Chris wants to prevent users from running a popular game on Windows workstations
he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations?
Give this one a try later!
Windows 10 Pro and Enterprise support application whitelisting. Chris can
whitelist his allowed programs and then set the default mode to disallowed,
preventing all other applications from running and thus blacklisting the
application. This can be a bit of a maintenance hassle but can be useful for
high security environments or those in which limiting what programs can
run is critical.
While conducting a vulnerability scan of his organization's data center, Renee
discovers that the management interface for the organization's virtualization platform
is exposed to the scanner. In typical operating circumstances, what is the proper
exposure for this interface?
Give this one a try later!
, The best practice for securing virtualization platforms is to expose the
management interface only to a dedicated management network,
accessible only to authorized engineers. This greatly reduces the likelihood
of an attack against the virtualization platform.
What access control scheme labels subjects and objects and allows subjects to
access objects when labels match?
Give this one a try later!
Mandatory Access Control (MAC)
Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation of certification
D. Members who observe a breach of the Code of Ethics are required to report the
possible violation
Give this one a try later!
B.
Ben is an information security professional at an organization that is replacing its
physical servers with virtual machines. As the organization builds its virtual
environment, it is decreasing the number of physical servers it uses while purchasing
more powerful servers to act as the virtualization platforms.
Ben is concerned about exploits that allow VM escape. What option should Ben
,suggest to help limit the impact of VM escape exploits?
A. Separate virtual machines onto separate physical hardware based on task or data
types.
B. Use VM escape detection tools on the underlying hypervisor.
C. Restore machines to their original snapshots on a regular basis.
D. Use a utility like Tripwire to look for changes in the virtual machines.
Give this one a try later!
A. While virtual machine escape has been demonstrated only in lab
environments, the threat is best dealt with by limiting what access to the
underlying hypervisor can prove to a successful tracker. Segmenting by
data types or access levels can limit the potential impact of a hypervisor
compromise.
What should Steve do if a FAR/FRR diagram does not provide an acceptable
performance level for his organization's needs?
Give this one a try later!
Assess other biometric systems to compare them since the CER is used to
assess biometric devices.
After completing and incident response process and providing a final report to
management, what step should Casey use to identify improvement to her incident
response plan?
A. Update system documentation
B. Conduct a lessons-learned session
C. Review patching status and vulnerability scans
D. Engage third-party consultants.
Give this one a try later!
, B. Conducting a lessons-learned review after using an incident response
plan can help to identify improvements and to ensure that the plan is up-
to-date and ready to handle future events.
Which one of the following components should be included in an organization's
emergency response guidelines?
A. List of individuals who should be notified of an emergency incident
B. Long-term business continuity protocols
C. Activation procedures for the organization's cold sites
D. Contact information for ordering equipment
Give this one a try later!
A. The emergency response guidelines should include the immediate steps
an organization should follow in response to an emergency situation. These
include immediate response procedures, a list of individuals who should be
notified of the emergency and secondary response procedures for first
responders. They do not include long-term actions such as activating
business continuity protocols, ordering equipment, or activating DR sites.
Max is the security administrator for an organization that uses a remote access VPN.
The VPN depends upon RADIUS authentication, and Max would like to assess the
security of that service. Which one of the following hash functions is the strongest
cryptographic hash protocol supported by RADIUS?
A. MD5
B. SHA 2
C. SHA-512
D. HMAC
Give this one a try later!
A. Unfortunately, the RADIUS protocol only supports the weak MD5 hash
function. This is the major criticism of the RADIUS protocol. Most
he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations?
Give this one a try later!
Windows 10 Pro and Enterprise support application whitelisting. Chris can
whitelist his allowed programs and then set the default mode to disallowed,
preventing all other applications from running and thus blacklisting the
application. This can be a bit of a maintenance hassle but can be useful for
high security environments or those in which limiting what programs can
run is critical.
While conducting a vulnerability scan of his organization's data center, Renee
discovers that the management interface for the organization's virtualization platform
is exposed to the scanner. In typical operating circumstances, what is the proper
exposure for this interface?
Give this one a try later!
, The best practice for securing virtualization platforms is to expose the
management interface only to a dedicated management network,
accessible only to authorized engineers. This greatly reduces the likelihood
of an attack against the virtualization platform.
What access control scheme labels subjects and objects and allows subjects to
access objects when labels match?
Give this one a try later!
Mandatory Access Control (MAC)
Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation of certification
D. Members who observe a breach of the Code of Ethics are required to report the
possible violation
Give this one a try later!
B.
Ben is an information security professional at an organization that is replacing its
physical servers with virtual machines. As the organization builds its virtual
environment, it is decreasing the number of physical servers it uses while purchasing
more powerful servers to act as the virtualization platforms.
Ben is concerned about exploits that allow VM escape. What option should Ben
,suggest to help limit the impact of VM escape exploits?
A. Separate virtual machines onto separate physical hardware based on task or data
types.
B. Use VM escape detection tools on the underlying hypervisor.
C. Restore machines to their original snapshots on a regular basis.
D. Use a utility like Tripwire to look for changes in the virtual machines.
Give this one a try later!
A. While virtual machine escape has been demonstrated only in lab
environments, the threat is best dealt with by limiting what access to the
underlying hypervisor can prove to a successful tracker. Segmenting by
data types or access levels can limit the potential impact of a hypervisor
compromise.
What should Steve do if a FAR/FRR diagram does not provide an acceptable
performance level for his organization's needs?
Give this one a try later!
Assess other biometric systems to compare them since the CER is used to
assess biometric devices.
After completing and incident response process and providing a final report to
management, what step should Casey use to identify improvement to her incident
response plan?
A. Update system documentation
B. Conduct a lessons-learned session
C. Review patching status and vulnerability scans
D. Engage third-party consultants.
Give this one a try later!
, B. Conducting a lessons-learned review after using an incident response
plan can help to identify improvements and to ensure that the plan is up-
to-date and ready to handle future events.
Which one of the following components should be included in an organization's
emergency response guidelines?
A. List of individuals who should be notified of an emergency incident
B. Long-term business continuity protocols
C. Activation procedures for the organization's cold sites
D. Contact information for ordering equipment
Give this one a try later!
A. The emergency response guidelines should include the immediate steps
an organization should follow in response to an emergency situation. These
include immediate response procedures, a list of individuals who should be
notified of the emergency and secondary response procedures for first
responders. They do not include long-term actions such as activating
business continuity protocols, ordering equipment, or activating DR sites.
Max is the security administrator for an organization that uses a remote access VPN.
The VPN depends upon RADIUS authentication, and Max would like to assess the
security of that service. Which one of the following hash functions is the strongest
cryptographic hash protocol supported by RADIUS?
A. MD5
B. SHA 2
C. SHA-512
D. HMAC
Give this one a try later!
A. Unfortunately, the RADIUS protocol only supports the weak MD5 hash
function. This is the major criticism of the RADIUS protocol. Most
