Question 1
Question
A new piece of ransomware got installed on a company’s backup server which encrypted the hard
drives containing the OS and backup application configuration but did not affect the deduplication
data hard drives. During the incident response, the company finds that all backup tapes for this
server are also corrupt. Which of the following is the PRIMARY concern?
Answer
-
Determining how to install HIPS across all server platforms to prevent future incidents
-
Preventing the ransomware from re-infecting the server upon restore
-
Validating the integrity of the deduplicated data
-
Restoring the data will be difficult without the application configuration
Question 2
Question
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce
business costs by outsourcing to a third party company in another country. Functions to be
outsourced include: business analysts, testing, software development and back office functions
that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about
the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls
are not implemented?
Answer
-
Geographical regulation issues, loss of intellectual property and interoperability agreement issues
-
Improper handling of client data, interoperability agreement issues and regulatory issues
-
Cultural differences, increased cost of doing business and divestiture issues
-
Improper handling of customer data, loss of intellectual property and reputation damage
Question 3
Question
A security analyst has been asked to develop a quantitative risk analysis and risk assessment for
the company’s online shopping application. Based on heuristic information from the Security
Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5
times a year. The Business Operations department has determined the loss associated to each
attack is $40,000. After implementing application caching, the number of DoS attacks was reduced
to one time a year. The cost of the countermeasures was $100,000. Which of the following is the
monetary value earned during the first year of operation?
Answer
-
$60,000
-
$100,000
-
$140,000
-
$200,000
Question 4
Question
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The
documentation shows that a single 24 hours downtime in a critical business function will cost the
business $2.3 million. Additionally, the business unit which depends on the critical business
function has determined that there is a high probability that a threat will materialize based on
historical data. The CIO’s budget does not allow for full system hardware replacement in case of a
catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which
of the following should the CIO recommend to the finance director to minimize financial loss?
Answer
-
The company should mitigate the risk.
-
The company should transfer the risk.
-
The company should avoid the risk.
-
The company should accept the risk.
Question 5
Question
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource
Management (CRM) application. Which of the following ensures the organization mitigates the risk
of managing separate user credentials?
Answer
-
Ensure the SaaS provider supports dual factor authentication.
-
Ensure the SaaS provider supports encrypted password transmission and storage.
-
Ensure the SaaS provider supports secure hash file exchange.
-
Ensure the SaaS provider supports role-based access control.
-
Ensure the SaaS provider supports directory services federation.
Question 6
Question
After a security incident, an administrator would like to implement policies that would help reduce
fraud and the potential for collusion between employees. Which of the following would help meet
these goals by having co-workers occasionally audit another worker's position?
Answer
-
Least privilege
-
Job rotation
-
Mandatory vacation
-
Separation of duties
Question 7
Question
A large organization has recently suffered a massive credit card breach. During the months of
Incident Response, there were multiple attempts to assign blame for whose fault it was that the
incident occurred. In which part of the incident response phase would this be addressed in a
controlled and productive manner?
Answer
-
During the Identification Phase
-
During the Lessons Learned phase
-
During the Containment Phase
-
During the Preparation Phase
Question 8
Question
A security manager for a service provider has approved two vendors for connections to the service
provider backbone. One vendor will be providing authentication services for its payment card
service, and the other vendor will be providing maintenance to the service provider infrastructure
sites. Which of the following business agreements is MOST relevant to the vendors and service
provider’s relationship?
Question 9
Question
A large enterprise acquires another company which uses antivirus from a different vendor. The
CISO has requested that data feeds from the two different antivirus platforms be combined in a
way that allows management to assess and rate the overall effectiveness of antivirus across the
entire organization. Which of the following tools can BEST meet the CISO’s requirement?
Answer
-
GRC
-
IPS
-
CMDB
-
Syslog-ng
-
IDS
Question 10
Question
Which of the following provides the BEST risk calculation methodology?
Answer
-
Annual Loss Expectancy (ALE) x Value of Asset
-
Potential Loss x Event Probability x Control Failure Probability
-
Impact x Threat x Vulnerability
-
Risk Likelihood x Annual Loss Expectancy (ALE)
Question 11
Question
A security policy states that all applications on the network must have a password length of eight
characters. There are three legacy applications on the network that cannot meet this policy. One
system will be upgraded in six months, and two are not expected to be upgraded or removed from
the network. Which of the following processes should be followed?
Answer
-
Establish a risk matrix
-
Inherit the risk for six months
-
Provide a business justification to avoid the risk
-
Provide a business justification for a risk exception
Question 12
Question
The senior security administrator wants to redesign the company DMZ to minimize the risks
associated with both external and internal threats. The DMZ design must support security in depth,
change management and configuration processes, and support incident reconstruction. Which of
the following designs BEST supports the given requirements?
Answer
-
A dual firewall DMZ with remote logging where each firewall is managed by a separate
administrator.
-
A single firewall DMZ where each firewall interface is managed by a separate administrator and
logging to the cloud.
-
A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the
change control team.
-
A virtualized firewall, where each virtual instance is managed by a separate administrator and
logging to the same hardware.
Question 13
Question
The Chief Information Security Officer (CISO) at a company knows that many users store
business documents on public cloud-based storage, and realizes this is a risk to the company. In
response, the CISO implements a mandatory training course in which all employees are instructed
on the proper use of cloud-based storage. Which of the following risk strategies did the CISO
implement?
Answer
-
Avoid
-
Accept
-
Mitigate
-
Transfer
Question 14
Question
A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware file,
which of the following helps to determine when the system became infected?
Answer
-
The malware file’s modify, access, change time properties.
-
The timeline analysis of the file system.
-
The time stamp of the malware in the swap file.
-
The date/time stamp of the malware detection in the antivirus logs.
Question 15
Question
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the
Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO
argues that the company cannot protect its employees at home, so the risk at work is no different.
Which of the following BEST explains why this company should proceed with protecting its
corporate network boundary?
Answer
-
The corporate network is the only network that is audited by regulators and customers
-
The aggregation of employees on a corporate network makes it a more valuable target for
attackers.
-
Home networks are unknown to attackers and less likely to be targeted directly.
-
Employees are more likely to be using personal computers for general web browsing when they
are at home.
Question 16
Question
An assessor identifies automated methods for identifying security control compliance through
validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous
monitoring of authorized information systems?
Question 17
Question
A software project manager has been provided with a requirement from the customer to place
limits on the types of transactions a given user can initiate without external interaction from
another user with elevated privileges. This requirement is BEST described as an implementation
of:
Question 18
Question
The technology steering committee is struggling with increased requirements stemming from an
increase in telecommuting. The organization has not addressed telecommuting in the past. The
implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from
remote locations with corporate assets. Which of the following steps must the committee take
FIRST to outline senior management’s directives?
Answer
-
Develop an information classification scheme that will properly secure data on corporate systems.
-
Implement database views and constrained interfaces so remote users will be unable to access
PII from personal equipment.
-
Publish a policy that addresses the security requirements for working remotely with company
equipment.
-
Work with mid-level managers to identify and document the proper procedures for telecommuting
Question 19
Question
A company is facing penalties for failing to effectively comply with e-discovery requests. Which of
the following could reduce the overall risk to the company from this issue?
Answer
-
Establish a policy that only allows filesystem encryption and disallows the use of individual file
encryption.
-
Require each user to log passwords used for file encryption to a decentralized repository
-
Permit users to only encrypt individual files using their domain password and archive all old user
passwords.
-
Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.