27,99 €
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Prepare for success on the challenging CASP+ CAS-004 exam In the newly updated Second Edition of CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004, accomplished cybersecurity expert Nadean Tanner delivers an extensive collection of CASP+ preparation materials, including hundreds of domain-by-domain test questions and two additional practice exams. Prepare for the new CAS-004 exam, as well as a new career in advanced cybersecurity, with Sybex's proven approach to certification success. You'll get ready for the exam, to impress your next interviewer, and excel at your first cybersecurity job. This book includes: * Comprehensive coverage of all exam CAS-004 objective domains, including security architecture, operations, engineering, cryptography, and governance, risk, and compliance * In-depth preparation for test success with 1000 practice exam questions * Access to the Sybex interactive learning environment and online test bank Perfect for anyone studying for the CASP+ Exam CAS-004, CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004 is also an ideal resource for anyone with IT security experience who seeks to brush up on their skillset or seek a valuable new CASP+ certification.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 664
Veröffentlichungsjahr: 2021
Ähnliche
Table of Contents
Cover
Title Page
Copyright
Dedication
Acknowledgments
About the Author
About the Technical Editor
Introduction
How to Contact the Publisher
Chapter 1: Security Architecture
Chapter 2: Security Operations
Chapter 3: Security Engineering and Cryptography
Chapter 4: Governance, Risk, and Compliance
Chapter 5: Practice Test 1
Chapter 6: Practice Test 2
Appendix: Answers to Review Questions
Chapter 1: Security Architecture
Chapter 2: Security Operations
Chapter 3: Security Engineering and Cryptography
Chapter 4: Governance, Risk, and Compliance
Chapter 5: Practice Test 1
Chapter 6: Practice Test 2
Index
End User License Agreement
Guide
Cover
Table of Contents
Title Page
Copyright
Dedication
Acknowledgments
About the Author
About the Technical Editor
Introduction
Begin Reading
Appendix: Answers to Review Questions
Index
End User License Agreement
Pages
i
v
vi
vii
ix
xi
xiii
xix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
CASP+Advanced Security Practitioner Practice Tests
Exam CAS-004
Second Edition
Nadean H. Tanner
Copyright © 2021 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
ISBN: 978-1-119-81305-7
ISBN: 978-1-119-81307-1 (ebk)
ISBN: 978-1-119-81306-4 (ebk)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2021938732
TRADEMARKS: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and CASP+ are trademarks or registered trademarks of The Computing Technology Industry Association, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
73c99f3c5cb19301ed9de1524c40a1b8
Acknowledgments
To my husband, no one I'd rather quarantine with.
To my children, who will never read this book.
To Kenyon Brown, for trusting me to do this again.
To Kelly Talbot, for gently reminding me of deadlines.
To Ryan Hendricks, your turn!
—Nadean H. Tanner
About the Author
Nadean H. Tanner is the manager of Consulting – Education Services at FireEye/Mandiant, working most recently on building real-world cyber-range engagements to practice threat hunting and incident response. She has been in IT for more than 20 years and specifically in cybersecurity for over a decade. She holds over 30 industry certifications, including CompTIA CASP+, Security+, and (ISC)2 CISSP.
Tanner has trained and consulted for Fortune 500 companies and the U.S. Department of Defense in cybersecurity, forensics, analysis, red/blue teaming, vulnerability management, and security awareness.
She is the author of Cybersecurity Blue Team Toolkit, published by Wiley in 2019, and CASP+ Practice Tests: Exam CAS-003, published by Sybex in 2020. She also was the technical editor for CompTIA Security+ Study Guide: Exam SY0-601 (Sybex, 2021) and CompTIA PenTest+ Study Guide: Exam PT0-002 (Sybex, 2021), both written by Mike Chapple and David Seidl.
In her spare time, Tanner enjoys speaking at technical conferences such as Black Hat, Wild West Hacking Fest, and OWASP events.
About the Technical Editor
Ryan Hendricks (CISSP, CEH, CASP+, Security+) has more than 16 years of cybersecurity and intelligence experience. His first venture started while working intelligence operations for the U.S. Navy and then continued in the government and private sector as an educator, facilitator, consultant, and adviser on a multitude of information technology and cybersecurity principles.
Hendricks holds many certifications covering hardware, networking, operating systems, and cybersecurity. He worked as a trainer for the U.S. Department of Defense, educating hundreds of students on everything from military communication systems to the CompTIA CASP+ and (ISC)2 CISSP certifications.
Hendricks is a staff architect and manager at VMware. He currently supports all technical content creation for the VMware Carbon Black portfolio and additional VMware Security products. Additional responsibilities include developing labs, updating materials, piloting and expanding the certification programs, mentoring and managing the security technical content team, and educating anyone who is willing to learn. When not working, Hendricks tries to balance spending his time learning new security tools and attack techniques to feed his need for knowledge and playing video games with his kids.
Introduction
CASP+ Advanced Security Practitioner Practice Tests is a companion volume to CASP+ Study Guide. If you're looking to test your knowledge before you take the CASP+ exam, this book will help you by providing a combination of 1,000 questions that cover the four CASP+ domains and by including easy-to-understand explanations of both right and wrong answers.
If you're just starting to prepare for the CASP+ exam, we highly recommend that you use CASP+ Study Guide: Exam CAS-004 by Jeff T. Parker to help you learn about each of the domains covered by the CASP+ exam. Once you're ready to test your knowledge, use this book to help find places where you might need to read a chapter again and study more.
Because this is a companion to the CASP+ Study Guide, this book is designed to be similar to taking the CASP+ exam. It contains multipart scenarios as well as standard multiple-choice questions similar to those you will encounter on the certification exam.
