Caroline has been asked to find a standard to guide her company’s choices in implementing information security management systems. She is looking for a standard that is international. Which of the following would be the best choice for her?

1. ISO 27002
2. ISO 27017
3. NIST 800-12
4. NIST 800-14

You are responsible for network security at an e-commerce company. You want to ensure that you are using best practices for the e-commerce website your company hosts. What standard would be the best for you to review?

1. OWASP
2. NERC
3. NIST
4. ISA/IEC

Cheryl is responsible for cybersecurity at a mid-sized insurance company. She has decided to utilize a different vendor for network antimalware than she uses for host antimalware. Is this a recommended action, and why or why not?

1. This is not recommended; you should use a single vendor for a particular security control.
2. This is recommended; this is described as vendor diversity.
3. This is not recommended; this is described as vendor forking.
4. It is neutral. This does not improve or detract from security.

Maria is a security administrator for a large bank. She is concerned about malware, particularly spyware that could compromise customer data. Which of the following would be the best approach for her to mitigate the threat of spyware?

1. Computer usage policies, network antimalware, and host antimalware
2. Host antimalware and network antimalware
3. Host and network antimalware, computer usage policies, and website whitelisting
4. Host and network antimalware, computer usage policies, and employee training

Gabriel is setting up a new e-commerce server. He is concerned about security issues. Which of the following would be the best location to place an e-commerce server?

1. DMZ
2. Intranet
3. Guest network
4. Extranet

Enrique is concerned about backup data being infected by malware. The company backs up key servers to digital storage on a backup server. Which of the following would be most effective in preventing the backup data being infected by malware?

1. Place the backup server on a separate VLAN.
2. Air-gap the backup server.
3. Place the backup server on a different network segment.
4. Use a honeynet.

Janelle is the security administrator for a small company. She is trying to improve security throughout the network. Which of the following steps should she take first?

1. Implement antimalware on all computers.
2. Implement acceptable use policies.
3. Turn off unneeded services on all computers.
4. Turn on host-based firewalls on all computers.

Mary is the CISO for a mid-sized company. She is attempting to mitigate the danger of computer viruses. Which administrative control can she implement to help achieve this goal?

1. Implement host-based antimalware.
2. Implement policies regarding email attachments and file downloads.
3. Implement network-based antimalware.
4. Block portable storage devices from being connected to computers.

You are the network administrator for a large company. Your company frequently has nonemployees in the company such as clients and vendors. You have been directed to provide these nonemployees with access to the Internet. Which of the following is the best way to implement this?

1. Establish a guest network.
2. Allow nonemployees to connect only to the DMZ.
3. Allow nonemployees to connect only to the intranet.
4. Establish limited accounts on your network for nonemployees to use.

Juan is a network administrator for an insurance company. His company has a number of traveling salespeople. He is concerned about confidential data on their laptops. What is the best way for him to address this?

1. FDE
2. TPM
3. SDN
4. DMZ

Terrance is responsible for secure communications on his company’s network. The company has a number of traveling salespeople who need to connect to network resources. What technology would be most helpful in addressing this need?

1. VPN concentrator
2. SSL accelerator
3. DMZ
4. Guest network

Mohaned is concerned about malware infecting machines on his network. One of his concerns is that malware would be able to access sensitive system functionality that requires administrative access. What technique would best address this issue?

1. Implementing host-based antimalware
2. Using a nonadministrative account for normal activities
3. Implementing FDE
4. Making certain the operating systems are patched

John works for an insurance company. His company uses a number of operating systems, including Windows and Linux. In this mixed environment, what determines the network operating system?

1. The OS of the DNS server
2. The OS of the domain controller
3. The OS of the majority of servers
4. The OS of the majority of client computers

Juanita is implementing virtualized systems in her network. She is using Type I hypervisors. What operating system should be on the machines for her to install the hypervisor?

1. None
2. Windows
3. Any operating system
4. Windows or Linux

You are responsible for security at your company. You want to improve cloud security by following the guidelines of an established international standard. What standard would be most helpful?

1. NIST 800-14
2. NIST 800-53
3. ISO 27017
4. ISO 27002

You are responsible for setting up a kiosk computer that will be in your company’s lobby. It will be accessible for visitors to locate employee offices, obtain the guest WiFi password, and retrieve general public company information. What is the most important thing to consider when configuring this system?

1. Using a strong administrator password
2. Limiting functionality to only what is needed
3. Using good antivirus protection
4. Implementing a host-based firewall

You are concerned about peripheral devices being exploited by an attacker. Which of the following is the first step you should take to mitigate this threat?

