NEW QUESTION 1
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the
shortest time period?

• A. Online password testing
• B. Rainbow tables attack
• C. Dictionary attack
• D. Brute force attack

Answer: B

NEW QUESTION 2
A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

• A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.
• B. A DLP gateway should be installed at the company border.
• C. Strong authentication should be implemented via external biometric devices.
• D. Full-tunnel VPN should be required for all network communication.
• E. Full-drive file hashing should be implemented with hashes stored on separate storage.
• F. Split-tunnel VPN should be enforced when transferring sensitive data.

Answer: BD

NEW QUESTION 3
A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

• A. To ensure the security of the network is documented prior to customer delivery
• B. To document the source of all functional requirements applicable to the network
• C. To facilitate the creation of performance testing metrics and test plans
• D. To allow certifiers to verify the network meets applicable security requirements

Answer: D

NEW QUESTION 4
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research.
The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy.
Which of the following is the BEST course of action for the security administrator to take?

• A. Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines.
• B. Delay the donation until all storage media on the computers can be sanitized.
• C. Reload the machines with an open source operating system and then donate the machines.
• D. Move forward with the donation, but remove all software license keys from the machines.

Answer: B

NEW QUESTION 5
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).

• A. Apply a hidden field that triggers a SIEM alert
• B. Cross site scripting attack
• C. Resource exhaustion attack
• D. Input a blacklist of all known BOT malware IPs into the firewall
• E. SQL injection
• F. Implement an inline WAF and integrate into SIEM
• G. Distributed denial of service
• H. Implement firewall rules to block the attacking IP addresses

Answer: CF

NEW QUESTION 6
A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two- factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

• A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
• B. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
• C. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.
• D. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.

Answer: A

NEW QUESTION 7
A security auditor is conducting an audit of a corporation where 95% of the users travel or work from non-corporate locations a majority of the time. While the employees are away from the corporate offices, they retain full access to the corporate network and use of corporate laptops. The auditor knows that the corporation processes PII and other sensitive data with applications requiring local caches of any data being manipulated. Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops?

• A. Trusted operating systems
• B. Full disk encryption
• C. Host-based firewalls
• D. Command shell restrictions

Answer: B

NEW QUESTION 8
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?

• A. Generate a one-time key as part of the device registration process.
• B. Require SSL between the mobile application and the web services gateway.
• C. The jsession cookie should be stored securely after authentication.
• D. Authentication assertion should be stored securely on the client.

Answer: D

NEW QUESTION 9
A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the
risk. Which of the following BEST addresses the security and risk team’s concerns?

• A. Information disclosure policy
• B. Awareness training
• C. Job rotation
• D. Separation of duties

Answer: B

NEW QUESTION 10
Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?

• A. Block in-bound connections to the company’s NTP servers.
• B. Block IPs making monlist requests.
• C. Disable the company’s NTP servers.
• D. Disable monlist on the company’s NTP servers.

Answer: D

NEW QUESTION 11
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

• A. Client side input validation
• B. Stored procedure
• C. Encrypting credit card details
• D. Regular expression matching

Answer: D

NEW QUESTION 12
A company has migrated its data and application hosting to a cloud service provider (CSP).
To meet its future needs, the company considers an IdP. Why might the company want to select an IdP that is separate from its CSP? (Select TWO).

• A. A circle of trust can be formed with all domains authorized to delegate trust to an IdP
• B. Identity verification can occur outside the circle of trust if specified or delegated
• C. Replication of data occurs between the CSP and IdP before a verification occurs
• D. Greater security can be provided if the circle of trust is formed within multiple CSP domains
• E. Faster connections can occur between the CSP and IdP without the use of SAML

Answer: AD

NEW QUESTION 13
A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

• A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted dat
• B. Attempt to exploit via the proof-of-concept cod
• C. Consider remediation options.
• D. Hire an independent security consulting agency to perform a penetration test of the web server
• E. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation.
• F. Review vulnerability write-ups posted on the Interne
• G. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
• H. Notify all customers about the threat to their hosted dat
• I. Bring the web servers down into “maintenance mode” until the vulnerability can be reliably mitigated through a vendor patch.

Answer: A

NEW QUESTION 14
An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix:
DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY
----------------------------------------------------------------------------------------------------------------
FinancialHIGHHIGHLOW
Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW
----------------------------------------------------------------------------------------------------------------- AGGREGATEMEDIUMMEDIUMMEDIUM
The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?

• A. HIGH, MEDIUM, LOW
• B. MEDIUM, MEDIUM, LOW
• C. HIGH, HIGH, HIGH
• D. MEDIUM, MEDIUM, MEDIUM

Answer: C

NEW QUESTION 15
An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the
following formal documents?

• A. Memorandum of Understanding
• B. Information System Security Agreement
• C. Interconnection Security Agreement
• D. Interoperability Agreement
• E. Operating Level Agreement

Answer: C

NEW QUESTION 16
An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

• A. Guest users could present a risk to the integrity of the company’s information
• B. Authenticated users could sponsor guest access that was previously approved by management
• C. Unauthenticated users could present a risk to the confidentiality of the company’s information
• D. Meeting owners could sponsor guest access if they have passed a background check

Answer: C

NEW QUESTION 17
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?

• A. Race condition
• B. Click-jacking
• C. Integer overflow
• D. Use after free
• E. SQL injection

Answer: C

NEW QUESTION 18
An organization determined that each of its remote sales representatives must use a smartphone for email access.
The organization provides the same centrally manageable model to each person.
Which of the following mechanisms BEST protects the confidentiality of the resident data?

• A. Require dual factor authentication when connecting to the organization’s email server.
• B. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.
• C. Require encrypted communications when connecting to the organization’s email server.
• D. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.

Answer: D

NEW QUESTION 19
An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have
contended that Agile development is not secure. Which of the following is the MOST accurate statement?

• A. Agile and Waterfall approaches have the same effective level of security postur
• B. They both need similar amounts of security effort at the same phases of development.
• C. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
• D. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.
• E. Agile development has different phases and timings compared to Waterfal
• F. Security activities need to be adapted and performed within relevant Agile phases.

Answer: D

NEW QUESTION 20
A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?

• A. Use fuzzing techniques to examine application inputs
• B. Run nmap to attach to application memory
• C. Use a packet analyzer to inspect the strings
• D. Initiate a core dump of the application
• E. Use an HTTP interceptor to capture the text strings

Answer: D