Virtual hosts with different security requirements should be:
A. encrypted with a one-time password.
B. stored on separate physical hosts.
C. moved to the cloud.
D. scanned for vulnerabilities regularly.
Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:
A. Separation of duties.
B. Mandatory vacation.
C. Non-disclosure agreement.
D. Least privilege.
When Company A and Company B merged, the network security administrator for Company A
was tasked with joining the two networks. Which of the following should be done FIRST?
A. Implement a unified IPv6 addressing scheme on the entire network.
B. Conduct a penetration test of Company B’s network.
C. Perform a vulnerability assessment on Company B’s network.
D. Perform a peer code review on Company B’s application.
A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?
A. Migrate the system to IPv6.
B. Migrate the system to RSH.
C. Move the system to a secure VLAN.
D. Use LDAPs for authentication.
An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should contain this information?
A. Memorandum of Understanding
B. Interconnection Security Agreement
C. Operating Level Agreement
D. Service Level Agreement
A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial:
1. IT staff has no experience with establishing and managing secure on-line credit card processing.
2. An internal credit card processing system will expose the business to additional compliance requirements.
Which of the following is the BEST risk mitigation strategy?
A. Transfer the risks to another internal department, who have more resources to accept the risk.
B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out.
C. Transfer the initial risks by outsourcing payment processing to a third party service provider.
D. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.
A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly formed entity?
A. A system and network scan to determine if all of the systems are secure.
B. Implement a firewall/DMZ system between the networks.
C. Develop a risk analysis for the merged networks.
D. Conduct a complete review of the security posture of the acquired corporation.
The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?
A. Apply standard security policy settings to the devices.
B. Set up an access control system to isolate the devices from the network.
C. Integrate the tablets into standard remote access systems.
D. Develop the use case for the devices and perform a risk analysis.
When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?
A. A symmetric key
B. A PKI ticket
C. An X.509 certificate
D. An assertion ticket
Which of the following activities could reduce the security benefits of mandatory vacations?
A. Have a replacement employee run the same applications as the vacationing employee.
B. Have a replacement employee perform tasks in a different order from the vacationing employee.
C. Have a replacement employee perform the job from a different workstation than the vacationing employee.
D. Have a replacement employee run several daily scripts developed by the vacationing employee.