1. Disable WiFi for any peripheral that does not absolutely need it.
2. Enable BIOS protection for peripheral devices.
3. Use strong encryption on all peripheral devices.
4. Configure antivirus on all peripherals.

Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

1. DMZ
2. VLAN
3. Router
4. Guest network

Which of the following is the equivalent of a VLAN from a physical security perspective?

1. Perimeter security
2. Partitioning
3. Security zones
4. Firewall

In an attempt to observe hacker techniques, a security administrator configures a nonproduction network to be used as a target so that he can covertly monitor network attacks. What is this type of network called?

1. Active detection
2. False subnet
3. IDS
4. Honeynet

You have instructed all administrators to disable all nonessential ports on servers at their sites. Why are nonessential protocols a security issue that you should be concerned about?

1. Nonessential ports provide additional areas of attack.
2. Nonessential ports can’t be secured.
3. Nonessential ports are less secure.
4. Nonessential ports require more administrative effort to secure.

Which type of firewall examines the content and context of each packet it encounters?

1. Packet filtering firewall
2. Stateful packet filtering firewall
3. Application layer firewall
4. Gateway firewall

Which of the following would prevent a user from installing a program on a company-owned mobile device?

1. Whitelisting
2. Blacklisting
3. ACL
4. HIDS

You’re designing a new network infrastructure so that your company can allow unauthenticated users connecting from the Internet to access certain areas. Your goal is to protect the internal network while providing access to those areas. You decide to put the web server on a separate subnet open to public contact. What is this subnet called?

1. Guest network
2. DMZ
3. Intranet
4. VLAN

Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?

1. Prevents unauthorized packets from entering the network
2. Allows all packets to leave the network
3. Allows all packets to enter the network
4. Eliminates collisions in the network

You’re outlining your plans for implementing a wireless network to upper management. Which protocol was designed to provide security for a wireless network and is considered equivalent to the security of a wired network?

1. WAP
2. WPA
3. WPA2
4. WEP

An IV attack is usually associated with which of the following wireless protocols?

1. WEP
2. WAP
3. WPA
4. WPA2

Suzan is responsible for application development in her company. She wants to have all web applications tested prior to being deployed live. She wants to use a test system that is identical to the live server. What is this called?

1. Production server
2. Development server
3. Test server
4. Predeployment server

John is responsible for security in his company. He is implementing a kernel integrity subsystem for key servers. What is the primary benefit of this action?

1. To detect malware
2. To detect whether files have been altered
3. To detect rogue programs being installed
4. To detect changes to user accounts

You are responsible for BIOS security in your company. Which of the following is the most fundamental BIOS integrity technique?

1. Verifying the BIOS version
2. Using a TPM
3. Managing BIOS passwords
4. Backing up the BIOS

You have been asked to implement security for SCADA systems in your company. Which of the following standards will be most helpful to you?

1. NIST 800-82
2. PCI-DSS
3. NIST 800-30
4. ISO 27002

Joanne works for a large insurance company. Some employees have wearable technology, such as smart watches. What is the most significant security concern from such devices?

1. These devices can distract employees.
2. These devices can be used to carry data in and out of the company.
3. These devices may not have encrypted drives.
4. These devices may not have strong passwords.

John is installing an HVAC system in his datacenter. What will this HVAC have the most impact on?

1. Confidentiality
2. Availability
3. Fire suppression
4. Monitoring access to the datacenter

Maria is a security engineer with a manufacturing company. During a recent investigation, she discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. What should Maria do to mitigate this threat?

1. Install host-based antivirus software on the engineer’s system.
2. Implement account usage auditing on the SCADA system.
3. Implement an NIPS on the SCADA system.
4. Use FDE on the engineer’s system.

Lucy works as a network administrator for a large company. She needs to administer several servers. Her objective is to make it easy to administer and secure these servers, as well as making the installation of new servers more streamlined. Which of the following best addresses these issues?

1. Setting up a cluster
2. Virtualizing the servers
3. Putting the servers on a VLAN
4. Putting the servers on a separate subnet

Gerard is responsible for secure communications with his company’s e-commerce server. All communications with the server use TLS. What is the most secure option for Gerard to store the private key on the e-commerce server?

1. HSM
2. FDE
3. SED
4. SDN

You are the security officer for a large company. You have discovered malware on one of the workstations. You are concerned that the malware might have multiple functions and might have caused more security issues with the computer than you can currently detect. What is the best way to test this malware?

