1 HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?Risk mitigationRisk acceptanceRisk transferenceRisk avoidance
2 Tom is responding to a recent security incident and is seeking information on the approval process for a recent modification to a system’s security settings. Where would he most likely find this information?Change logSystem logSecurity logApplication log
3 Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use?A black boxA brute-force toolA fuzzerA static analysis tool
For questions 4–6, please refer to the following scenario.
Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million.
Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years.
1 Based upon the information in this scenario, what is the exposure factor for the effect of a tornado on Atwood Landing’s data center?10 percent25 percent50 percent75 percent
2 Based upon the information in this scenario, what is the annualized rate of occurrence for a tornado at Atwood Landing’s data center?0.00250.0050.010.015
3 Based upon the information in this scenario, what is the annualized loss expectancy for a tornado at Atwood Landing’s data center?$25,000$50,000$250,000$500,000
4 Earlier this year, the information security team at Jim’s employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable because of the version number it is finding even though Jim is sure the patch is installed. Which of the following options is Jim’s best choice to deal with the issue?Uninstall and reinstall the patch.Ask the information security team to flag the system as patched and not vulnerable.Update the version information in the web server’s configuration.Review the vulnerability report and use alternate remediation options.
5 Which NIST special publication covers the assessment of security and privacy controls?800-12800-53A800-34800-86
6 Selah’s team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?Full knowledgePartial knowledgeZero knowledgeSpecific knowledge
7 Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower?ImpactRPOMTOLikelihood
8 Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?A port scannerA service validatorA vulnerability scannerA patch management tool
9 What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?Nonregression testingEvolution testingSmoke testingRegression testing
10 Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is Mike pursuing?Risk acceptanceRisk avoidanceRisk mitigationRisk transference
11 During a port scan, Lauren found TCP port 443 open on a system. Which tool is best suited to scanning the service that is most likely running on that port?zzufNiktoMetasploitsqlmap
12 When developing a business impact analysis, the team should first create a list of assets. What should happen next?Identify vulnerabilities in each asset.Determine the risks facing the asset.Develop a value for each asset.Identify threats facing each asset.
13 In this image, what issue may occur because of the log handling settings?Log data may be lost when the log is archived.Log data may be overwritten.Log data may not include needed information.Log data may fill the system disk.
14 What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?SyslogNetlogEventlogRemote Log Protocol (RLP)
15 Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker might use a SQL injection attack to deface a web server because of a missing patch in the company’s web application. In this scenario, what is the threat?Unpatched web applicationWeb defacementMalicious hackerOperating system
16 Chris is responsible for his organization’s security standards and has guided the selection and implementation of a security baseline for Windows PCs in his organization. How can Chris most effectively make sure that the workstations he is responsible for are being checked for compliance and that settings are being applied as necessary?Assign users to spot-check baseline compliance.Use Microsoft Group Policy.Create startup scripts to apply policy at system start.Periodically review the baselines with the data owner and system owners.
For questions 20–22, please refer to the following scenario.
The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Use this diagram and your knowledge of logging systems to answer the following questions.
1 Jennifer needs to ensure that all Windows systems provide identical logging information to the SIEM. How can she best ensure that all Windows desktops have the same log settings?Perform periodic configuration audits.Use Group Policy.Use Local Policy.Deploy a Windows syslog client.
2 During normal operations, Jennifer’s team uses the SIEM appliance to monitor for exceptions received via syslog. What system shown does not natively have support for syslog events?Enterprise wireless access pointsWindows desktop systemsLinux web serversEnterprise firewall devices
3 What technology should an organization use for each of the devices shown in the diagram to ensure that logs can be time sequenced across the entire infrastructure?SyslogNTPLogsyncSNAP
4 Susan needs to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this?Perform yearly risk assessments.Hire a penetration testing company to regularly test organizational security.Identify and track key risk indicators.Monitor logs and events using a SIEM device.
5 Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region, shown here, and determines that the area he is considering