How to Contact the Publisher
If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.
To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”
Chapter 1Security Architecture
THE CASP+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
Domain 1: Security Architecture
1.1 Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
Services
Load balancer
Intrusion detection system (IDS)/network intrusion detection system (NIDS)/wireless intrusion detection system (WIDS)
Intrusion prevention system (IPS)/network intrusion prevention system (NIPS)/wireless intrusion prevention system (WIPS)
Web application firewall (WAF)
Network access control (NAC)
Virtual private network (VPN)
Domain Name System Security Extensions (DNSSEC)
Firewall/unified threat management (UTM)/next-generation firewall (NGFW)
Network address translation (NAT) gateway
Internet gateway
Forward/transparent proxy
Reverse proxy
Distributed denial-of-service (DDoS) protection
Routers
Mail security
Application programming interface (API) gateway/Extensible Markup Language (XML) gateway
Traffic mirroring
Switched port analyzer (SPAN) ports
Port mirroring
Virtual private cloud (VPC)
Network tap
Sensors
Security information and event management (SIEM)
File integrity monitoring (FIM)
Simple Network Management Protocol (SNMP) traps
NetFlow
Data loss prevention (DLP)
Antivirus
Segmentation
Microsegmentation
Local area network (LAN)/virtual local area network (VLAN)
Jump box
Screened subnet
Data zones
Staging environments
Guest environments
VPC/virtual network (VNET)
Availability zone
NAC lists
Policies/security groups
Regions
Access control lists (ACLs)
Peer-to-peer
Air gap
Deperimeterization/zero trust
Cloud
Remote work
Mobile
Outsourcing and contracting
Wireless/radio frequency (RF) networks
Merging of networks from various organizations
Peering
Cloud to on premises
Data sensitivity levels
Mergers and acquisitions
Cross-domain
Federation
Directory services
Software-defined networking (SDN)
Open SDN
Hybrid SDN
SDN overlay
1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
Scalability
Vertically
Horizontally
Resiliency
High availability
Diversity/heterogeneity
Course of action orchestration
Distributed allocation
Redundancy
Replication
Clustering
Automation
Autoscaling
Security Orchestration, Automation and Response (SOAR)
Bootstrapping
Performance
Containerization
Virtualization
Content delivery network
Caching
1.3 Given a scenario, integrate software applications securely into an enterprise architecture.
Baseline and templates
Secure design patterns/types of web technologies
Storage design patterns
Container APIs
Secure coding standards
Application vetting processes
API management
Middleware
Software assurance
Sandboxing/development environment
Validating third-party libraries
Defined DevOps pipeline
Code signing
Interactive application security testing (IAST) vs. dynamic application security testing (DAST) vs. static application security testing (SAST)
Considerations of integrating enterprise applications
Customer relationship management (CRM)
Enterprise resource planning (ERP)
Configuration management database (CMDB)
Content management system (CMS)
Integration enablers
Directory services
Domain name system (DNS)
Service-oriented architecture (SOA)
Enterprise service bus (ESB)
Integrating security into development life cycle
Formal methods
Requirements
Fielding
Insertions and upgrades
Disposal and reuse
Testing
Regression
Unit testing
Integration testing
Development approaches
SecDevOps
Agile
Waterfall
Spiral
Versioning
Continuous integration/continuous delivery (CI/CD) pipelines
Best practices
Open Web Application Security Project (OWASP)
Proper Hypertext Transfer Protocol (HTTP) headers
1.4 Given a scenario, implement data security techniques for securing enterprise architecture.
Data loss prevention
Blocking use of external media
Print blocking
Remote Desktop Protocol (RDP) blocking
Clipboard privacy controls
Restricted virtual desktop infrastructure (VDI) implementation
Data classification blocking
Data loss detection
Watermarking
Digital rights management (DRM)
Network traffic decryption/deep packet inspection
Network traffic analysis
Data classification, labeling, and tagging
Metadata/attributes
Obfuscation
Tokenization
Scrubbing
Masking
Anonymization
Encrypted vs. unencrypted
Data life cycle
Create
Use
Share
Store
Archive
Destroy
Data inventory and mapping
Data integrity management
Data storage, backup, and recovery
Redundant array of inexpensive disks (RAID)
1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
Credential management
Password repository application
End-user password storage
On premises vs. cloud repository
Hardware key manager
Privileged access management
Password policies
Complexity
Length
Character classes
History
Maximum/minimum age
Auditing
Reversable encryption
Federation
Transitive trust
OpenID
Security Assertion Markup Language (SAML)
Shibboleth
Access control
Mandatory access control (MAC)
Discretionary access control (DAC)
Role-based access control
Rule-based access control
Attribute-based access control
Protocols
Remote Authentication Dial-in User Server (RADIUS)
Terminal Access Controller Access Control System (TACACS)
Diameter
Lightweight Directory Access Protocol (LDAP)
Kerberos
OAuth
802.1X
Extensible Authentication Protocol (EAP)
Multifactor authentication (MFA)
Two-factor authentication (2FA)
2-Step Verification
In-band
Out-of-band
One-time password (OTP)
HMAC-based one-time password (HOTP)
Time-based one-time password (TOTP)
Hardware root of trust
Single sign-on (SSO)
JavaScript Object Notation (JSON) web token (JWT)