1. Leave the malware on that workstation until it is tested.
2. Place the malware in a sandbox environment for testing.
3. It is not important to test it; just remove it from the machine.
4. Place the malware on a honeypot for testing.

Web developers in your company currently have direct access to the production server and can deploy code directly to it. This can lead to unsecure code, or simply code flaws being deployed to the live system. What would be the best change you could make to mitigate this risk?

1. Implement sandboxing.
2. Implement virtualized servers.
3. Implement a staging server.
4. Implement deployment policies.

Denish is concerned about the security of embedded devices in his company. He is most concerned about the operating system security for such devices. Which of the following would be the best option for mitigating this threat?

1. RTOS
2. SCADA
3. FDE
4. TPM

Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?

1. 802.11a
2. 802.11b
3. 802.11i
4. 802.11n

Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?

1. WPA
2. CCMP
3. WEP
4. WPA2

Juan is responsible for wireless security in his company. He has decided to disable the SSID broadcast on the single AP the company uses. What will the effect be on client machines?

1. They will no longer be able to use wireless networking.
2. They will no longer see the SSID as a preferred network when they are connected.
3. They will no longer see the SSID as an available network.
4. They will be required to make the SSID part of their HomeGroup.

Which cloud service model provides the consumer with the infrastructure to create applications and host them?

1. SaaS
2. PaaS
3. IaaS
4. CaaS

Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet?

1. SaaS
2. PaaS
3. IaaS
4. CaaS

Which feature of cloud computing involves dynamically provisioning (or deprovisioning) resources as needed?

1. Multitenancy
2. Elasticity
3. CMDB
4. Sandboxing

Which type of hypervisor implementation is known as “bare metal”?

1. Type I
2. Type II
3. Type III
4. Type IV

Mohaned is a security analyst and has just removed malware from a virtual server. What feature of virtualization would he use to return the virtual server to a last known good state?

1. Sandboxing
2. Hypervisor
3. Snapshot
4. Elasticity

Lisa is concerned about fault tolerance for her database server. She wants to ensure that if any single drive fails, it can be recovered. What RAID level would support this goal while using distributed parity bits?

1. RAID 0
2. RAID 1
3. RAID 3
4. RAID 5

Jarod is concerned about EMI affecting a key escrow server. Which method would be most effective in mitigating this risk?

1. VLAN
2. SDN
3. Trusted platform module
4. Faraday cage

John is responsible for physical security at his company. He is particularly concerned about an attacker driving a vehicle into the building. Which of the following would provide the best protection against this threat?

1. A gate
2. Bollards
3. A security guard on duty
4. Security cameras

Mark is responsible for cybersecurity at a small college. There are many computer labs that are open for students to use. These labs are monitored only by a student worker, who may or may not be very attentive. Mark is concerned about the theft of computers. Which of the following would be the best way for him to mitigate this threat?

1. Cable locks
2. FDE on the lab computers
3. Strong passwords on the lab computers
4. Having a lab sign-in sheet

Joanne is responsible for security at a power plant. The facility is very sensitive and security is extremely important. She wants to incorporate two-factor authentication with physical security. What would be the best way to accomplish this?

1. Smart cards
2. A mantrap with a smart card at one door and a pin keypad at the other door
3. A mantrap with video surveillance
4. A fence with a smart card gate access

Which of the following terms refers to the process of establishing a standard for security?

1. Baselining
2. Security evaluation
3. Hardening
4. Normalization

You are trying to increase security at your company. You’re currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a trusted OS?

1. FDE
2. Hardening
3. SED
4. Baselining

Which level of RAID is a “stripe of mirrors”?

1. RAID 1+0
2. RAID 6
3. RAID 0
4. RAID 1

Isabella is responsible for database management and security. She is attempting to remove redundancy in the database. What is this process called?

1. Integrity checking
2. Deprovisioning
3. Baselining
4. Normalization

A list of applications approved for use on your network would be known as which of the following?

1. Blacklist
2. Red list
3. Whitelist
4. Orange list

Hans is a security administrator for a large company. Users on his network visit a wide range of websites. He is concerned they might get malware from one of these many websites. Which of the following would be his best approach to mitigate this threat?

1. Implement host-based antivirus.
2. Blacklist known infected sites.
3. Set browsers to allow only signed components.
4. Set browsers to block all active content (ActiveX, JavaScript, etc.).

Elizabeth has implemented agile development for her company. What is the primary difference between agile development and the waterfall method?

