a lessons learned report. Your company's IT department develops and finalizes a set of security solutions and policies that have been approved by upper management for deployment within the company. What is the first thing the IT department should have done during the development of the security solutions and policies? Options: A. Contact an independent SME to help understand what policies and solutions are needed. B. Involve facilities management early to help plan for the new security hardware in the data center. C. Discuss requirements with stakeholders from within the company. D. Contact vendors to start the RFI and RFP process. ✔✔Answer: C Explanation: The IT department should have discussed requirements with stakeholders from within the company first. The stakeholders should be chosen from across all departments in the company. Recently, the human resources department manager requests that an employee's remaining or unused benefits be listed on their paycheck stubs. To provide this function, a secure connection must be made between several different software packages. As a security analyst, you have been asked to recommend members of the team who will work to design this new feature. Which business roles should you recommend as members of this team to ensure that it is MOST effective? Options: A. finance officer, database administrator, and security administrator B. finance officer, human resources representative, and security administrator C. legal representative, human resources representative, and security administrator

D. network administrator, database administrator, and security administrator ✔✔Answer: B Explanation: You should recommend a finance officer, a human resources representative, and a security administrator as members of the team that will design this new feature for the paycheck stubs. You are the security engineer for your company. Your company needs to implement a new solution that will process online customer transactions and record them in a corporate audit database. The project has the following technical stakeholders: Database team: Controls the physical database resources. Internal audit team: Controls the audit records in the database. Web hosting team: Implements the website front end and shopping cart application. Accounting department: Processes the transaction and interfaces with the payment processor. You have been named the solution owner. What are you responsible for ensuring? Options: A. Ensure that the solution functions in a secure manner, from customer input to audit review. B. Ensure that web transactions are conducted in a secure network channel. C. Ensure that security solutions result in zero additional processing latency. D. Ensure that audit records storage is in compliance with applicable laws and regulations. ✔✔Answer: A Explanation: As a security engineer, you are responsible for ensuring that the solution functions in a secure manner, from customer input to audit review. You are a security analyst for your company. The company has recently started a new software development project. The new project includes a distributed computing environment, as recommended by the lead architect. The project's security architect expresses concerns about system integrity if a commercial cloud environment is used. It is at this point that you join the project team. You discover that the security risks of the proposed solution are not being given any attention because of the poor communication within the team. A network administrator

on the project has a security background and is concerned about the project's overall success. What is the BEST course of action you should take? Options: A. Develop an alternative architecture proposal that does not leverage cloud computing and present it to the lead architect. B. Document mitigations to the security concerns and facilitate a meeting of the project team. C. Edit the current proposal so that it addresses the security concerns through the network design and security controls. D. Implement mitigations to the security concerns and facilitate a meeting of the project team. ✔✔Answer: B Explanation: You should document mitigations to the security concerns and facilitate a meeting of the project team. This will give the team an opportunity to address all the security concerns in person. Your company has decided to run a security audit to determine whether there are any security holes in your enterprise. During this audit, the security team retrieves two older computers and a broken laser network printer from the warehouse dumpster. The security team connects the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team retrieves PDF files from the network printer hard drive. However, the data on the two older hard drives was inaccessible. What should your company do to remediate the security issue? Options: A. Update the asset decommissioning procedures. B. Implement a new change control process. C. Update the asset reuse procedures. D. Update the asset maintenance procedures. ✔✔Answer: A

Explanation: Your company should update the asset decommissioning procedures. The decommissioning procedures for network printers should be updated to ensure that data on the hard drives cannot be retrieved. A new vendor product has been acquired to replace an internal network security product. The vendor for the existing solution has announced a retirement date that is quickly approaching. Management requests that you deploy the new solution as quickly as possible. Only essential activities should be performed. Which sequence best describes the order of activities when balancing security posture and time constraints? Options: A. Decommission the old solution, install the new solution, and test the new solution. B. Install the new solution, migrate to the new solution, and test the new solution. C. Test the new solution, migrate to the new solution, and decommission the old solution. D. Install the new solution, test the new solution, and decommission the old solution. ✔✔Answer: C Explanation: You should test the new solution, migrate to the new solution, and decommission the old solution. This is the best order of activities when balancing security and time constraints. Your company is currently migrating from the current network infrastructure to a faster, more secure network while following the SDLC. To provide an appropriate level of assurance, the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help determine whether this occurred? Options: A. change management process B. penetration testing C. vulnerability assessment D. security requirements traceability matrix (SRTM) ✔✔Answer: D Explanation: To determine whether the security requirements that were specified at the project origin are carried through to implementation, your company should use a security requirements traceability matrix (SRTM).

