Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant- specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?
A. Malware originating from Company XYZ’s network
B. Co-mingling of company networks
C. Lack of an IPSec connection between the two networks
D. Loss of proprietary plant information
Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure.
The requirements are as follows:
– Reduce costs
– Improve efficiencies and time to market
– Accurate identity information
– Standardize on authentication and authorization
– Ensure a reusable model with standard integration patterns
Which of the following security solution options will BEST meet the above requirements? (Select THREE).
A. Build an organization-wide fine grained access control model stored in a centralized policy data store.
B. Implement self service provisioning of identity information, coarse grained, and fine grained access control.
C. Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.
D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.
E. Implement automated provisioning of identity information; coarse grained, and fine grained access control.
F. Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.
G. Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.
A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?
A. Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications.
B. Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
C. Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility.
D. Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls.
A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
A. Explain how customer data is gathered, used, disclosed, and managed.
B. Remind staff of the company’s data handling policy and have staff sign an NDA.
C. Focus on explaining the “how” and “why” customer data is being collected.
D. Republish the data classification and the confidentiality policy.
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?
A. Limit source ports on the firewall to specific IP addresses.
B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
C. Implement stateful UDP filtering on UDP ports above 1024.
D. Configure the firewall to use IPv6 by default.
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
A. Employees publishing negative information and stories about company management on social network sites and blogs.
B. An employee remotely configuring the email server at a relative’s company during work hours.
C. Employees posting negative comments about the company from personal phones and PDAs.
D. External parties cloning some of the company’s externally facing web pages and creating look- alike sites.
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall:
Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
A. Modify the SRC and DST ports of ACL 1
B. Modify the SRC IP of ACL 1 to 0.0.0.0/32
C. Modify the ACTION of ACL 2 to Permit
D. Modify the PROTO of ACL 1 to TCP
An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?
A. Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.
B. Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.
C. Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.
D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
A company data center provides Internet based access to email and web services.
The firewall is separated into four zones:
– RED ZONE is an Internet zone
– ORANGE ZONE a Web DMZ
– YELLOW ZONE an email DMZ
– GREEN ZONE is a management interface
There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the
following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
A. RED ZONE:none ORANGE ZONE:WAF YELLOW ZONE:SPAM Filter GREEN ZONE:none
B. RED ZONE:Virus Scanner, SPAM Filter ORANGE ZONE:NIPS
YELLOW ZONE:NIPS GREEN ZONE:NIPS
C. RED ZONE:WAF, Virus Scanner ORANGE ZONE:NIPS
YELLOW ZONE:NIPS GREEN ZONE:SPAM Filter
D. RED ZONE:NIPS ORANGE ZONE:WAF
YELLOW ZONE:Virus Scanner, SPAM Filter GREEN ZONE:none