Ensurepass

QUESTION 231

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the

MOST likely solution?


A. Application firewall and NIPS

B. Edge firewall and HIDS

C. ACLs and anti-virus

D. Host firewall and WAF

 

Answer: D

 

 

QUESTION 232

An administrator is reviewing logs and sees the following entry:

Message: Access denied with code 403 (phase 2). Pattern match “bunionb.{1,100}?bselectb” at ARGS:$id. [data “union all select”] [severity “CRITICAL”] [tag “WEB_ATTACK”] [tag “WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”]

Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?


A. Session hijacking

B. Cross-site script

C. SQL injection

D. Buffer overflow

 

Answer: C

 

 

QUESTION 233

A team is established to create a secure connection between software packages in order to list employee’s remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?


A. Network Administrator, Database Administrator, Programmers

B. Network Administrator, Emergency Response Team, Human Resources

C. Finance Officer, Human Resources, Security Administrator

D. Database Administrator, Facilities Manager, Physical Security Manager

 

Answer: C

 

 

QUESTION 234

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?


A. Interconnection Security Agreement

B. Memorandum of Understanding

C. Business Partnership Agreement

D. Non-Disclosure Agreement

 

Answer: C

 

 

QUESTION 235

A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.

Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.

Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?


A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.

B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti- virus / anti-malware across all hosts.

C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.

D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.

 

Answer: A

 

 

QUESTION 236

A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?


A. Employee identity badges and physical access controls to ensure only staff are allowed onsite.

B. A training program that is consistent, ongoing, and relevant.

C. Access controls to prevent end users from gaining access to confidential data.

D. Access controls for computer systems and networks with two-factor authentication.

 

Answer: B

 

 

QUESTION 237

If a technician must take an employee’s workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?


A. A formal letter from the company’s president approving the seizure of the workstation.

B. A formal training and awareness program on information security for all company managers.

C. A screen displayed at log in that informs users of the employer’s rights to seize, search, and monitor company devices.

D. A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.

 

Answer: C

 

 

QUESTION 238

An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and restore operations within a few hours to a few days. Which of the following provides the MOST comprehensive method for reducing the time to recover?


A. Create security metrics that provide information on response times and requirements to determine the best place to focus time and money.

B. Conduct a loss analysis to determine which systems to focus time and money towards increasing security.

C. Implement a knowledge management process accessible to the help desk and finance departments to estimate cost and prioritize remediation.

D. Develop an incident response team, require training for incident remediation, and provide incident reporting and tracking metrics.

 

Answer: D

 

 

QUESTION 239

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?


A. Loss of physical control of the servers

B. Distribution of the job to multiple data centers

C. Network transmission of cryptographic keys

D. Data scraped from the hardware platforms

 

Answer: D

 

 

QUESTION 240

A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).


A. The company must dedicate specific staff to act as social media representatives of the company.

B. All staff needs to be instructed in the proper use of social media in the work environment.

C. Senior staff blogs should be ghost written by marketing professionals.

D. The finance department must provide a cost benefit analysis for social media.

E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.

F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.

 

Answer: A,E

 

 

Comments are closed.