Q361. An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?
A. Data encryption
B. Patching the system
C. Digital signatures
D. File hashing
Answer: A
Explanation:
Q362. The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning
Answer: B
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.
Q363. Which of the following is required to allow multiple servers to exist on one physical server?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Virtualization
D. Infrastructure as a Service (IaaS)
Answer: C
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q364. A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?
A. Recovery procedures
B. EMI shielding
C. Environmental monitoring
D. Redundancy
Answer: D
Explanation:
Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction (in this case a power outage). Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored.
Q365. Which of the following is a vulnerability associated with disabling pop-up blockers?
A. An alert message from the administrator may not be visible
B. A form submitted by the user may not open
C. The help window may not be displayed
D. Another browser instance may execute malicious code
Answer: D
Explanation: Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.
Q366. In order to use a two-way trust model the security administrator MUST implement which of the following?
A. DAC
B. PKI
C. HTTPS
D. TPM
Answer: B
Explanation:
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification
Authorities (CAs).
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates.
Q367. Which of the following types of encryption will help in protecting files on a PED?
A. Mobile device encryption
B. Transport layer encryption
C. Encrypted hidden container
D. Database encryption
Answer: A
Explanation:
Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Q368. A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
A. Encryption
B. Digital signatures
C. Steganography
D. Hashing
E. Perfect forward secrecy
Answer: B
Explanation:
Q369. Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:
A. Set up a honeypot and place false project documentation on an unsecure share.
B. Block access to the project documentation using a firewall.
C. Increase antivirus coverage of the project servers.
D. Apply security updates and harden the OS on all project servers.
Answer: A
Explanation:
In this scenario, we would use a honeypot as a ‘trap’ to catch unauthorized employees who are accessing critical project information. A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study
the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main
purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production - A production honeypot is one used within an organization's environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a
platform to study the threat.
Q370. The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?
A. The access rules on the IDS
B. The pop up blocker in the employee’s browser
C. The sensitivity level of the spam filter
D. The default block page on the URL filter
Answer: D
Explanation:
A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.