Attestation and identity proofing
1.6 Given a set of requirements, implement secure cloud and virtualization solutions.
Virtualization strategies
Type 1 vs. Type 2 hypervisors
Containers
Emulation
Application virtualization
VDI
Provisioning and deprovisioning
Middleware
Metadata and tags
Deployment models and considerations
Business directives
Cost
Scalability
Resources
Location
Data protection
Cloud deployment models
Private
Public
Hybrid
Community
Hosting models
Multitenant
Single-tenant
Service models
Software as a service (SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Cloud provider limitations
Internet Protocol (IP) address scheme
VPC peering
Extending appropriate on-premises controls
Storage models
Object storage/file-based storage
Database storage
Block storage
Blob storage
Key-value pairs
1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
Privacy and confidentiality requirements
Integrity requirements
Non-repudiation
Compliance and policy requirements
Common cryptography use cases
Data at rest
Data in transit
Data in process/data in use
Protection of web services
Embedded systems
Key escrow/management
Mobile security
Secure authentication
Smart card
Common PKI use cases
Web services
Code signing
Federation
Trust models
VPN
Enterprise and security automation/orchestration
1.8 Explain the impact of emerging technologies on enterprise security and privacy.
Artificial intelligence
Machine learning
Quantum computing
Blockchain
Homomorphic encryption
Private information retrieval
Secure function evaluation
Private function evaluation
Secure multiparty computation
Distributed consensus
Big Data
Virtual/augmented reality
3D printing
Passwordless authentication
Nano technology
Deep learning
Natural language processing
Deep fakes
Biometric impersonation
Your organization experienced a security event that led to the loss and disruption of services. You were chosen to investigate the disruption to prevent the risk of it happening again. What is this process called?
Incident management
Forensic tasks
Mandatory vacation
Job rotation
Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose?
RAID 1, classification of data, and load balancing
Digital signatures, encryption, and hashes
Steganography, ACLs, and vulnerability management
Checksums, DOS attacks, and RAID 0
Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose?
RAS
PBX
IDS
DDT
Nicole is the security administrator for a large governmental agency. She has implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow?
Antimalware/virus/spyware, host-based firewall, and MFA
Antivirus/spam, host-based IDS, and TFA
Antimalware/virus, host-based IDS, and biometrics
Antivirus/spam, host-based IDS, and SSO
Sally's CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want?
HIDS
NIDS
HIPS
NIPS
Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business-critical servers to detect and stop intrusions. Which of the following will meet the CISO's requirement?
HIPS
NIDS
HIDS
NIPS
Paul's company has discovered that some of his organization's employees are using personal devices, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy?
DLP
WIDS
NIPS
Firewall
Suzette's company discovered that some of her organization's employees are copying corporate documents to Microsoft blob cloud drives outside the control of the company. She has been instructed to stop this practice from occurring. Which of the following can stop this practice from happening?
DLP
NIDS
NIPS
Firewall
Troy must decide about his organization's file integrity monitoring (FIM) monitoring. Standalone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such a system memory or an I/O. For the integration, which of the following does Troy need to use?
HIDS
ADVFIM
NIDS
Change management
Lisa is building a network intrusion detection system (NIDS). What can an NIDS do with encrypted network traffic?
Look for viruses
Examine contents of email
Bypass VPN
Nothing
What system is used to collect and analyze data logs from various network devices and to report detected security events?
Syslog server
NIPS
WIPS
SIEM system
The IT department decided to implement a security appliance in front of their web servers to inspect HTTP/HTTPS/SOAP traffic for malicious activity. Which of the following is the
best
solution to use?
Screened host firewall
Packet filter firewall
DMZ
WAF
A security audit was conducted for your organization. It found that a computer plugged into any Ethernet port in its shipping facility was able to access network resources without authentication. You are directed to fix this security issue. Which standard, if implemented, could resolve this issue?
802.1x
802.3
802.1q
802.11
Your CISO is concerned with unauthorized network access to the corporate wireless network. You want to set a mechanism in place that not only authenticates the wireless devices but also requires them to meet a predefined corporate policy before allowing them on the network. What technology
best
performs this function?
HIDS
NAC
Software agent
NIPS
David's security team is implementing NAC for authentication as well as corporate policy enforcement. The team wants to install software on the devices to perform these tasks. In the context of NAC, what is this software called?
Program
Process
Agent
Thread
Grace is investigating the encryption of data at rest and data in transit and trying to determine which algorithm is best in each situation. Which of the following does not contain data at rest?
SAN
NAS
SSD
VPN
Your employees need internal access while traveling to remote locations. You need a service that enables them to securely connect back to a private corporate network from a public network to log into a centralized portal. You want the traffic to be encrypted. Which of the following is the
best
tool?
Wi-Fi
VPN
RDP
NIC
Robert's employees complain that when they connect to the network through the VPN, they cannot view their social media posts and pictures. What mostly likely has been implemented?
Split tunnels
DNS tunneling
ARP cache
Full tunnels
Robin's company is merging with another healthcare organization. The stakeholders are discussing the security aspects of combining digital communications. The main agreed-upon criterion for compliance and security is protecting the sharing of the business's domains. What is the best option for this organization?
DNSSEC
TLS
SSL 2.0
Keeping both entities separate
You are a network security administrator for a SOHO. Your staff tends to work from coffee shops without understanding the need for a VPN. You must show them why this can be dangerous. What network traffic packets are commonly captured and used in a replay attack?
Packet headers
Authentication
FTP
DNS
Sally needs to implement a network security device at the border of her corporate network and the Internet. This device filters network traffic based on source and destination IP addresses, source and destination port numbers, and protocols. Which network security device
best
suits her needs?
Packet filter firewall
Proxy server
HSM
DMZ
The IT security department was tasked with recommending a single security device that can perform various security functions. The security functions include antivirus protection, antispyware, a firewall, and an IDP. What device should the IT security department recommend?
Next-generation firewall
Unified threat management system
Quantum proxy
Next-generation IDP
One of your network administrators reports that they cannot connect to a device on the local network using its IP address. The device is up and running with an IP address of 10.0.0.5. Other hosts can communicate with the device. The default gateway is 10.0.0.1, and your local IP address is 10.0.0.3. What is the
best
type of scan to run to find the MAC of the offending machine?
