EnsurepassQUESTION 331 A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE). A. Security of data storage B. The cost of the solution C. System availability D. User authentication strategy E. PBX integration of the service                  Read more [...]
EnsurepassQUESTION 321 The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take? A. Work with the department head Read more [...]
EnsurepassQUESTION 311 A security administrator is tasked with securing a company's headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users' email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO's goals while providing maximum unified communications security? A. Create presence groups, restrict IM protocols Read more [...]
EnsurepassQUESTION 301 The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. Employee B. Works in the accounts payable office and is in charge of approving purchase orders. Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Read more [...]
EnsurepassQUESTION 291 Staff from the sales department have administrator rights to their corporate standard operating  environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network? A. Implement a network access control (NAC) solution that assesses the Read more [...]
EnsurepassQUESTION 281 A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company’s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches? Read more [...]
EnsurepassQUESTION 271 A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re- usable patterns into account. Which of the following would BEST help to achieve these objectives? Read more [...]
EnsurepassQUESTION 261 A WAF without customization will protect the infrastructure from which of the following attack combinations? A. DDoS, DNS poisoning, Boink, Teardrop B. Reflective XSS, HTTP exhaustion, Teardrop C. SQL Injection, DOM based XSS, HTTP exhaustion D. SQL Injection, CSRF, Clickjacking   Answer: C     QUESTION 262 Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.  Which of the Read more [...]
EnsurepassQUESTION 251 The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO’s requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third Read more [...]
EnsurepassQUESTION 241 An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management? A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks Read more [...]
EnsurepassQUESTION 231 A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution? A. Application firewall and NIPS B. Edge firewall and HIDS C. ACLs and anti-virus D. Host firewall and WAF   Answer: D     QUESTION 232 An administrator is reviewing Read more [...]