Which of the following are security components provided by an application security library or framework? (Select THREE).
A. Authorization database
B. Fault injection
C. Input validation
D. Secure logging
E. Directory services
F. Encryption and decryption
Which of the following potential vulnerabilities exists in the following code snippet?
var myEmail = document.getElementById(“formInputEmail”).value; if (xmlhttp.readyState==4 && xmlhttp.status==200)
Document.getElementById(“profileBox”).innerHTML = “Emails will be sent to “ + myEmail + xmlhttp.responseText;
B. AJAX XHR weaknesses
C. DOM-based XSS
D. JSON weaknesses
The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO’s biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO’s concerns?
A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
B. Forensics, White box testing, Log correlation, HIDS, and SSO
C. Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
D. eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?
A company is planning to deploy an in-house Security Operations Center (SOC).
One of the new requirements is to deploy a NIPS solution into the Internet facing environment.
The SOC highlighted the following requirements:
– Perform fingerprinting on unfiltered inbound traffic to the company
– Monitor all inbound and outbound traffic to the DMZ’s
In which of the following places should the NIPS be placed in the network?
A. In front of the Internet firewall and in front of the DMZs
B. In front of the Internet firewall and in front of the internal firewall
C. In front of the Internet firewall and behind the internal firewall
D. Behind the Internet firewall and in front of the DMZs
A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company’s corporate network that impacted manufacturing lines, causing a week of downtime to recover from the attack.
Which of the following reduces this threat and minimizes potential impact on the manufacturing lines?
A. Disable remote access capabilities on manufacturing SCADA systems.
B. Require a NIPS for all communications to and from manufacturing SCADA systems.
C. Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.
D. Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance. These two systems are essential for keeping the building open for operations. Which of the following controls should the security administrator recommend to determine new threats against the new IP-based access control and video surveillance systems?
A. Develop a network traffic baseline for each of the physical security systems.
B. Air gap the physical security networks from the administrative and operational networks.
C. Require separate non-VLANed networks and NIPS for each physical security system network.
D. Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.
A company has recently implemented a video conference solution that uses the H.323 protocol.
The security engineer is asked to make recommendations on how to secure video conferences to
protect confidentiality. Which of the following should the security engineer recommend?
A. Implement H.235 extensions with DES to secure the audio and video transport.
B. Recommend moving to SIP and RTP as those protocols are inherently secure.
C. Recommend implementing G.711 for the audio channel and H.264 for the video.
D. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack?
The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it.
The Reception Area: The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets.
The Rehabilitation Area: The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only.
The Finance Area: There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.
A. The Rehabilitation Area
B. The Reception Area
C. The Boiler Room
D. The Finance Area
A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator’s group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).
A. Single Sign On
B. Active Directory