A company is in the process of implementing a new front end user interface for its
customers, the goal is to provide them with more self service functionality. The application
has been written by developers over the last six months and the project is currently in the
Which of the following security activities should be implemented as part of the SDL in order
to provide the MOST security coverage over the solution? (Select TWO).
Answer : D,E
A security engineer is responsible for monitoring company applications for known
vulnerabilities. Which of the following is a way to stay current on exploits and information
Answer : B
The helpdesk manager wants to find a solution that will enable the helpdesk staff to better
serve company employees who call with computer-related problems. The helpdesk staff is
currently unable to perform effective troubleshooting and relies on callers to describe their
technology problems. Given that the helpdesk staff is located within the company
headquarters and 90% of the callers are telecommuters, which of the following tools should
the helpdesk manager use to make the staff more effective at troubleshooting while at the
same time reducing company costs? (Select TWO).
Answer : C,E
An extensible commercial software system was upgraded to the next minor release version
to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the
system was detected. The software vendor is called in to troubleshoot the issue and
reports that all core components were updated properly. Which of the following has been
overlooked in securing the system? (Select TWO).
Answer : B,F
A university requires a significant increase in web and database server resources for one
week, twice a year, to handle student registration. The web servers remain idle for the rest
of the year. Which of the following is the MOST cost effective way for the university to
securely handle student registration?
Answer : D
An organization is selecting a SaaS provider to replace its legacy, in house Customer
Resource Management (CRM) application. Which of the following ensures the organization
mitigates the risk of managing separate user credentials?
Answer : E
A large organization has recently suffered a massive credit card breach. During the months
of Incident Response, there were multiple attempts to assign blame for whose fault it was
that the incident occurred. In which part of the incident response phase would this be
addressed in a controlled and productive manner?
Answer : B
During a recent audit of servers, a company discovered that a network administrator, who
required remote access, had deployed an unauthorized remote access application that
communicated over common ports already allowed through the firewall. A network scan
showed that this remote access application had already been installed on one third of the
servers in the company. Which of the following is the MOST appropriate action that the
company should take to provide a more appropriate solution?
Answer : C
After being notified of an issue with the online shopping cart, where customers are able to
arbitrarily change the price of listed items, a programmer analyzes the following piece of
code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is
created on the web server /tmp directory. The temporary file has a name which is
generated by concatenating the content of the $USERINPUT variable and a timestamp in
the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the
item being purchased. Which of the following is MOST likely being exploited to manipulate
the price of a shopping carts items?
Answer : C
A small retail company recently deployed a new point of sale (POS) system to all 67 stores.
The core of the POS is an extranet site, accessible only from retail stores and the corporate
office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional
connectivity back to the main office, which provides voice connectivity for store VoIP
phones. Each store offers guest wireless functionality, as well as employee wireless. Only
the staff wireless network has access to the POS VPN. Recently, stores are reporting poor
response times when accessing the POS application from store computers as well as
degraded voice quality when making phone calls. Upon investigation, it is determined that
three store PCs are hosting malware, which is generating excessive network traffic. After
malware removal, the information security department is asked to review the configuration
and suggest changes to prevent this from happening again. Which of the following denotes
the BEST way to mitigate future malware risk?
Answer : A
Company A needs to export sensitive data from its financial system to company Bs
database, using company Bs API in an automated manner. Company As policy prohibits
the use of any intermediary external systems to transfer or store its sensitive data,
therefore the transfer must occur directly between company As financial system and
company Bs destination server using the supplied API. Additionally, company As legacy
financial software does not support encryption, while company Bs API supports encryption.
Which of the following will provide end-to-end encryption for the data transfer while
adhering to these requirements?
Answer : A
The technology steering committee is struggling with increased requirements stemming
from an increase in telecommuting. The organization has not addressed telecommuting in
the past. The implementation of a new SSL-VPN and a VOIP phone solution enables
personnel to work from remote locations with corporate assets. Which of the following
steps must the committee take FIRST to outline senior managements directives?
Answer : C
A network administrator with a companys NSP has received a CERT alert for targeted
adversarial behavior at the company. In addition to the companys physical security, which
of the following can the network administrator use to detect the presence of a malicious
actor physically accessing the companys network or information systems from within?
Answer : D,F
A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware
file, which of the following helps to determine when the system became infected?
Answer : B
A security policy states that all applications on the network must have a password length of
eight characters. There are three legacy applications on the network that cannot meet this
policy. One system will be upgraded in six months, and two are not expected to be
upgraded or removed from the network. Which of the following processes should be
Answer : D
Have any questions or issues ? Please dont hesitate to contact us