A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organizations configuration management process using?
Answer : A
A company is facing penalties for failing to effectively comply with e-discovery requests.
Which of the following could reduce the overall risk to the company from this issue?
Answer : D
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZs hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?
Answer : C
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organizations customer database. The database will be accessed by both the companys users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed.
Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
Answer : C,D
The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?
Answer : D
A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?
Answer : B
A large enterprise acquires another company which uses antivirus from a different vendor.
The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the
CISOs requirement?
Answer : A
Company ABCs SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new
SAN?
Answer : B
An external penetration tester compromised one of the client organizations authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organizations other systems, without impacting the integrity of any of the systems?
Answer : A
An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?
Answer : D
Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform?
Answer : A
A small companys Chief Executive Officer (CEO) has asked its Chief Security Officer
(CSO) to improve the companys security posture quickly with regard to targeted attacks.
Which of the following should the CSO conduct FIRST?
Answer : A
A security manager has received the following email from the Chief Financial Officer
(CFO):
While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?
Answer : D
Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?
Answer : C
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?
Answer : A