Q311. Which of the following encompasses application patch management? 

A. Configuration management 

B. Policy management 

C. Cross-site request forgery 

D. Fuzzing 

Answer:

Explanation: 

Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system. 


Q312. A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another? 

A. Implement a virtual firewall 

B. Install HIPS on each VM 

C. Virtual switches with VLANs 

D. Develop a patch management guide 

Answer:

Explanation: 

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. 


Q313. Which of the following is being tested when a company’s payroll server is powered off for eight hours? 

A. Succession plan 

B. Business impact document 

C. Continuity of operations plan 

D. Risk assessment plan 

Answer:

Explanation: 

Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies. 


Q314. Which of the following application attacks is used to gain access to SEH? 

A. Cookie stealing 

B. Buffer overflow 

C. Directory traversal 

D. XML injection 

Answer:

Explanation: 

Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q315. A program displays: 

ERROR: this program has caught an exception and will now terminate. 

Which of the following is MOST likely accomplished by the program’s behavior? 

A. Operating system’s integrity is maintained 

B. Program’s availability is maintained 

C. Operating system’s scalability is maintained 

D. User’s confidentiality is maintained 

Answer:

Explanation: 

The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs. 


Q316. Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user? 

A. Failure to capture 

B. Type II 

C. Mean time to register 

D. Template capacity 

Answer:

Explanation: 

Type II, or false acceptance rate (FAR), is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. 


Q317. Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. 

Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. 

Which of the following should Sara do to address the risk? 

A. Accept the risk saving $10,000. 

B. Ignore the risk saving $5,000. 

C. Mitigate the risk saving $10,000. 

D. Transfer the risk saving $5,000. 

Answer:

Explanation: 

Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. The cost of the security breach over a period of 5 years would amount to $30,000 and it is better to save $5,000. 


Q318. A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO). 

A. Password age 

B. Password hashing 

C. Password complexity 

D. Password history 

E. Password length 

Answer: A,D 

Explanation: 

D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords. 

A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days. 


Q319. A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements? 

A. NAT and DMZ 

B. VPN and IPSec 

C. Switches and a firewall 

D. 802.1x and VLANs 

Answer:

Explanation: 

802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC). 

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function. 


Q320. Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns? 

A. Hardware integrity 

B. Data confidentiality 

C. Availability of servers 

D. Integrity of data 

Answer:

Explanation: 

Data that is not kept separate or segregated will impact on that data’s confidentiality maybe being compromised. Be aware of the fact that your data is only as safe as the data with which it is integrated. For example, assume that your client database is hosted on a server that another company is also using to test an application that they are creating. If their application obtains root-level access at some point (such as to change passwords) and crashes at that point, then the user running the application could be left with root permissions and conceivably be to access data on the server for which they are not authorized, such as your client database. Data segregation is crucial; keep your data on secure servers.