A WAF without customization will protect the infrastructure from which of the following attack combinations?
A. DDoS, DNS poisoning, Boink, Teardrop
B. Reflective XSS, HTTP exhaustion, Teardrop
C. SQL Injection, DOM based XSS, HTTP exhaustion
D. SQL Injection, CSRF, Clickjacking
Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the service?
A. Internal auditors have approved the outsourcing arrangement.
B. Penetration testing can be performed on the externally facing web system.
C. Ensure there are security controls within the contract and the right to audit.
D. A physical site audit is performed on Company XYZ’s management / operation.
The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?
Linux Server: 192.168.10.10/24 Mac Laptop: 192.168.10.200/24
A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.
A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO’s laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO’s email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur?
A. Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the subpoena request.
B. Inform the litigators that the CIOs information has been deleted as per corporate policy.
C. Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the CIO resignation.
D. Restore the CIO’s email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.
A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network.
The current infrastructure design includes:
– Two-factor token and biometric based authentication for all users
– Attributable administrator accounts
– Logging of all transactions
– Full disk encryption of all HDDs
– Finely granular access controls to all resources
– Full virtualization of all servers
– The use of LUN masking to segregate SAN data
– Port security on all switches
The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points.
Which of the following cryptographic improvements should be made to the current architecture to achieve the stated goals?
A. PKI based authorization
B. Transport encryption
C. Data at rest encryption
D. Code signing
A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?
A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
B. The Java developers accounted for network latency only for the read portion of the processing and not the write process.
C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.
Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?
D. Federated IDs
A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un- disclosed zero day exploits. The code base used for the device is a combination of compiled C
and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?
A. Device fingerprinting
B. Switchport analyzer
C. Grey box testing
D. Penetration testing
“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”
Which of the following BEST restates the customer need?
A. The system shall use a pseudo-random number generator seeded the same every time.
B. The system shall generate a pseudo-random number upon invocation by the existing Java program.
C. The system shall generate a truly random number based upon user PKI certificates.
D. The system shall implement a pseudo-random number generator for use by corporate customers.
A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?
A. Ensure the process functions in a secure manner from customer input to audit review.
B. Security solutions result in zero additional processing latency.
C. Ensure the process of storing audit records is in compliance with applicable laws.
D. Web transactions are conducted in a secure network channel.