ARP
NAT gateway
IPConfig
IFConfig
Ronald has architected his network to hide the source of a network connection. What device has he most probably used?
Proxy firewall
Internet gateway
Layer 3 switch
Bastion host
The IT group within your organization wants to filter requests between clients and their servers. They want to place a device in front of the servers that acts as a go-between for the clients and the servers. This device receives the request from the clients and forwards the request to the servers. The server will reply to the request by sending the reply to the device; then the device will forward the reply to the clients. What device best meets this description?
Firewall
NIDS
Reverse proxy
Proxy
Many users within your organization clicked on emails that, while looking legitimate, are malicious. Malicious code executes once the email is opened, infecting the user's system with malware. What could be implemented on the email server to help prevent such emails from reaching the end user?
Firewall
Spam filters
WAF
Forward proxy
Your network administrator, George, reaches out to you to investigate why your e-commerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP. You suspect an attacker set up botnets that flood your DNS server with invalid requests. You find this out by examining your external logging service. What is this type of attack called?
DDoS
Spamming
IP spoofing
Containerization
Aaron's end users are having difficulty signing into the network. The investigation of the situation leads him to believe it is which type of attack?
Port scanning
DDoS
Pass-the-hash
Trojan
A network engineer must configure a router on the network remotely. What protocol should be used to ensure a secure connection?
Telnet
FTP
HTTP
SSH
Ian has joined a company that licenses a third party's software and email service that is delivered to end users through a browser. What type of organization does Ian work for?
IaaS
SaaS
PaaS
BaaS
You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the
address. You want to rip open the ransomware to see what it does and what asset it touches. What do you build?
Cloud sandbox
A container
SLA
A hypervisor
Cody configured the application programming interface (API) connection between your web application that manages retail transactions and your bank. This connection must be as secure as possible. Because the API connection will handle financial transactions, what is the
best
choice for securing the API if it is well designed?
SOAP
HTTPS
REST
XML
Aniket is looking for a web server to process requests sent by XML. What is the
best
technology to use for this?
REST
SOAP
Ajax
XSS
The Cisco switch port you are using for traffic analysis and troubleshooting has a dedicated SPAN port that is in an “error-disabled state”; what is the procedure to reenable it after you enter privilege exec mode?
Issue the
no shutdown
command on the error-disabled interface.
Issue the
shutdown
and then the
no shutdown
command on the error-disabled interface.
Issue the
no error
command on the error-disabled interface.
Issue the
no error-disable
command on the error-disabled interface.
You were asked to recommend a solution to intercept and mirror network traffic and analyze its content for malicious activity while not interacting with the host computer. Of the following, which is the
best
solution?
System scanner
Application scanner
Active vulnerability scanner
Passive vulnerability scanner
One of Robert's objectives and key results (OKRs) for the upcoming year is to modernize the IT strategy by adopting a virtual cloud and taking advantage of new features and storage. He understands that once intellectual property is in the cloud, he could have less visibility and control as a consumer. What else is a major security concern for important data stored in the public cloud versus a private cloud?
Cost effectiveness
Elastic use
Being on demand
Data remnants
Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three-day holiday weekend while most of the IT staff was not at work. The network diagram, in the order from the outside in, consists of the Internet, firewall, IDS, SSL accelerator, web server farm, internal firewall, and internal network. You attempt a forensic analysis, but all the web server logs have been deleted, and the internal firewall logs show no activity. As the security administrator, what do you do?
Review sensor placement and examine the external firewall logs to find the attack.
Review the IDS logs to determine the source of the attack.
Correlate all the logs from all the devices to find where the organization was compromised.
Reconfigure the network and put the IDS between the SSL accelerator and server farm to better determine the cause of future attacks.
After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator to do to immediately to minimize the attack?
Run Wireshark to watch for traffic on TCP port 445.
Update antivirus software and scan the entire enterprise.
Check the SIEM for alerts for any asset with TCP port 445 open.
Deploy an ACL to all HIPS: DENY-TCP-ANY-ANY-445.
Jonathan is a senior architect who has submitted budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a security information and event management (SIEM) system. What is the primary function of a SIEM tool?
Blocking malicious users and traffic
Monitoring the network
Automating DNS servers
Monitoring servers
Janet has critical files and intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement?
FIM
PCI
DNS
TCP
You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3?
Cryptographic security system
Party-based security system
Easier to set up
Supports UDP
Victor is employed in a high-risk geographically diverse environment heavily using Cisco IOS. Which of these are not key service advantages of NetFlow?
Peer-to-peer tunneling encryption
Network traffic accounting and usage-based billing
Network planning and security
DoS monitoring capabilities
One of your managers asked you to research data loss prevention techniques to protect data so that cyber attackers cannot monetize the stolen data. What DLP do you recommend?
Encryption and tokenization
HIPAA and PCI
I&AM management
NIST frameworks
Eddie is looking for an antivirus detection tool that uses a rule or weight-based system to determine how much danger a program function could be. What type of antivirus does he need?
Behavioral
Signature based
Heuristic
Automated
Simon's organization has endpoints that are considered low-priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code only?
Antimalware
Antispyware
Antivirus
Anti-adware
An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing that type of data on your business network?
Implementing a security policy and awareness
Performing audits
Monitoring networks for certain file types
Using third-party threat intelligence reports
You conduct a security assessment and find legacy systems with vital business processes using standard Telnet protocols. What should you do to mitigate the risk?
Migrate from IPv4 to IPv6.
Install PuTTY.
