A security administrator is tasked with securing a company’s headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users’ email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO’s goals while providing maximum unified communications security?
A. Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.
B. Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP
C. Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.
D. Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.
Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
D. Create an IP camera network and restrict access to cameras from a single management host.
A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:
– Extendable for new products to be developed and added
– Externally facing for customers and business partners to login
– Usable and manageable
– Be able to integrate seamlessly with third parties for non core functions such as document printing
– Secure to protect customer’s personal information and credit card information during transport and at rest
The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).
A. Implement WS-Security for services authentication and XACML for service authorization.
B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
D. Implement WS-Security as a federated single sign-on solution for authentication authorization
E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data
F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.
A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:
– Be across all major platforms, applications and infrastructure.
– Be able to track user and administrator activity.
– Does not significantly degrade the performance of production platforms, applications, and infrastructures.
– Real time incident reporting.
– Manageable and has meaningful information.
– Business units are able to generate reports in a timely manner of the unit’s system assets.
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
F. Ensure appropriate auditing is enabled to capture the required information.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?
A. Risk reduction, risk sharing, risk retention, and risk acceptance.
B. Avoid, transfer, mitigate, and accept.
C. Risk likelihood, asset value, and threat level.
D. Calculate risk by determining technical likelihood and potential business impact.
Company XYZ has had repeated vulnerability exploits of a critical nature released to the company’s flagship product. The product is used by a number of large customers. At the Chief Information Security Officer’s (CISO’s) request, the product manager now has to budget for a team of security consultants to introduce major product security improvements.
Here is a list of improvements in order of priority:
1. A noticeable improvement in security posture immediately.
2. Fundamental changes to resolve systemic issues as an ongoing process
3. Improvements should be strategic as opposed to tactical
4. Customer impact should be minimized
Which of the following recommendations is BEST for the CISO to put forward to the product manager?
A. Patch the known issues and provide the patch to customers. Make a company announcement to customers on the main website to reduce the perceived exposure of the application to alleviate customer concerns. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that any defects have been resolved.
B. Patch the known issues and provide the patch to customers. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that the defects have been resolved. Introduce periodic code review and penetration testing of the product in question and consider including all relevant future projects going forward.
C. Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects.
D. Stop active support of the product. Bring forward end-of-life dates for the product so that it can be decommissioned. Start a new project to develop a replacement product and ensure that an SSDLC / SDL overlay on top of the SDLC is formed. Train BAs, architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases.
A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administrator wants to place the servers in the most logical network security zones and implement the appropriate security controls. Which of the following scenarios BEST accomplishes this goal?
A. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.
B. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.
C. Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and
443. Configure the Internet zone with an ACL of allow 443 destination ANY.
D. Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one.
Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443.
Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and
1443 destination ANY.
The lead systems architect on a software development project developed a design which is optimized for a distributed computing environment. The security architect assigned to the project has concerns about the integrity of the system, if it is deployed in a commercial cloud. Due to poor communication within the team, the security risks of the proposed design are not being given any attention. A network engineer on the project has a security background and is concerned about the overall success of the project. Which of the following is the BEST course of action for the network engineer to take?
A. Address the security concerns through the network design and security controls.
B. Implement mitigations to the security risks and address the poor communications on the team with the project manager.
C. Document mitigations to the security concerns and facilitate a meeting between the architects and the project manager.
D. Develop a proposal for an alternative architecture that does not leverage cloud computing and present it to the lead architect.
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research.
The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy.
Which of the following is the BEST course of action for the security administrator to take?
A. Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and
then donate the machines.
B. Delay the donation until all storage media on the computers can be sanitized.
C. Reload the machines with an open source operating system and then donate the machines.
D. Move forward with the donation, but remove all software license keys from the machines.
Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct?
A. Only security related alerts should be forwarded to the network team for resolution.
B. All logs must be centrally managed and access to the logs restricted only to data storage staff.
C. Logging must be set appropriately and alerts delivered to security staff in a timely manner.
D. Critical logs must be monitored hourly and adequate staff must be assigned to the network team.