A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks?
A. Application sandboxing
B. Input validation
C. Penetration testing
D. Code reviews
A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints?
A. Install the new solution, migrate to the new solution, and test the new solution.
B. Purchase the new solution, test the new solution, and migrate to the new solution.
C. Decommission the old solution, install the new solution, and test the new solution.
D. Test the new solution, migrate to the new solution, and decommission the old solution.
Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?
A. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.
B. Introduce a peer review process that is mandatory before a document can be officially made
C. Introduce a peer review and presentation process that includes a review board with
representation from relevant disciplines.
D. Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.
During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?
A. Data User
B. Data Owner
C. Business Owner
D. Data Custodian
A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO).
A. Virtual Private Network
B. Secure Sockets Layer for web servers
C. Network monitoring
D. Multifactor authentication for users
E. Full disk encryption
F. Intrusion detection systems
In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network. Which of the following security measures should the IT organization implement? (Select TWO).
A. A device lockdown according to policies
B. An IDS on the internal networks
C. A data disclosure policy
E. Encrypt data in transit for remote access
A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?
A. LUN masking
Which of the following is a security advantage of single sign-on? (Select TWO).
A. Users only have to remember one password.
B. Applications need to validate authentication tokens.
C. Authentication is secured by the certificate authority.
D. Less time and complexity removing user access.
E. All password transactions are encrypted.
After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds that it is impossible to know who did the update since five different people have administrative access.
How should the IT manager increase accountability to prevent this situation from reoccurring? (Select TWO).
A. Implement an enforceable change management system.
B. Implement a software development life cycle policy.
C. Enable user level auditing on all servers.
D. Implement a federated identity management system.
E. Configure automatic updates on all servers.
Company A is purchasing Company B, and will import all of Company B’s users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?
A. Enable RADIUS and end point security on Company B’s network devices.
B. Enable LDAP authentication on Company A’s network devices.
C. Enable LDAP/TLS authentication on Company A’s network devices.
D. Enable 802.1x on Company B’s network devices.