NEW QUESTION 1
Which of the following incident handling process phases is responsible for defining rules, creating a back-up plan, and testing the plans for an enterprise?

• A. Preparation phase
• B. Recovery phase
• C. Identification phase
• D. Containment phase

Answer: A

NEW QUESTION 2
Which of the followingis the least-likely physical characteristic to be used in biometric control that supports a large company?

• A. Iris patterns
• B. Voice
• C. Fingerprints
• D. Height and Weight

Answer: D

NEW QUESTION 3
The “white box testing” methodology enforces what kind of restriction?

• A. The internal operation of a system is completely known to the tester.
• B. Only the internal operation of a system is known to the tester.
• C. Only the external operation of a system is accessible to the tester.
• D. The internal operation of a system is only partly accessible to the tester.

Answer: A

NEW QUESTION 4
Which of the following is considered the best way to prevent Personally Identifiable Information (PII) from web application vulnerabilities?

• A. Use encrypted communications protocols to transmit PII
• B. Use full disk encryption on all hard drives to protect PII
• C. Use cryptographic storage to store all PII
• D. Use a security token to log onto into all Web application that use PII

Answer: A

NEW QUESTION 5
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.
What wireshark filter will show the connections from the snort machineto kiwi syslog machine?

• A. tcp.dstport==514 && ip.dst==192.168.0.150
• B. tcp.dstport==514 &&ip.dst==192.168.0.99
• C. tcp.srcport==514 && ip.src==192.168.0.99
• D. tcp.srcport==514 && ip.src==192.168.150

Answer: A

NEW QUESTION 6
The “Gray box testing” methodology enforces what kind of restriction?

• A. Only the external operation of a system is accessible to the tester.
• B. Only the internal operation of a system is known to the tester.
• C. The internal operation of a system is completely known to the tester.
• D. The internal operation of a system is only partly accessible to the tester.

Answer: D

NEW QUESTION 7
You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

• A. Host-based IDS
• B. Firewall
• C. Network-Based IDS
• D. Proxy

Answer: C

NEW QUESTION 8
A new wireless client is configured to join a 802.11 network. Thisclient uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.
What is a possible source of this problem?

• A. The client cannot see the SSID of the wireless network
• B. The wireless client is not configured to use DHCP
• C. The WAP does not recognize the client's MAC address
• D. Client isconfigured for the wrong channel

Answer: C

NEW QUESTION 9
You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

• A. False Negative
• B. True Negative
• C. True Positive
• D. False Positive

Answer: A

NEW QUESTION 10
After trying multiple exploits, you’ve gained root access to a Centos 6 answer. To ensure you maintain access. What would you do first?

• A. Disable IPTables
• B. Create User Account
• C. Downloadand Install Netcat
• D. Disable Key Services

Answer: C

NEW QUESTION 11
An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

• A. Insufficient security management
• B. Insufficient database hardening
• C. Insufficient exception handling
• D. Insufficient input validation

Answer: D

NEW QUESTION 12
Which of these options is the most secure procedure for strong backup tapes?

• A. In a climate controlled facility offsite
• B. Inside the data center for faster retrieval in afireproof safe
• C. In a cool dry environment
• D. On a different floor in the same building

Answer: A

NEW QUESTION 13
Session splicing is an IDS evasiontechnique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can used to perform session splicing attacks?

• A. Hydra
• B. Burp
• C. Whisker
• D. Tcpsplice

Answer: C

NEW QUESTION 14
Your team has won a contract to infiltrate an organization. The company wants to have the attack be a realistic as possible; therefore, they did not provide any information besides the company name.
What should be thefirst step in security testing the client?

• A. Scanning
• B. Escalation
• C. Enumeration
• D. Reconnaissance

Answer: D

NEW QUESTION 15
The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate theSLE, ARO, and ALE. Assume the EF = 1 (100%).
What is the closest approximate cost of this replacement and recovery operation per year?

• A. $100
• B. $146
• C. 440
• D. 1320

Answer: B

NEW QUESTION 16
Using Windows CMD, how would an attacker list all the shares to which the current user context hasaccess?

• A. NET CONFIG
• B. NET USE
• C. NET FILE
• D. NET VIEW

Answer: D

NEW QUESTION 17
It is a regulation that has a set if guideline,which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?

• A. HIPAA
• B. COBIT
• C. ISO/IEC 27002
• D. FISMA

Answer: A

NEW QUESTION 18
Your company was hired by a small healthcare provider to perform a technical assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use the built-in Windows Update tool
• B. Create a disk imageof a clean Windows installation
• C. Check MITRE.org for the latest list of CVE findings
• D. Used a scan tool like Nessus

Answer: D

NEW QUESTION 19
Which of the following is a design pattern based on distinct pieces ofsoftware providing application functionality as services to other applications?

• A. Lean Coding
• B. Service Oriented Architecture
• C. Object Oriented Architecture
• D. Agile Process

Answer: B