Move the system to a secure VLAN.
Unplug the system until a replacement can be ordered.
Your hospital just merged with another hospital in another state that falls under a different legal jurisdiction. You are tasked with improving network security. Your CISO suggests data isolation by blocking communication between the two hospitals. How do you accomplish this?
Implementing HIDS
Building gateway firewalls
Configuring ERP
Creating network microsegmentation
Your company grew to a point where a screened host firewall solution is no longer viable. IT wants to move to a screened subnet solution. Which of the following is considered a type of screened subnet?
LAN
DMZ
Egress
WAN
Your CISO asked you to implement a solution on the jump servers in your DMZ that can detect and stop malicious activity. Which solution accomplishes this task?
HIDS
NIDS
HIPS
NIPS
Matthew's company just learned that an attacker obtained highly classified information by querying the external DNS server. He is told to never let this happen again. Which of the following is the best option?
Implement a split DNS. Create an internal and external zone to resolve all domain queries.
Implement a split DNS. Create an internal zone for an internal DNS for resolution and an external zone to be used by the Internet.
Create DNS parking for round-robin DNSBL.
Create DNS parking for cloud users.
Peyton is an IT administrator needing visibility into his staging network. He believes he has all the tools and controls in place, but he has no way to look for attackers who are currently exploiting the network. What tool can Peyton choose to help with seeing the dark spots in his environment?
Fuzzer
HTTP interceptor
Port scanner
SIEM
You want to replace an access point's removable antenna with a better one based on the results gathered by a wireless site survey. You want to be able to focus more energy in one direction and less in another to better distinguish between networks. What type of antenna should you purchase?
Directional
Omnidirectional
Parabolic dish
Radio
Which of the following is a protocol that provides a graphical interface to a Windows system over a network?
RDP
VNC
VDI
DLP
An attacker scanned your network and discovered a host system running a vulnerable version of VNC. Which of the following can an attacker perform if they can access VNC on the host?
Remotely access the BIOS of the host system.
Remotely view and control the desktop of the host system.
Remotely view critical failures, causing a stop error or the blue screen of death on the host system.
All of the above.
Levi's corporate public cloud network is configured such that all network devices reach each other without going through a routing device. The CISO wants the network reconfigured so that the network is segmented based on geography. In addition, the servers must be on their own subnetwork. What is a benefit of subdividing the network in this way?
No benefit at all.
By subdividing the network, the port numbers can be better distributed among assets.
By subdividing the network, rules can be placed to control the flow of traffic from one subnetwork to another.
Ease of deployment.
Your security team implemented NAC lists for authentication as well as corporate policy enforcement. Originally, the team installed software on the devices to perform these tasks. However, the security team decided this method is no longer desirable. They want to implement a solution that performs the same function but doesn't require software be installed on the devices. In the context of NAC, what is this configuration called?
Agent
Agentless
Volatile
Persistent
Jason's organization recently deployed some standard Linux systems in its network. The system admin for these Linux systems wants to secure these systems by using SELinux, which is required by their security policy. Which of the following is a benefit of using SELinux?
Moves from a discretionary access control system to a system where the file creator controls the permissions of the file
Moves from a discretionary access control system to a mandatory access control system
Moves from a mandatory access control system to a system where the file creator controls the permissions of the file
Moves from a mandatory access control system to a discretionary access control system
Bobby is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determined that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed?
Risk mitigation
Risk acceptance
Risk avoidance
Risk transference
Randolf is a newly hired CISO, and he is evaluating controls for the confidentiality portion of the CIA triad. Which set of controls should he choose to concentrate on for confidentiality?
RAID 1, classification of data, and load balancing
Digital signatures, encryption, and hashes
Steganography, ACL, and vulnerability management
Checksum, DOS attacks, and RAID 0
You are tasked with deploying a system so that it operates at a single classification level. All the users who access this system have the same clearance, classification, and need to know. What is this operating mode?
High mode
Dedicated
Peer to peer
Multilevel
You work as an independent security consultant for a small town in the Midwest that was just breached by a foreign country. When it came time for payment to a town vendor, someone changed the transfers of monies from a physical check to an electronic payment. In response, what is the first security practice suggestion you make to prevent this from recurring?
Incorporation
Investigation
Zero trust
Data diddling
A hospital database is hosting PHI data with high volatility. Data changes constantly and is used by doctors, nurses, and surgeons, as well as the finance department for billing. The database is located in a secure air-gapped network where there is limited access. What is the most likely threat?
Internal user fraud
Manipulated key-value pairs
Compliance
Inappropriate admin access
Jeremiah works for a global construction company and has found cloud computing meets 90 percent of his IT needs. Which of these is of least importance when considering cloud computing?
Data classification
Encryption methodology
Incident response and disaster recovery
Physical location of data center
Your company hired a new IT manager who will be working remotely. Their first order of business is to perform a risk assessment on a new mobile device that is to be given to all employees. The device is commercially available and runs a popular operating system. What are the most important security factors that you should consider while conducting this risk assessment?
Remote wipe and controls, encryption, and vendor track record
Encryption, IPV6, cost, and color
Remote wipe, maintenance, and inventory management
Remote monitoring, cost, SSD, and vendor track record
Your CEO purchased the latest and greatest mobile device (BYOD) and now wants you to connect it to the company's intranet. You have been told to research this process according to change management and security policy. What
best
security recommendation do you recommend making the biggest impact on risk?
Making this a new corporate policy available for everyone
Adding a PIN to access the device
Encrypting nonvolatile memory
Auditing requirements
Brian's new insurance company is working with an ISP, and he wants to find out technical details, such as system numbers, port numbers, IP addressing, and the protocols used. What document will he find this information in?
