Ensurepass

QUESTION 161

A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO’s requirements?


A. Use the security assurance team and development team to perform Grey box testing.

B. Sign a NDA with a large consulting firm and use the firm to perform Black box testing.

C. Use the security assurance team and development team to perform Black box testing.

D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

 

Answer: D

 

 

QUESTION 162

The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?


A. The firewall will meet the availability requirement because availability will be 99.98%.

B. The firewall will not meet the availability requirement because availability will be 85%.

C. The firewall will meet the availability requirement because availability will be 99.993%.

D. The firewall will not meet the availability requirement because availability will be 99.2%.

 

Answer: A

 

 

QUESTION 163

What of the following vulnerabilities is present in the below source code file named ‘AuthenticatedArea.php’?

<html><head><title>AuthenticatedArea</title></head>

<?

include (“/inc/common.php”);

$username = $_REQUEST[‘username’]; if ($username != “”) {

echo “Your username is: “ . $_REQUEST[‘username’];

}else {

header)(“location: /login.php”

                

}

?>

</html>


A. Header manipulation

B. Account disclosure

C. Unvalidated file inclusion

D. Cross-site scripting

 

Answer: D

 

 

QUESTION 164

There have been some failures of the company’s customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down for 14 total hours over the past month in four separate situations. One of these situations was a two hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the following is the MTTR, based on the last month’s performance figures?


A. 3 hours

B. 3.5 hours

C. 4 hours

D. 4.666 hours

 

Answer: C

 

 

QUESTION 165

To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI?


A. Nearly four years

B. Nearly six years

C. Within the first year

D. Nearly three years

 

Answer: D

 

 

QUESTION 166

During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company’s financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue?


A. The administrator should enter a username and use an offline password cracker in brute force mode.

B. The administrator should use a network analyzer to determine which packet caused the system to crash.

C. The administrator should extract the password file and run an online password cracker in brute force mode against the password file.

D. The administrator should run an online fuzzer against the login screen.

 

Answer: D

 

 

QUESTION 167

A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?


A. The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

B. The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

C. The system administrator should build a virtual machine on the administrator’s desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

D. The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

 

Answer: A

 

 

QUESTION 168

The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.

       

Which of the following should the network administrator do to resolve the performance issue after analyzing the above information?


A. The IP TOS field of business related network traffic should be modified accordingly.

B. The TCP flags of business related traffic should be modified accordingly.

C. An ACL should be placed on the external router to drop incoming ICMP packets.

                

D. An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.

 

Answer: A

 

 

QUESTION 169

The security administrator at ‘company.com’ is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following.

UDP 192.168.0.1:123 -> 172.60.3.0:123

UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123

UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123

UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123

The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers:

192.168.0.1

192.168.0.112

192.168.0.211

192.168.0.78

Which of the following should the security administrator report to upper management based on the above output?


A. An NTP client side attack successfully exploited some hosts.

B. A DNS cache poisoning successfully exploited some hosts.

C. An NTP server side attack successfully exploited some hosts.

D. A DNS server side attack successfully exploited some hosts.

 

Answer: A

                

 

 

QUESTION 170

A mid-level company is rewriting its security policies and has halted the rewriting progress because the company’s executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company’s interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?


A. 1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures

B. 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines

C. 1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines

D. 1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies

 

Answer: B

 

 

Comments are closed.