An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed:
<VirtualHost *:80> DocumentRoot “/var/www”
<Directory “/home/administrator/app”> AllowOveride none
Order allow, deny Allow from all
Which of the following is MOST likely occurring so that this application does not run properly?
A. PHP is overriding the Apache security settings.
B. SELinux is preventing HTTP access to home directories.
C. PHP has not been restarted since the additions were added.
D. The directory had an explicit allow statement rather than the implicit deny.
Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company’s six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step?
A. Threat: 802.1q trunking attack
Remediation: Enable only necessary VLANs for each port
B. Threat: Bridge loop Remediation: Enable spanning tree
C. Threat: VLAN hopping
Remediation: Enable only necessary VLANs for each port
D. Threat: VLAN hopping
Remediation: Enable ACLs on the IDF switch
After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system’s security level?
A. Upgrade all system’s to use a HIPS and require daily anti-virus scans.
B. Conduct a vulnerability assessment of the standard image and remediate findings.
C. Upgrade the existing NIDS to NIPS and deploy the system across all network segments.
D. Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.
The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks – specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
A. The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.
B. The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications.
C. The company’s patch management solution only supports patches and updates released directly by the vendor.
D. Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.
When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchronizing system time across all devices through NTP, which of the following is also a common design consideration for remote locations?
A. Two factor authentication for all incident responders
B. A central SYSLOG server for collecting all logs
C. A distributed SIEM with centralized sensors
D. A SIEM server with distributed sensors
Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?
A. Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, and email alerts to NOC staff hourly.
B. Audit successful and critical failed events, transfer logs to a centralized server once a month, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached.
C. Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded.
D. Audit failed events only, transfer logs to a centralized server, implement manual audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached and exceeded.
A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain and the only connection between the networks is via the trusted server.
The three zones at the corporation are as followed:
– Zone A connects to a network, which is also connected to the Internet through a router.
– Zone B to a closed research and development network.
– Zone C to an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage, so the corporation meets compliance requirements.
A firewall is deployed on the inside edge of the Internet connected router. Which of the following is the BEST location to place other security equipment?
A. HIPS on all hosts in Zone A and B, and an antivirus and patch server in Zone C.
B. A WAF on the switch in Zone C, an additional firewall in Zone A, and an antivirus server in Zone B.
C. A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B.
D. A NIDS on the switch in Zone C, a WAF in Zone A, and a firewall in Zone B.
A system architect has the following constraints from the customer:
– Confidentiality, Integrity, and Availability (CIA) are all of equal importance.
– Average availability must be at least 6 nines (99.9999%).
– All devices must support collaboration with every other user device.
– All devices must be VoIP and teleconference ready.
Which of the following security controls is the BEST to apply to this architecture?
A. Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment.
B. Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.
C. Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.
D. Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.
The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO).
A. The storage network uses FCoE.
B. The storage network uses iSCSI.
C. The storage network uses vSAN.
D. The storage network uses switch zoning.
E. The storage network uses LUN masking.
As part of a new wireless implementation, the Chief Information Officer’s (CIO’s) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor’s products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?
A. Purchase the equipment now, but do not use 802.11r until the standard is ratified.
B. Do not purchase the equipment now as the client devices do not yet support 802.11r.
C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.