Memorandum of understanding
Disclosure of assets
Operation level agreement
Interconnection security agreement
Your IT staff is seeking a wireless solution to transmit data in a manufacturing area with lots of electrical motors. The technology must transmit approximately 1 Mbps of data approximately 1 meter using line of sight. No obstacles are between the devices using this technology. Because of the environment, using RF is not a viable solution. What technology is
best
suited for this situation?
Wi-Fi
Bluetooth
IrDA
RF
Your company underwent a merger, and you are attempting to consolidate domains. What tool do you use to find out who the owner of a domain is, when it expires, and contract details?
Netstat
Whois
SSH
TCPDump
Your department is looking for a new storage solution that enables a yet undetermined number of systems to connect using file-based protocols (such as NFS and SMB) for peering. This solution will also be used for file-sharing services such as data storage, access, and management services to network clients. What is the
best
storage solution for your organization?
SAN
NAS
DAG
DAS
Your CISO asks you to develop deployment solutions for internally developed software that offers the best customization as well as control over the product. Cost is not an issue. What is the
best
solution for you to choose?
Hosted deployment solution with a lower up-front cost but that requires maintaining the hardware on which the software is residing
Cloud-based deployment solutions that require a monthly fee only
Elastic virtual hosting based on need
An on-premises traditional deployment solution
Fletcher is a security engineer for a government agency attempting to determine the control of highly classified customer information. Who should advise him on coordinating control of this sensitive data?
Sales
HR
Board of directors
Legal counsel
Two CISOs brought their IT leadership together to discuss the BIA and DRP for a merger between two automobile manufacturers. Their first priority is to communicate securely using encryption. What is the
best
recommendation?
DNSSEC on both domains
TLS on both domains
Use SMime in select email transmissions
Push all communication to the cloud
Your newly formed IT team is investigating cloud computing models. You would like to use a cloud computing model that is subscription based for common services and where the vendor oversees developing and managing as well as maintaining the pool of computer resources shared between multiple tenants across the network. Which of the following is the
best
choice for this situation?
Public
Private
Agnostic
Hybrid
Alice and Bob are discussing federated identity and the differences between 2FA and MFA. Bob says it is the same thing, and Alice is explaining to him that it isn't. Which is the
best
statement that describes the difference?
Multifactor authentication (MFA) requires users to verify their identity by providing multiple pieces of evidence that can include something they know, something they have, or something they are. Two-factor authentication (2FA) is a user providing two authentication methods like a password and a fingerprint.
2FA and MFA have the same process with the caveat that 2FA must be two separate types of authentication methods. MFA could be two or more of the same methods.
2FA is safer and easier for end users than MFA.
Multifactor authentication (MFA) requires users to verify their identity by providing at least two pieces of evidence that can include something they know, something they have, or something they are. Two-factor authentication (2FA) is a user providing two or more authentication methods like a password and a fingerprint.
For security reasons, Ted is moving from LDAP to LDAPS for standards-based specification for interacting with directory data. LDAPS provides for security by using which of the following?
SSL
SSH
PGP
AES
The corporate network has grown to a point where the management of individual routers and switches is problematic. Your CISO wants to move to a solution where the control function of the routers and switches are centralized, leaving the routers and switches to perform the basic forwarding of traffic. Which technology
best
performs this function?
CDC
NAS
SAN
SDN
A security engineer is concerned that logs may be lost on their hybrid SDN network if the devices should fail or become compromised by an attacker. What solution ensures that logs are not lost on these devices?
Configuring a firewall on the local machine
Archiving the logs on the local machine
Sending the logs to a syslog
Installing a NIPS
Your CISO watched the news about the latest supply chain breach and is genuinely concerned about this type of attacks affecting major organizations. He asks you, as a security analyst, to gather information about controls to put into place on your SDN network to stop these attacks from affecting your organization. How do you begin this process?
Get the latest IOCs from OSINT sources
Research best practices
Use AI and SIEM
Perform a sweep of your network using threat modeling
Cameron is a newly promoted network security administrator. His manager told him to start building his physical and SDN topology map with a concentration on finding out what ports are open on which assets across the entire enterprise. What tool will accomplish the task?
Netcat
Nmap
BurpSuite
IPConfig
Your organization has opted into a hybrid cloud solution for all your strategic organizations with multiple verticals with different IT requirements. Which one of these is an advantage?
Flexible, scalable, reliable, and improved security posture
Strong compatibility and integration requirements
Complexity as the organization evolves
Can be very expensive
While performing unit testing on software requested by your department, you found that privilege escalation is possible. Privilege escalation means that an attacker can elevate their privilege on a system from a lower level to an administrator level. What two performance unit testing techniques do you need to use?
Vertical and horizontal
Left and right
North to south
Ring 1 to 3
Phillip's financial company experienced a natural disaster, used a hot site for three months, and now is returning to the primary site. What processes should be restored first at the primary site?
Finance department
External communication
Mission critical
Least business critical
You work in law enforcement supporting a network with HA. High availability is mandatory, as you also support emergency 911 services. Which of the following would hinder your HA ecosystem?
Clustered servers
Primary firewall
Switched networks
Redundant communication links
Mark has been tasked with building a computer system that can scale well and that includes built-in logic for interfacing with many types of devices, including SATA, PCI, and USB, as well as GPU, network processors, and AV encoders/decoders. What type of system should he build?
Matrix
Heterogeneous
LLC
Meshed network
Not having complete control over networks and servers is a real concern in your organization, and upper management asks you if the company's data is genuinely secure now that you have migrated to the cloud. They have asked you to present industry research at the next board of directors meeting to answer questions regarding cloud security and your company's cyber-resilience. What research would be of most interest to the board of directors?
