A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the
corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers. Which of the following security risks can result from the configuration in this scenario?
A. Visibility on the traffic between the virtual machines can impact confidentiality
B. NIC utilization can exceed 50 percent and impact availability
C. Shared virtual switches can negatively impact the integrity of network packets
D. Additional overhead from network bridging can affect availability
A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior?
A. The hypervisor host does not have hardware acceleration enabled and does not allow DEP.
B. The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution.
C. The virtual machine is configured to require administrator rights to execute all programs.
D. The virus is trying to access a virtual device which the hypervisor is configured to restrict.
An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?
A. The existing SAN may be read-only.
B. The existing SAN used LUN masking.
C. The new SAN is not FCoE based.
D. The data may not be in a usable format.
The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which of the following strategies would be MOST effective in conducting an in-depth assessment and remediation of the problems?
A. 1. Deploy an HTTP interceptor on the switch span port; 2. Adjust the external facing NIDS; 3. Reconfigure the firewall ACLs to block the all traffic above port 2000; 4. Verify the proxy server is configured correctly and hardened; 5. Review the logs weekly in the future.
B. 1. Deploy a protocol analyzer on the switch span port; 2. Adjust the internal HIDS; 3. Reconfigure the firewall ACLs to block outbound HTTP traffic; 4. Reboot the proxy server; 5. Continue to monitor the network.
C. 1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports; 4. Verify the proxy server is configured correctly and hardened; 5. Continue to monitor the network.
D. 1. Deploy a network fuzzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the proxy server to block the attacks; 4. Verify the firewall is configured correctly and hardened.
Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products.
The project manager of the merger states the merged systems should meet these goals:
– Ability to customize systems per department
– Quick implementation along with an immediate ROI
– The internal IT team having administrative level control over all products
The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services.
Which of the following solutions BEST solves the disagreement?
A. Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.
B. Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.
C. Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.
D. Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.
The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy. Which of the following security risks still needs to be addressed in this scenario?
A. An employee copying gigabytes of personal video files from the employee’s personal laptop to their company desktop to share files.
B. An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company.
C. An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.
D. An employee accidentally infecting the network with a virus by connecting a USB drive to the employee’s personal laptop.
The increasing complexity of attacks on corporate networks is a direct result of more and more
corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with
this new trend?
A. Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs
Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans
B. Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices
Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups.
C. Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge
Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices
D. Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality Mitigations: GPS tracking, centralized approved application deployment, over-the-air backups, QoS implementation
A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
B. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.
C. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.
D. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
E. Ensuring smooth transition of maintenance resources to support the new network, updating all
whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
The sales staff at a software development company has received the following requirements from a customer: “We need the system to notify us in advance of all software errors and report all outages”. Which of the following BEST conveys these customer requirements to the software development team to understand and implement?
A. The system shall send a status message to a network monitoring console every five seconds while in an error state and the system should email the administrator when the number of input errors exceeds five.
B. The system shall alert the administrator upon the loss of network communications and when error flags are thrown.
C. The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.
D. The system shall email the administrator when an error condition is detected and a flag is thrown and the system shall send an email to the administrator when network communications are disrupted.
A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?
A. The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.
B. The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.
C. The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.
D. The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.