Your company is currently redesigning its internal network infrastructure. The team responsible for the redesign has applied regulatory and corporate guidance to this design. It generates an SRTM based on its work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario? Options: A. to document the security of the network prior to delivery B. to document the functional requirements of the network C. to create performance testing metrics and test plans D. to verify that the network meets applicable security requirements ✔✔Answer: D Explanation: The purpose of an SRTM in this scenario is to verify that the network meets applicable security requirements. TriCorp is purchasing Meta Company. TriCorp uses a change management system for all IT processes, while Meta Company does not have one in place. Meta Company's IT staff needs to purchase a third-party product. What should be done to address the security impacts this product may cause? Options: A. Purchase the product and test it in a lab environment before installing it on any live system. B. Use the product that TriCorp uses for similar needs. C. Use TriCorp's change management process during the evaluation of the new product. D. Allow both companies' IT staffs to evaluate the new product prior to purchasing it. ✔✔Answer: C Explanation: To address the security impacts this product may cause, Meta Company should use TriCorp's change management process during the evaluation of the new product. It is always best to use a formal change management process for security reasons. You are your company's security analyst. Recently, your company has noticed a rapidly increasing need for more computing resources. Management decides to incorporate cloud computing into your enterprise. The current annual budget does not include funds to have an in-house cloud computing specialist. For this reason, management decides

to contract with a cloud service provider. However, because of the confidential nature of your company's data, the service provider will be required to fully isolate your company's data. Which type of cloud implementation should your company implement? Options: A. multi-tenancy private cloud B. multi-tenancy public cloud C. single-tenancy private cloud D. single-tenancy public cloud ✔✔Answer: D Explanation: Your company should implement a single-tenancy public cloud. A single- tenancy cloud ensures that your company is the only tenant for a resource. A public cloud is one where a service provider manages the resources. You have been hired as a security analyst by your company. Currently, your company deploys two web servers: one that acts as an internal web server and one that acts as an external web server. Which is the BEST location to deploy the internal web server? Options: A. in a VLAN B. on a DMZ C. in a VPN D. on a SAN ✔✔Answer: A Explanation: The best location to deploy the internal web server is in a virtual LAN (VLAN). This will ensure that internal resources can access the web server while providing maximum protection to the internal web server. You have been hired as a security analyst by your company. You have been asked to deploy a CRM solution to store all customer-related data. Remote access to the CRM solution is required. Which is the BEST location to deploy the CRM solution? Options: A. in a VLAN B. on a DMZ

C. in a VPN D. on a SAN ✔✔Answer: B Explanation: The best location to deploy the CRM solution is on a demilitarized zone (DMZ). This will ensure that external resources can access the CRM solution without breaching the internal network. You have been hired as a security analyst by your company. Your company decides to deploy an ERP solution. Several department heads express concerns that ERP data will be shared with all departments. In addition, management is concerned that attackers will be able to access the ERP data. You need to deploy the ERP solution while providing the highest level of security. Which is the BEST location to deploy the ERP solution? Options: A. in a VLAN B. on a DMZ C. in a VPN D. on a SAN ✔✔Answer: A Explanation: The best location to deploy the ERP solution is in a virtual LAN (VLAN). This will allow you to isolate the resource and provide the highest level of security. Recently, your company implemented two wireless networks. Within days of implementation, you discover that unauthorized devices have connected to the wireless networks. You need to ensure that unauthorized devices are unable to connect to either wireless network. What should you do? Options: A. Deploy the wireless access points behind a firewall. B. Deploy the wireless access points behind an IPS. C. Employ MAC filtering on the wireless access points. D. Disable SSID broadcast on the wireless access points. ✔✔Answer: C Explanation: You should employ MAC filtering on the wireless access points. In this situation, it would be best to allow only MAC addresses that you configure in the MAC filter to connect to the wireless networks.