1. Agile has fewer phases.
2. Waterfall has fewer phases.
3. Agile is more secure.
4. Agile repeats phases.

John is using the waterfall method for application development. At which phase should he implement security measures?

1. Requirements
2. Design
3. Implementation
4. All

You are responsible for database security at your company. You are concerned that programmers might pass badly written SQL commands to the database, or that an attacker might exploit badly written SQL in applications. What is the best way to mitigate this threat?

1. Programmer training
2. Programming policies
3. Agile programming
4. Stored procedures

Mary is concerned about application security for her company’s application development. Which of the following is the most important step for addressing application security?

1. Proper error handling
2. Regular data backups
3. Encrypted data transmission
4. Strong authentication

Farès is responsible for managing the many virtual machines on his company’s networks. Over the past two years, the company has increased the number of virtual machines significantly. Farès is no longer able to effectively manage the large number of machines. What is the term for this situation?

1. VM overload
2. VM sprawl
3. VM spread
4. VM zombies

Mary is responsible for virtualization management in her company. She is concerned about VM escape. Which of the following methods would be the most effective in mitigating this risk?

1. Only share resources between the VM and host if absolutely necessary.
2. Keep the VM patched.
3. Use a firewall on the VM.
4. Use host-based antimalware on the VM.

You work at a large company. You are concerned about ensuring that all workstations have a common configuration, no rogue software is installed, and all patches are kept up to date. Which of the following would be the most effective for accomplishing this?

1. Use VDE.
2. Implement strong policies.
3. Use an image for all workstations.
4. Implement strong patch management.

Juan is responsible for the physical security of the company server room. He has been asked to recommend a type of fire suppression system for the server room. Which of the following would be the best choice?

1. Wet pipe
2. Deluge
3. Pre-action
4. Halon

You are responsible for server room security for your company. You are concerned about physical theft of the computers. Which of the following would be best able to detect theft or attempted theft?

1. Motion sensor–activated cameras
2. Smart card access to the server rooms
3. Strong deadbolt locks for the server rooms
4. Logging everyone who enters the server room

Teresa has deployed session tokens on her network. These would be most effective against which of the following attacks?

1. DDoS
2. Replay
3. SYN flood
4. Malware

Hector is using infrared cameras to verify that servers in his datacenter are being properly racked. Which of the following datacenter elements is he concerned about?

1. EMI blocking
2. Humidity control
3. Hot and cold aisles
4. HVAC

Gerald is concerned about unauthorized people entering the company’s building. Which of the following would be most effective in preventing this?

1. Alarm systems
2. Fencing
3. Cameras
4. Security guards

Which of the following is the most important benefit from implementing SDN?

1. It will stop malware.
2. It provides scalability.
3. It will detect intrusions.
4. It will prevent session hijacking.

Mark is an administrator for a health care company. He has to support an older, legacy application. He is concerned that this legacy application might have vulnerabilities that would affect the rest of the network. What is the most efficient way to mitigate this?

1. Use an application container.
2. Implement SDN.
3. Run the application on a separate VLAN.
4. Insist on an updated version of the application.

Lars is auditing the physical security of a company. The company uses chain-link fences on its perimeter. The fence is over pavement, not soft ground. How close to the ground should the bottom of the fence be?

1. Touching the ground
2. Within 4 inches
3. There is no standard for this.
4. Within 2 inches

Mia has to deploy and support a legacy application. The configuration for this application and the OS it runs on are very specific and cannot be changed. What is the best approach for her to deploy this?

1. Use an immutable server.
2. Use a VM.
3. Set permissions on the application so it cannot be changed.
4. Place the application on a separate VLAN.

To mitigate the impact of a software vendor going out of business, a company that uses vendor software should require which one of the following?

1. A detailed credit investigation prior to acquisition
2. A third-party source-code escrow
3. Substantial penalties for breach of contract
4. Standby contracts with other vendors

Abigail is responsible for datacenters in a large, multinational company. She has to support multiple datacenters in diverse geographic regions. What would be the most effective way for her to manage these centers consistently across the enterprise?

1. Hire datacenter managers for each center.
2. Implement enterprise-wide SDN.
3. Implement Infrastructure as Code (IaC).
4. Automate provisioning and deprovisioning.

Olivia is responsible for web application security for her company’s e-commerce server. She is particularly concerned about XSS and SQL injection. Which technique would be most effective in mitigating these attacks?

1. Proper error handling
2. The use of stored procedures
3. Proper input validation
4. Code signing

Sophia wants to test her company’s web application to see if it is handling input validation and data validation properly. Which testing method would be most effective for this?

