The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The project manager must also make sure that internal controls are set to mitigate the potential damage that one individual’s actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met? (Select TWO).

A. Separation of duties

B. Forensic tasks




F. Job rotation


Answer: A,E




The security administrator is worried about possible SPIT attacks against the VoIP system.

Which of the following security controls would MOST likely need to be implemented to detect this type of attack?

A. SIP and SRTP traffic analysis

B. QoS audit on Layer 3 devices

C. IP and MAC filtering logs

D. Email spam filter log


Answer: A




The helpdesk is receiving multiple calls about slow and intermittent Internet access from the

 finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:


Caller 1, IP, NETMASK

Caller 2, IP, NETMASK

Caller 3, IP, NETMASK

All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface’s MAC is 00-01-42-32-ab-1a


The security administrator brings a laptop to the finance office, connects it to one of the wall jacks, starts up a network analyzer, and notices the following:

09:05:10.937590 arp reply is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

09:05:15.934840 arp reply is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

09:05:19.931482 arp reply is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

Which of the following can the security administrator determine from the above information?

A. A man in the middle attack is underway – implementing static ARP entries is a possible solution.

B. An ARP flood attack targeted at the router is causing intermittent communication – implementing IPS is a possible solution.

C. The default gateway is being spoofed – implementing static routing with MD5 is a possible solution.

D. The router is being advertised on a separate network – router reconfiguration is a possible solution.


Answer: A




On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by end of day on Friday. Which of the following has the GREATEST impact on the ability to fulfill the e-discovery request?


A. Data retention policy

B. Backup software and hardware

C. Email encryption software

D. Data recovery procedures


Answer: A




A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites.

After an initial and successful pilot period, other departments want to use the social websites to post their updates as well.

The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites.

Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

A. Brute force attacks

B. Malware infection

C. DDOS attacks

D. Phishing attacks

E. SQL injection attacks

F. Social engineering attacks


Answer: B,D,F




A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company’s video conference. All parties must be issued a VPN account and must connect to the company’s VPN concentrator to participate in the remote meetings.

 Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?

A. IPSec transport mode is enabled

B. ICMP is disabled

C. Split tunneling is disabled

D. NAT-traversal is enabled


Answer: C




An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible.

Which of the following should the Warehouse Manager do to remediate the security issue?

A. Revise the hardware and software maintenance contract.

B. Degauss the printer hard drive to delete data.

C. Implement a new change control process.

D. Update the hardware decommissioning procedures.


Answer: D




Which of the following precautions should be taken to harden network devices in case of VMEscape?

A. Database servers should be on the same virtual server as web servers in the DMZ network segment.

B. Web servers should be on the same physical server as database servers in the network segment.

C. Virtual servers should only be on the same physical server as others in their network segment.

D. Physical servers should only be on the same WAN as other physical servers in their network.


Answer: C




Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data?






Answer: C




Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

A. Secure cookie storage

B. Standard libraries

C. State management

D. Input validation


Answer: B



Comments are closed.