Q1. A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.

Which of the following is the solutions architect MOST likely trying to implement?

A. One time pads

B. PKI

C. Quantum cryptography

D. Digital rights management

Q2. An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

A. /etc/passwd

B. /etc/shadow

C. /etc/security

D. /etc/password

E. /sbin/logon

F. /bin/bash

Q3. A security administrator has noticed that an increased number of employeesu2021 workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection?

A. Implement an Acceptable Use Policy which addresses malware downloads.

B. Deploy a network access control system with a persistent agent.

C. Enforce mandatory security awareness training for all employees and contractors.

D. Block cloud-based storage software on the company network.

Q4. During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the companyu2021s database server. Which of the following is the correct order in which the forensics team should engage?

A. Notify senior management, secure the scene, capture volatile storage, capture non- volatile storage, implement chain of custody, and analyze original media.

B. Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data.

C. Implement chain of custody, take inventory, secure the scene, capture volatile and non- volatile storage, and document the findings.

D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

Q5. The following has been discovered in an internally developed application:

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) {

*myBuffer = STRING_WELCOME_MESSAGE; printf(u201cWelcome to: %snu201d, myBuffer);

}

exit(0);

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).

A. Static code analysis

B. Memory dumping

C. Manual code review

D. Application sandboxing

E. Penetration testing

F. Black box testing

Q6. An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data?

A. SMB

B. NFS

C. FCoE

D. iSCSI

Q7. A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?

A. Subjective and based on an individual's experience.

B. Requires a high degree of upfront work to gather environment details.

C. Difficult to differentiate between high, medium, and low risks.

D. Allows for cost and benefit analysis.

E. Calculations can be extremely complex to manage.

Q8. An employee is performing a review of the organizationu2021s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?

A. BPA

B. BIA

C. MOU

D. OLA

Q9. A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the

shortest time period?

A. Online password testing

B. Rainbow tables attack

C. Dictionary attack

D. Brute force attack

Q10. An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

A. Guest users could present a risk to the integrity of the companyu2021s information

B. Authenticated users could sponsor guest access that was previously approved by management

C. Unauthenticated users could present a risk to the confidentiality of the companyu2021s information

D. Meeting owners could sponsor guest access if they have passed a background check