The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system.
Employee B. Works in the accounts payable office and is in charge of approving purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?
A. All employees should have the same access level to be able to check on each others.
B. The manager should only be able to review the data and approve purchase orders.
C. Employee A and Employee B should rotate jobs at a set interval and cross-train.
D. The manager should be able to both enter and approve information.
A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?
A. Require all development to follow secure coding practices.
B. Require client-side input filtering on all modifiable fields.
C. Escape character sequences at the application tier.
D. Deploy a WAF with application specific signatures.
An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments.
Which of the following is the MOST comprehensive method for evaluating the two platforms?
A. Benchmark each possible solution with the integrators existing client deployments.
B. Develop testing criteria and evaluate each environment in-house.
C. Run virtual test scenarios to validate the potential solutions.
D. Use results from each vendor’s test labs to determine adherence to project requirements.
An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?
A. Increase the virtual RAM allocation to high I/O servers.
B. Install a management NIC and dedicated virtual switch.
C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
D. Move the guest web server to another dedicated host.
An administrator receives a notification from legal that an investigation is being performed on members of the finance department. As a precaution, legal has advised a legal hold on all documents for an unspecified period of time. Which of the following policies will MOST likely be violated? (Select TWO).
A. Data Storage Policy
B. Data Retention Policy
C. Corporate Confidentiality Policy
D. Data Breach Mitigation Policy
Which of the following BEST explains SAML?
A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.
B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.
C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.
D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.
The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for replacing the existing banking platform for credit card processing with a newer offering. It is the security practitioner’s responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing?
A. A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.
B. Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organization’s strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the company’s internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.
C. There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered.
An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.
D. Cloud computing should rarely be considered an option for any processes that need to be
significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.
The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?
A. One of the companies may use an outdated VDI.
B. Corporate websites may be optimized for different web browsers.
C. Industry security standards and regulations may be in conflict.
D. Data loss prevention standards in one company may be less stringent.
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
A. During the product selection phase
B. When testing the appliance
C. When writing the RFP for the purchase process
D. During the network traffic analysis phase
A company has implemented data retention policies and storage quotas in response to their legal department’s requests and the SAN administrator’s recommendation. The retention policy states all email data older than 90 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of email storage. After being presented with an e-discovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council?
A. Delete files and email exceeding policy thresholds and turn over the remaining files and email.
B. Delete email over the policy threshold and hand over the remaining emails and all of the files.
C. Provide the 1Tb of files on the network and the 300Mb of email files regardless of age.
D. Provide the first 200Mb of e-mail and the first 500Mb of files as per policy.