An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?
A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.
B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.
C. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.
D. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.
A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the
D. Create an IP camera network and restrict access to cameras from a single management host.
In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).
A. Correctly assert the identity and authorization credentials of the end user.
B. Correctly assert the authentication and authorization credentials of the end user.
C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.
D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use.
E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use.
F. Correctly assert the identity and authentication credentials of the end user.
A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation’s Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department’s IT teams?
A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
C. Put both departments behind the firewall and incorporate restrictive controls on each department’s network.
D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.
A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?
A. Provide targeted security awareness training and impose termination for repeat violators.
B. Block desktop sharing and web conferencing applications and enable use only with approval.
C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.
D. Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.
After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST?
A. Generate a new public key on both servers.
B. Replace the SSL certificate on dev1.xyz.com.
C. Generate a new private key password for both servers.
D. Replace the SSL certificate on pay.xyz.com.
A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack?
A. Deploy the following ACL to the HIPS: DENY – TCP – ANY – ANY – 445.
B. Run a TCP 445 port scan across the organization and patch hosts with open ports.
C. Add the following ACL to the corporate firewall: DENY – TCP – ANY – ANY – 445.
D. Force a signature update and full system scan from the enterprise anti-virus solution.
A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company’s security standard?
A. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.
B. Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.
C. Conduct a risk analysis on all current controls, and recommend appropriate mechanisms to increase overall security.
D. Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.
A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are
three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?
The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security administrator for help. The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated?
A. Man in the middle attack; install an IPS in front of SIP proxy.
B. Man in the middle attack; use 802.1x to secure voice VLAN.
C. Denial of Service; switch to more secure H.323 protocol.
D. Denial of Service; use rate limiting to limit traffic.