1. Static code analysis
2. Fuzzing
3. Baselining
4. Version control

Omar is using the waterfall method for software development in his company. Which of the following is the proper sequence for the waterfall method?

1. Requirements, design, implementation, testing, deployment, maintenance
2. Planning, designing, coding, testing, deployment
3. Requirements, planning, designing, coding, testing, deployment
4. Design, coding, testing, deployment, maintenance

Lilly is responsible for security on web applications for her company. She is checking to see that all applications have robust input validation. What is the best way to implement validation?

1. Server-side validation
2. Client-side validation
3. Validate in transit
4. Client-side and server-side validation

Edward is responsible for web application security at a large insurance company. One of the applications that he is particularly concerned about is used by insurance adjusters in the field. He wants to have strong authentication methods to mitigate misuse of the application. What would be his best choice?

1. Authenticate the client with a digital certificate.
2. Implement a very strong password policy.
3. Secure application communication with TLS.
4. Implement a web application firewall (WAF).

Sarah is the CIO for a small company. The company uses several custom applications that have complicated interactions with the host operating system. She is concerned about ensuring that systems on her network are all properly patched. What is the best approach in her environment?

1. Implement automatic patching.
2. Implement a policy that has individual users patch their systems.
3. Delegate patch management to managers of departments so they can find the best patch management for their departments.
4. Immediately deploy patches to a test environment, then as soon as testing is complete have a staged rollout to the network.

John is examining the logs for his company’s web applications. He discovers what he believes is a breach. After further investigation, it appears as if the attacker executed code from one of the libraries the application uses, code that is no longer even used by the application. What best describes this attack?

1. Buffer overflow
2. Code reuse attack
3. DoS attack
4. Session hijacking

Emiliano is a network administrator and is concerned about the security of peripheral devices. Which of the following would be a basic step he could take to improve security for those devices?

1. Implement FDE.
2. Turn off remote access (SSH, telnet, etc.) if not needed.
3. Utilize fuzzy testing for all peripherals.
4. Implement digital certificates for all peripherals.

Ixxia is a software development team manager. She is concerned about memory leaks in code. What type of testing is most likely to find memory leaks?

1. Fuzzing
2. Stress testing
3. Static code analysis
4. Normalization

Victor is a network administrator for a medium-sized company. He wants to be able to access servers remotely so that he can perform small administrative tasks from remote locations. Which of the following would be the best protocol for him to use?

1. SSH
2. Telnet
3. RSH
4. SNMP

Mark is responsible for a server that runs sensitive software for a major research facility. He is very concerned that only authorized software execute on this server. He is also concerned about malware masquerading as legitimate, authorized software. What technique would best address this concern?

1. Secure boot
2. Software attestation
3. Sandboxing
4. TPM

Hannah is a programmer with a large software company. She is interested in ensuring that the module she just created will work well with a module created by another program. What type of testing is this?

1. Unit testing
2. Regression testing
3. Stress testing
4. Integration testing

Erik is responsible for the security of a SCADA system. Availability is a critical issue. Which of the following is most important to implement?

1. SIEM
2. IPS
3. Automated patch control
4. Honeypot

You are concerned about the security of new devices your company has implemented. Some of these devices use SoC technology. What would be the best security measure you could take for these?

1. Using a TPM
2. Ensuring each has its own cryptographic key
3. Using SED
4. Using BIOS protection

Vincent works for a company that manufactures portable medical devices, such as insulin pumps. He is concerned about ensuring these devices are secure. Which of the following is the most important step for him to take?

1. Ensure all communications with the device are encrypted.
2. Ensure the devices have FDE.
3. Ensure the devices have individual antimalware.
4. Ensure the devices have been fuzz tested.

Emile is concerned about securing the computer systems in vehicles. Which of the following vehicle types has significant cybersecurity vulnerabilities?

1. UAV
2. Automobiles
3. Airplanes
4. All of the above

Ariel is responsible for software development in her company. She is concerned that the software development team integrate well with the network system. She wants to ensure that software development processes are aligned with the security needs of the entire network. Which of the following would be most important for her to implement?

1. Integration testing
2. Secure DevOps
3. Clear policies
4. Employee training

Greg is a programmer with a small company. He is responsible for the web application. He has become aware that one of the modules his web application uses may have a security flaw allowing an attacker to circumvent authentication. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat?

1. Submit an RFC.
2. Immediately apply the update.
3. Place the update on a test server, then if it works apply it to the production server.
4. Document the issue.

