EnsurepassQUESTION 271 The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year's worth of email records on the server and is now concerned about the possible legal implications of not complying with the request. Which of the following should the security administrator check BEFORE responding to the request?   Read more [...]
EnsurepassQUESTION 291 Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?   A. Implement a network access control (NAC) solution that assesses Read more [...]
EnsurepassQUESTION 281 An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?   A. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need. B. Implement controls Read more [...]
EnsurepassQUESTION 301 A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure Read more [...]
EnsurepassQUESTION 251 A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for Read more [...]
EnsurepassQUESTION 241 CORRECT TEXT An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission     Correct Answer: You need to check the hash value of download software with md5 utility.   Explanation: Check the below images for more details:     QUESTION 242 After three vendors submit their requested documentation, Read more [...]
EnsurepassQUESTION 261 An administrator has a system hardening policy to only allow network access to certain services, to always use similar hardware, and to protect from unauthorized application configuration changes. Which of the following technologies would help meet this policy requirement? (Select TWO).   A. Spam filter B. Solid state drives C. Management interface D. Virtualization E. Host firewall   Correct Answer: DE     QUESTION 262 An intrusion detection Read more [...]
EnsurepassQUESTION 221 In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change. Which of the following BEST addresses risks associated with disclosure of intellectual property?   A. Require the managed service provider to implement additional data separation. Read more [...]
EnsurepassQUESTION 231 When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. Which of the following would impact the security of conference's resources?   A. Wireless network security may need to be increased to decrease access of mobile devices. B. Physical security may need to be increased to deter or prevent theft of mobile devices. C. Network Read more [...]
Ensurepass  QUESTION 211 A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted Read more [...]
EnsurepassQUESTION 191 A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into Read more [...]