Ensurepass

QUESTION 111

A database is hosting information assets with a computed CIA aggregate value of high. The

 database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?


A. Inappropriate administrator access

B. Malicious code

C. Internal business fraud

D. Regulatory compliance

 

Answer: A

 

 

QUESTION 112

An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only WEP compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the WPA2 requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?


A. Create a separate SSID and WEP key to support the legacy clients and enable detection of rogue APs.

B. Create a separate SSID and WEP key on a new network segment and only allow required communication paths.

C. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.

D. Create a separate SSID and require the use of dynamic WEP keys.

 

Answer: B

 

 

QUESTION 113

The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk?


A. Require the use of an unprivileged account, and a second shared account only for

 administrative purposes.

B. Require role-based security on primary role, and only provide access to secondary roles on a

case-by-case basis.

C. Require separation of duties ensuring no single administrator has access to all systems.

D. Require on-going auditing of administrative activities, and evaluate against risk-based metrics.

 

Answer: B

 

 

QUESTION 114

A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this?


A. key company-key.{ algorithm hmac-rc4;

secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;

};

allow transfer { 192.168.20.53; }

B. key company-key.{ algorithm hmac-md5;

secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;

};

allow transfer { 192.168.10.53; }

C. key company-key.{ algorithm hmac-md5;

secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;

};

allow transfer { 192.168.20.53; }

D. key company-key.{ algorithm hmac-rc4;

secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;

};

allow transfer { 192.168.10.53; }

 

Answer: C

 

 

QUESTION 115

 An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the

following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).


A. Transport encryption

B. Authentication hashing

C. Digital signature

D. Legal mail hold

E. TSIG code signing

 

Answer: A,C

 

 

QUESTION 116

An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?


A. 3DES – SHA

B. DES – MD5

C. Camellia – SHA

D. RC4 – MD5

 

Answer: A

 

 

QUESTION 117

An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to use while implementing this? (Select THREE).


A. Kerberos

B. NTLM

C. RADIUS

D. TACACS+

E. TLS

F. HMAC

G. Camellia

 

Answer: A,B,E

 

 

QUESTION 118

A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant’s first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).


A. What hardware and software would work best for securing the network?

B. What corporate assets need to be protected?

C. What are the business needs of the organization?

D. What outside threats are most likely to compromise network security?

E. What is the budget for this project?

F. What time and resources are needed to carry out the security plan?

 

Answer: B,C,D

 

 

QUESTION 119

The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments.

Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing

Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport


A. Systems Engineering. Decomposing requirements Development: Secure coding standards

Testing. Code stability

Project Management: Stakeholder engagement

 Security: Secure transport

Networks: Functional validation

B. Systems Engineering. Decomposing requirements Development: Code stability

Testing. Functional validation

Project Management: Stakeholder engagement Security: Secure coding standards

Networks: Secure transport

C. Systems Engineering. Functional validation Development: Stakeholder engagement Testing. Code stability

Project Management: Decomposing requirements Security: Secure coding standards

Networks: Secure transport

D. Systems Engineering. Decomposing requirements Development: Stakeholder engagement

Testing. Code stability

Project Management: Functional validation Security: Secure coding standards Networks: Secure transport

 

Answer: B

 

 

QUESTION 120

Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?


A. Line by line code review and simulation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.

B. Technical exchange meetings with the application’s vendor; vendors have more in depth knowledge of the product.

C. Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users.

D. Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.

 

Answer: A

                

 

 

Comments are closed.