You are using a sophisticated system that models various attacks on your networks. You intend for this system to help your team realize weak areas and improve response to incidents. What is the most important step to take before relying on data from this system?

1. Get approval from a CAB.
2. Thoroughly review the systems documentation.
3. Verify the models being used.
4. Perform integration testing on the system.

Your company has an accounting application that was developed in-house. It has been in place for 36 months, and functioning very well, with very few issues. You have just made a minor change to the tax calculation based on a change in tax law. What should be your next step?

1. Deploy the change.
2. Get CAB approval for the change.
3. Perform stress testing.
4. Perform regression testing.

Tom works as a software development manager for a large company. He is trying to explain to management the difference between compiled code and runtime code. What is the biggest advantage of compiled code?

1. Better performance
2. Platform independence
3. More secure
4. Faster development time

Your company is interested in keeping data in the cloud. Management feels that public clouds are not secure but is concerned about the cost of a private cloud. What is the solution you would recommend?

1. Tell them there are no risks with public clouds.
2. Tell them they will have to find a way to budget for a private cloud.
3. Suggest that they consider a community cloud.
4. Recommend against a cloud solution at this time.

Your development team primarily uses Windows, but they need to develop a specific solution that will run on Linux. What is the best solution to getting your programmers access to Linux systems for development and testing?

1. Set their machines to dual-boot Windows and Linux.
2. PaaS
3. Set up a few Linux machines for them to work with as needed.
4. IaaS

Daniel works for a mid-sized financial institution. The company has recently moved some of its data to a cloud solution. Daniel is concerned that the cloud provider may not support the same security policies as the company’s internal network. What is the best way to mitigate this concern?

1. Implement a cloud access security broker.
2. Perform integration testing.
3. Establish cloud security policies.
4. Implement Security as a Service.

Hanz is responsible for the e-commerce servers at his company. He is concerned about how they will respond to a DoS attack. Which software testing methodology would be most helpful in determining this?

1. Regression testing
2. Stress testing
3. Integration testing
4. Fuzz testing

You are the CIO for a small company. The company wants to use cloud storage for some of its data, but cost is a major concern. Which of the following cloud deployment models would be best?

1. Community cloud
2. Private cloud
3. Public cloud
4. Hybrid cloud

Alisha is monitoring security for a mid-sized financial institution. Under her predecessor there were multiple high-profile breaches. Management is very concerned about detecting any security issues or breach of policy as soon as possible. Which of the following would be the best solution for this?

1. Monthly audits
2. NIPS
3. NIDS
4. Continuous monitoring

Helga works for a bank and is responsible for secure communications with the online banking application. The application uses TLS to secure all customer communications. She has noticed that since migrating to larger encryption keys, the server’s performance has declined. What would be the best way to address this issue?

1. Implement a VPN concentrator.
2. Implement an SSL accelerator.
3. Return to smaller encryption keys.
4. Upgrade all servers.

What is the primary advantage of allowing only signed code to be installed on computers?

1. It guarantees that malware will not be installed.
2. It improves patch management.
3. It verifies who created the software.
4. It executes faster on computers with a TPM.

Which of the following is the best description for VM sprawl?

1. When VMs on your network outnumber physical machines
2. When there are more VMs than IT can effectively manage
3. When a VM on a computer begins to consume too many resources
4. When VMs are spread across a wide area network

Which of the following is the best description of a stored procedure?

1. Code that is in a DLL, rather than the executable
2. Server-side code that is called from a client
3. SQL statements compiled on the database server as a single procedure that can be called
4. Procedures that are kept on a separate server from the calling application, such as in middleware

Farès is responsible for security at his company. He has had bollards installed around the front of the building. What is Farès trying to accomplish?

1. Gated access for people entering the building
2. Video monitoring around the building
3. Protecting against EMI
4. Preventing a vehicle from being driven into the building

Jane is concerned about servers in her datacenter. She is particularly worried about EMI. What damage might EMI most likely cause to servers?

1. Damage to chips (CPU or RAM)
2. Temperature control issues
3. Malware infections
4. The staff could be locked out of the servers.

You are concerned about VM escape attacks. Which of the following would provide the most protection against this?

1. Completely isolate the VM from the host.
2. Install a host-based antivirus on both the VM and the host.
3. Implement FDE on both the VM and the host.
4. Use a TPM on the host.

Teresa is the network administrator for a small company. The company is interested in a robust and modern network defense strategy but lacks the staff to support it. What would be the best solution for Teresa to use?