Processor power consumption
Encryption models
COCOA
CACAO
While investigating threats specific to your industry, you found information collected and analyzed by several companies with substantive expertise and access to source information. Which of these is the
least
beneficial item to your organization after subscribing to threat intelligence information?
Determining acceptable business risks
Developing controls and budgets
Making equipment and staffing decisions
Creating a marketing plan for your product
Andrew has evaluated several unified communications (UC) vendors. He has a need for one with their own data center facility hosting their own instance of the platform with built-in redundant power, remote backup, and secured entry as well as 24/7 staffing. Why would a UC vendor have minimal data center security?
Cost savings
Compliance requirements
Ease of setup and use
Perfect forward secrecy
Your organization slowly evolved from simply locking doors to RFID-enabled cards issued to employees to secure the physical environment. You want to protect these cards from cloning, because some parts of your organization host sensitive information. What should you implement?
Encryption
IDR
HIDS
NIPS
Damien is a security architect for a large enterprise bank that recently merged with a smaller local bank. The acquired bank has a legacy virtual cluster, and all these virtual machines use the same NIC to connect to the LAN. Some of the VMs are used for hosting databases for HR, and some are used to process mortgage applications. What is the biggest security risk?
Shared NICs negatively impacting the integrity of packets
Bridging of networks impacting availability
Availability between VMs impacting integrity
Visibility between VMs impacting confidentiality
One of the biggest issues your CISO has with migrating to more cloud environments is the process of acquiring and releasing resources. Technical as well as operational issues are associated with these processes. What type of procedure documentation should you create to help with this?
How to authenticate and authorize
How to dynamically provision and deprovision
How to use SaaS, IaaS, and PaaS
How to build a Type 2 hypervisor
You have received an RFQ response from a software company, which makes a tool that will allow you to record all changes in a single change management tool. This tool will track scheduling change, implementing change, the cost of change, and reporting. What type of software is this called?
Vulnerability management
Change control
Security information and event management
Automation
You are investigating a new tool that helps identify, analyze, and report on threats in real time based mostly on logs. What is the
best
solution?
SOAR
Antivirus
XSS
Port scanner
Steve is a software developer for a large retail organization. His CISO returned from a large conference and asked him to clarify exactly what the benefit of a container in software development is over virtual machines. Which of these is the
best
succinct answer?
In a VM, hardware is virtualized to run multiple OS instances. Containers virtualize an OS to run multiple workloads on a single OS instance using a container engine.
In a container, hardware is virtualized to run a single OS, where a VM can run multiple applications across multiple assets with a single OS.
A VM is virtualized technology, but a container is not.
A container is the same thing as a virtual machine, just smaller in size.
As a leader in your organization in DevOps, you want to convince your CISO to move toward containerization. Which of these is not an advantage to using containers over VMs?
Reduced and simplified security updates
Less code to transfer, migrate, and upload
Quicker spinning up applications
Large file size of snapshots
At the latest IT department meeting, a discussion on the best virtual methodology centered around using VMs versus containers. Which of these statements
best
aligns with those two models?
VMs are better for lightweight native performance, whereas containers are better for heavyweight limited performance.
VMs are for running applications that need all the OS has to offer, whereas containers are better when maximizing number of applications on minimal resources.
VMs share the host OS, whereas containers run on their own OS.
Containers are fully isolated and more secure, whereas VMs use process-level isolation.
Ross is a security manager looking to improve security and performance of his unified communications (UC) server. Which of the following options might help with decreasing the attack surface?
Adding more users
Adding more devices
Turning off unused services
Ease of setup
After analyzing traffic flows on the network, your department noticed that many internal users access the same resources on the Internet. This activity utilizes a lot of Internet bandwidth. Your department decides to implement a solution that can cache this type of traffic the first time it is requested and serve it to the internal users as requested, thereby reducing the Internet bandwidth used for accessing this traffic. Which solution
best
accomplishes this task?
Proxy
Packet filter firewall
WAF
IPS
You were asked to recommend a technology that will lessen the impact of a DDoS attack on your CDN. Which of the following is the
best
technology?
HIDS
Packet filter firewall
Proxy
Load balancing
Luke's company started upgrading the computers in your organization. As a security professional, you recommend creating a standard image for all computers with a set level of security configured. What is this process called?
Configuration baselining
Imaging
Duplication
Ghosting
Lydia is a security administrator, and her hospital's security policy states that wearable technology and IoT devices are not allowed in secure areas where patient information is discussed. Wearable devices are designed to be worn by one individual, but some are quite powerful with artificial intelligence. Why is this a concern?
Danger of eavesdropping and compliance violations
Insurance premiums going up
Malpractice and litigation
Chain of custody of evidence
Mark is evaluating cloud storage providers and gives each a product evaluation form. Which of these is not the best practice for a cloud service provider?
Strict initial registration and validation
System event and network traffic monitoring
Utilization of weak encryption algorithms
Incident response processes that help BCP
Containerization provides many benefits in flexibility and faster application development. Which of the following statements is false?
Containers share the host OS's kernel during runtime.
Containers do not need to fully emulate an OS to work.
One physical server running five containers needs only one OS.
Containers are pure sandboxes just like VMs are.
Hector has a team that replaced version 1.2 of software with 2.0. The newest version has a completely different interface in addition to updates. What is this called?
Versioning
Coding integration
Secure coding
Vulnerability assessment
Greg is a security researcher for a cybersecurity company. He is currently examining a third-party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization?
Web defacement
Unpatched applications
Attackers
Education awareness
Your CISO decided to implement an overarching enterprise mobility management (EMM) strategy. She wants to ensure that sensitive corporate data is not compromised by the employees' apps on their mobile devices. Which of these will implement that
best
?
