Ensurepass

QUESTION 61

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company’s internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.

Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?


A. A corporate policy to prevent sensitive information from residing on a mobile device and anti- virus software.

B. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device.

C. Encryption of the non-volatile memory and a password or PIN to access the device.

D. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.

 

Answer: C

 

 

QUESTION 62

The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment.

Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?


A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing.

B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.

C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information.

D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.

 

Answer: B

 

 

QUESTION 63

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.

 Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required?


A. Mitigate and Transfer

B. Accept and Transfer

C. Transfer and Avoid

D. Avoid and Mitigate

 

Answer: A

 

 

QUESTION 64

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved.

 This data breach was not properly reported due to insufficient training surrounding which of the following processes?


A. E-Discovery

B. Data handling

C. Incident response

D. Data recovery and storage

 

Answer: C

 

 

QUESTION 65

An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur.

Which of the following business areas should primarily be involved in this discussion? (Select TWO).

                


A. Database Administrator

B. Human Resources

C. Finance

D. Network Administrator

E. IT Management

 

Answer: B,E

 

 

QUESTION 66

A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A’s network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?


A. XACML

B. OCSP

C. ACL

D. CRL

 

Answer: B

 

 

QUESTION 67

A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?


A. Backup policy

B. De-provisioning policy

C. Data retention policy

D. Provisioning policy

 

Answer: C

 

 

QUESTION 68

 A web administrator develops a web form for users to respond to the company via a web page.

Which of the following should be practiced to avoid a security risk?


A. SQL injection

B. XSS scripting

C. Click jacking

D. Input validation

 

Answer: D

 

 

QUESTION 69

A user reports that the workstation’s mouse pointer is moving and files are opening automatically. Which of the following should the user perform?


A. Unplug the network cable to avoid network activity.

B. Reboot the workstation to see if problem occurs again.

C. Turn off the computer to avoid any more issues.

D. Contact the incident response team for direction.

 

Answer: D

 

 

QUESTION 70

A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?


A. Confidentiality

B. Authentication

C. Integrity

D. Availability

 

Answer: D

                

 

 

Comments are closed.