During routine auditing of the database, the following records are found: tjones123 elm street 55XX-XXXX-XXXX-1397 Password100 mdoe234 pine street 42XX-XXXX-XXXX-2027 17DEC12 Which of the following is the biggest security concern here? Options: A. integrity B. availability C. confidentiality D. assurance ✔✔Answer: C Explanation: The passwords are being stored in cleartext, as are the street names and user IDs. A storage team is discussing the implementation of shared storage to support a business-critical, high-volume database application. Which of the following techniques could cause a security issue if HBAs are moved? Options: A. multipathing B. LUN masking C. VLANs D. port security ✔✔Answer: B Explanation: LUN masking hides or makes unavailable storage devices or groups of storage devices from all but devices configured with approved access. It can be implemented at either the HBA level or the storage controller level. When it is implemented at the HBA level, moving the HBA may make the LUN available to the server to which the HBA has been moved. The Chief Information Security Officer (CISO) has declared that full disk encryption will be implemented on all devices. Against which of the following threats is the company now protected? Options:

A. man-in-the-middle attacks B. data removed from stolen or lost devices C. malware D. DDoS attacks ✔✔Answer: B Explanation: Full disk encryption will prevent data from being removed from stolen or lost devices by encrypting the data drives, and it can also be implemented to lock the operating system drive, preventing the system from booting unless a key is presented. During the deployment of a SAN, you are instructed to implement zoning and LUN masking. What benefit will the organization derive from this? Options: A. increased availability B. access control C. increased performance D. decreased space taken on the SAN ✔✔Answer: B Explanation: LUN masking hides or makes unavailable storage devices or groups of storage devices from all but devices configured with approved access. The firewall administrator has created the following zones and designated them for particular uses: Zone 1: Internet zone Zone 2: Web server DMZ Zone 3: Email server DMZ Zone 4: Management interface Which of the following appliances would be most appropriate to place in Zone 1? Options: A. WAF

B. virus scanner C. NIPS D. spam filter ✔✔Answer: C Explanation: A network intrusion prevention system (NIPS) would be the most appropriate appliance to place in Zone 1, which is the Internet connection. The placement of the other devices would make the most sense as follows: Zone 2: Web application firewall (WAF) Zone 3: Virus scanner, spam filter Zone 4: None A new remote location is being planned, and the plans include the deployment of a SIEM server with distributed sensors. Which of the following is NOT a benefit that can be derived from this system? Options: A. improved performance B. secured log information C. audit log reduction D. event correlation ✔✔Answer: A Explanation: Security information and event management (SIEM) utilities receive information from log files of critical systems and centralize the collection and analysis of this data. They do not improve performance. Your network has been segmented into the following security zones: Zone 1 connects to the Internet through a router. Zone 2 is a closed research and development network. Zone 3 contains an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage. Zone 4 contains a DMZ with an email server.

The company has budgeted for a single patch server. To which zone should this limited resource be deployed? Options: A. Zone 1 B. Zone 2 C. Zone 3 D. Zone 4 ✔✔Answer: B Explanation: Because the research and development network is a closed network, the patch server could apply patches to the devices in that network. The systems on the closed network cannot connect to any patch systems in the main network. The Chief Information Security Officers (CISO) wants to implement a security operations center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following would NOT be a part of the solution in the SOC to address the CISO's specific concerns? A. DLP B. white box testing C. NIPS D. forensics ✔✔Answer: B Explanation: White box testing is used to access the vulnerabilities of an application and would not contribute to addressing the CISO's biggest concern, which is the increased number of attacks that the current infrastructure cannot detect. The company security policy led to the installation of a NIPS in front of the Internet firewall and in front of the DMZ network. With this placement, which of the following can be done? Options: A. Perform fingerprinting of all unfiltered inbound traffic. B. Monitor inbound traffic to the DMZ. C. Monitor outbound traffic to the DMZ.

D. All of the above ✔✔Answer: D Explanation: By positioning the NIPS between the Internet and both the DMZ and the Internet firewall, you will get traffic inbound from the Internet before it goes though the firewall so it will be unfiltered, and you will be able to track both incoming and outgoing traffic to the DMZ. The CIO of the company is concerned about hackers compromising the Linux servers. To allay his fears, the security analyst instructs the Linux admin to mount the tmp directly with the noexec parameter. What activity will this prevent? Options: A. reading data in the directory B. writing data to the directory C. running binary code in the directory D. deleting data in the directory ✔✔Answer: C Explanation: The noexec parameter prevents execution of any binaries on the mounted drive. It does not prevent any of the other actions. A Linux administrator needs to restart the DNS service on a remote server. He connects using SSH, and, once authenticated, he executes this command: servicebind restart If he is not logged in as root, what will be the response of the DNS server? Options: A. access denied B. dependent service failed to start C. unable to restart BIND D. enter your password ✔✔Answer: C Explanation: Restarting a service requires either logging in as root or using the sudo command. Otherwise, the request will be denied, and the response will be unable to restart Berkeley Internet Naming Daemon (BIND) or DNS service.