App config through IDC
App wrapping through SDK
Open source through API
Platform DevOps
You are a web developer who needs to secure API keys in a client-side JavaScript application created for your hospital. What is the
best
way to accomplish this task quickly and efficiently?
Disable API access and use a hash of the key.
Set API access and a secret key pair.
Curl a request with an
-H -o
option.
Set a RESTful request with access pairs.
Mitchell wants to enhance his overall security and compliance to protect his company more carefully. He engages his security team to examine enterprise application integration, data integration, message-oriented middleware (MOM), object request brokers (ORBs), and the enterprise service bus (ESB). He also wants to prioritize which web applications should be secured first and how they will be tested. What do you need to sit down with your IT security team and build?
Web application security plan
Web application–level attack list
Business logic justifications
Container security
Edwin's board of directors want to perform quarterly security testing. As CISO of a financial institution, he must form a plan specifically for the development of this test that includes software assurance. This test must have a low risk of impacting system stability because the company is in production. The suggestion was made to outsource this to a third party. The board of directors argue that a third party will not be as knowledgeable as the development team. What will satisfy the board of directors?
Gray-box testing by a major consulting firm
Black-box testing by a major external consulting firm
Gray-box testing by the development and security assurance teams
White-box testing by the development and security assurance teams
Trent is a security analyst for a financial organization and conducting a review of data management policies. After a complete review, he found settings disabled permitting developers to download supporting but trusted software. You submitted the recommendation that developers have a separate process to manually download software that should be vetted before its use. What process will support this recommendation?
NIPS
Digitally signed applications
Sandboxing
PCI compliance
Tiffany runs an organization that is blending its development team with the operations team because of the speed applications are being rolled out. Applications change with new services required in production, so she has undertaken the challenge of eliminating those silos of development and operations. What is this called?
Incremental
DevOps
Agile
Waterfall
Shelby is working for a software developer developing web applications for an international financial enterprise. She has also been tasked with building the rule set that governs the interaction between an end user and the web application linking authentication and access. What type of rule set is this?
Session management
Secure cookies
Java flags
Stateless firewall
Your software developer has a custom ROM for Android and wants to further customize it for mobile device use in your healthcare network. Android is an open source operating system, but your developer experiences difficulties uploading the new ROM to a test device even using validated third-party libraries for development. What does he need to unlock before uploading the new ROM?
Bootloader
BIOS
FIFO
TPM
Angel needs to provide software code for users to download. You want the users to be able to verify that the software has not changed or become corrupted. How might you provide this verification?
Code signing.
Script signing.
The user can attempt to install and run the program. If it installs and operates properly, it hasn't been altered.
Have the user authenticate first. If the user is authenticated, the software they download must be genuine.
You are creating a web application security plan and need to do white-box security testing on source code to find vulnerabilities earlier in the SDLC. If you can find vulnerabilities earlier in the process, they are cheaper to fix. What type of testing do you need to do?
SAST
CAST
DAST
FAST
You are creating a web application security plan and need to do black-box security testing on a running application. What type of testing do you need to do?
SAST
CAST
DAST
IAST
You had your internal team do an analysis on compiled binaries to find errors in mobile and desktop applications. You would like an external agency to test them as well. Which of these tests
best
suits this need?
DAST
VAST
IAST
SAST
Craig's newly formed IT team is investigating cloud computing models. He wants to use a cloud computing model that is orchestrated as an integrated infrastructure environment. Apps and data can share resources based on business and technical policies. Which of the following is the
best
choice for this situation?
Public
Private
Agnostic
Hybrid
You have been newly hired as a CISO for a governmental contractor. One of your first conversations with the CEO is to review requirements for recovery time and recovery point objectives, and enterprise resource planning (ERP). Who should you bring to the round table to discuss metrics surrounding your RTO/RPO?
Board of directors
Chief financial officer
Data owners and custodians
Business unit managers and directors
Which of the following is a use case for configuration management software?
Incident remediation
Continuance
Asset management
Collaboration
You have been analyzing the backup schedule for a CMDB. Your CIO has said the company has an RPO of 48 hours. What is the minimum backup schedule for the CMDB?
24 hours
6 hours
48 hours
12 hours
Your company is looking at a new CRM model to reach customers that includes social media. The marketing director, Tucker, would like to share news, updates, and promotions on all social websites. What are the major security risks?
Malware, phishing, and social engineering
DDOS, brute force, and SQLi
Mergers and data ownership
Regulatory requirements and environmental changes
In the last 5 years, your manufacturing group merged twice with competitors and acquired three startups, which led to more than 60 unique customer web applications. To reduce cost and improve workflows, you are put in charge of a project to implement centralized security. You need to ensure a model to enable integration and accurate identity information and authentication as well as repeatability. Which is the
best
solution?
Implementation of web access control and relay proxies
Automated provisioning of identity management
Self-service single sign-on using Kerberos
Building an organizational wide granular access control model in a centralized location
You are tasked with creating a single sign-on solution for your security organization. Which of these would you not deploy in an enterprise environment?
Directory services
Kerberos
SAML 2.0
Workgroup
The Domain Name System (DNS) maintains an index of every domain name and corresponding IP address. Before someone visits a website on your corporate network, DNS will resolve your domain name to its IP address. Which of the following is a weakness of DNS?
Spoofing
Latency
Authentication
Inconsistency
Your database team would like to use a service-oriented architecture (SOA). The CISO suggested you investigate the risk for adopting this type of architecture. What is the biggest security risk to adopting an SOA?
SOA is available only over the enterprise network.
Lack of understanding from stakeholders.
Risk of legacy networks and system vulnerabilities.
Source code.