1. Implement SDN.
2. Use automated security.
3. Use Security as a Service.
4. Implement only as much security controls as they can support.

Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?

1. Implement NIPS.
2. Use cryptographic hashes.
3. Sandbox the applications in question.
4. Implement NIDS.

George is a network administrator at a power plant. He notices that several turbines had unusual ramp-ups in cycles last week. After investigating, he finds that an executable was uploaded to the system control console and caused this. Which of the following would be most effective in preventing this from affecting the SCADA system in the future?

1. Implement SDN.
2. Improve patch management.
3. Place the SCADA system on a separate VLAN.
4. Implement encrypted data transmissions.

Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?

1. Encrypt the entire packet.
2. Encrypt just the header.
3. Authenticate the entire packet.
4. Authenticate just the header.

Mia is a network administrator for a bank. She is responsible for secure communications with her company’s customer website. Which of the following would be the best for her to implement?

1. SSL
2. PPTP
3. IPSec
4. TLS

Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one particular network segment. She is looking for a passive method to get a copy of all traffic to the NIPS network segment so that it can analyze the traffic. Which of the following would be her best choice?

1. Using a network tap
2. Using port mirroring
3. Setting the NIPS on a VLAN that is connected to all other segments
4. Setting up an NIPS on each segment

Janice is explaining how IPSec works to a new network administrator. She is trying to explain the role of IKE. Which of the following most closely matches the role of IKE in IPSec?

1. It encrypts the packet.
2. It establishes the SAs.
3. It authenticates the packet.
4. It establishes the tunnel.

Jeff is the security administrator for an e-commerce site. He is concerned about DoS attacks. Which of the following would be the most effective in addressing this?

1. DDoS mitigator
2. WAF with SPI
3. NIPS
4. Increased available bandwidth

Doug is a network administrator for a small company. The company has recently implemented an e-commerce server. This has placed a strain on network bandwidth. What would be the most cost-effective means for him to address this issue?

1. Isolate the new server on a separate network segment.
2. Upgrade the network to CAT 7.
3. Move to fiber optic.
4. Implement aggregation switches.

Liam is responsible for monitoring security events in his company. He wants to see how diverse events may connect. He is interested in identifying different indicators of compromise that may point to the same breach. Which of the following would be most helpful for him to implement?

1. NIDS
2. SIEM
3. Correlation engine
4. Aggregation switch

Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this?

1. Implement port mirroring for that segment.
2. Install an NIPS on that segment.
3. Upgrade to a more effective NIPS.
4. Isolate that segment on its own VLAN.

You have been instructed to find a VPN solution for your company. Your company uses TACACS+ for remote access. Which of the following would be the best VPN solution for your company?

1. PPTP
2. RADIUS
3. L2TP
4. CHAP

Jacob is the CIO for a mid-sized company. His company has very good security policies and procedures. The company has outsourced its web application development to a well-known web programming company. Which of the following should be the most important security issue for Jacob to address?

1. The web application vendor’s hiring practices
2. The financial stability of the web application vendor
3. Security practices of the web application vendor
4. Having an escrow for the source code

Gerard is responsible for physical security at his company. He is considering using cameras that would detect a burglar entering the building at night. Which of the following would be most useful in accomplishing this goal?

1. Motion-sensing camera
2. Infrared-sensing camera
3. Sound-activated camera
4. HD camera

Tim is implementing a Faraday cage around his server room. What is the primary purpose of a Faraday cage?

1. Regulate temperature
2. Regulate current
3. Block intrusions
4. Block EMI

You are working for a large company. You are trying to find a solution that will provide controlled physical access to the building and record every employee who enters the building. Which of the following would be the best for you to implement?

1. A security guard with a sign-in sheet
2. Smart card access
3. A camera by the entrance
4. A sign-in sheet by the front door

David is responsible for cryptographic keys in his company. What is the best way to deauthorize a public key?

1. Send out a network alert.
2. Delete the digital certificate.
3. Publish that certificate in the CRL.
4. Notify the RA.

Thomas is trying to select the right fire extinguisher for his company’s server room. Which of the following would be his best choice?

1. Type A
2. Type B
3. Type C
4. Type D

Carole is concerned about security for her server room. She wants the most secure lock she can find for the server room door. Which of the following would be the best choice for her?

1. Combination lock
2. Key-in-knob
3. Deadbolt
4. Padlock

What is the ideal humidity range for a server room?

1. 70% to 80%
2. 40% to 60%
3. Below 30%
4. Above 70%

Molly is implementing biometrics in her company. Which of the following should be her biggest concern?

1. FAR
2. FRR
3. CER
4. EER

Daniel is responsible for physical security in his company. All external doors have electronic smart card access. In an emergency such as a power failure, how should the doors fail?

1. Fail secure
2. Fail closed
3. Fail open
4. Fail locked

Donald is responsible for networking for a defense contractor. He is concerned that emanations from UTP cable could reveal classified information. Which of the following would be his most effective way to address this?

1. Migrate to CAT 7 cable.
2. Implement protected cabling.
3. Place all cable in a Faraday cage.
4. Don’t send any classified information over the cable.

Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?

1. Store the drives in a secure cabinet.
2. Encrypt the thumb drives.
3. Don’t store BitLocker keys on these drives.
4. Lock the thumb drives in desk drawers.

Juanita is responsible for servers in her company. She is looking for a fault-tolerant solution that can handle two drives failing. Which of the following should she select?

1. RAID 1+0
2. RAID 3
3. RAID 5
4. RAID 6

You are a network administrator for a mid-sized company. You need all workstations to have the same configuration. What would be the best way for you to accomplish this?

1. Push out a configuration file.
2. Implement a policy requiring all workstations to be configured the same way.
3. Ensure all computers have the same version of the operating system and the same applications installed.
4. Use a master image that is properly configured and image all workstations from that.

Mike is a network administrator for an e-commerce company. There have been several updates to the operating system, the web server software, and the web application, all within the last 24 hours. It appears that one of these updates has caused a significant security problem. What would be the best approach for Mike to take to correct this problem?

1. Remove the updates one at a time to see which corrects the problem.
2. Roll the server back to the last known good state.
3. Investigate and find out which update caused the problem, and remove only that update.
4. Investigate and find out which update caused the problem, and find a patch for that issue.

Which device would most likely process the following rules?

PERMIT IP ANY EQ 443

DENY IP ANY ANY

1. NIPS
2. HIPS
3. Content filter
4. Firewall

Ixxia is responsible for security at a mid-sized company. She wants to prevent users on her network from visiting job-hunting sites while at work. Which of the following would be the best device to accomplish this goal?

1. Proxy server
2. NAT
3. Firewall
4. NIPS

You are responsible for an e-commerce site. The site is hosted in a cluster. Which of the following techniques would be best in assuring availability?

1. A VPN concentrator
2. Aggregate switching
3. An SSL accelerator
4. Load balancing

When you are concerned about application security, what is the most important issue in memory management?

1. Never allocate a variable any larger than is needed.
2. Always check bounds on arrays.
3. Always declare a variable where you need it (i.e., at function or file level if possible).
4. Make sure you release any memory you allocate.

Darrel is looking for a cloud solution for his company. One of the requirements is that the IT staff can make the transition with as little change to the existing infrastructure as possible. Which of the following would be his best choice?

1. Off-premises cloud
2. On-premises cloud
3. Hybrid solution
4. Use only a community cloud

Ryan is concerned about the security of his company’s web application. Since the application processes confidential data, he is most concerned about data exposure. Which of the following would be the most important for him to implement?

1. WAF
2. TLS
3. NIPS
4. NIDS

Arjun has just taken over web application security for a small company. He notices that some values are temporarily stored in hidden fields on one of the web pages. What is this called and how would it be best characterized?

1. This is obfuscation, a weak security measure.
2. This is data hiding, a weak security measure.
3. This is obfuscation, a possible security flaw.
4. This is data hiding, a possible security flaw.

What is the primary reason a company would consider implementing Agile programming?

1. To speed up development time
2. To improve development documentation
3. To focus more on design
4. To focus more on testing

When you’re implementing security cameras in your company, which of the following is the most important concern?

1. High-definition video
2. Large storage capacity
3. How large an area the camera can cover
4. Security of the camera and video storage

What is the primary security issue presented by monitors?

1. Unauthorized users may see confidential data.
2. Data can be detected from electromagnetic emanations.
3. Poor authentication
4. Screen burn

Clark is responsible for mobile device security in his company. Which of the following is the most important security measure for him to implement?

1. Encrypted drives
2. Patch management
3. Remote wiping
4. Geotagging

Which of the following security measures is most effective against phishing attacks?

1. User training
2. NIPS
3. Spam filters
4. Content filter

You are the CISO for a mid-sized health care company. Which of the following is the most important for you to implement?

1. Industry best practices
2. Contractual requirements
3. Strong security policies
4. Regulatory requirements