Beta corporation is doing a core evaluation of its centralized logging capabilities. The security staff suspects that the central server has several log files over the past few weeks that have had their contents changed.
Given this concern, and the need to keep archived logs for log correction applications, what is the most appropriate next steps? A . Keep the files in the log archives synchronized with another location. B . Store the files read-only and keep hashes of the logs separately. C . Install a tier one timeserver on the network to keep log devices synchronized. D . Encrypt the log files with an asymmetric key and remove the cleartext version.
What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system? A . Package diagram B . Deployment diagram C . Class diagram D . Use case diagram
An organization is implementing a control within the Application Software Security CIS Control.
How can they best protect against injection attacks against their custom web application and database applications? A . Ensure the web application server logs are going to a central log host B . Filter input to only allow safe characters and strings C . Configure the web server to use Unicode characters only D . Check user input against a list of reserved database terms
As part of an effort to implement a control on E-mail and Web Protections, an organization is monitoring their webserver traffic.
Which event should they receive an alert on? A . The number of website hits is higher that the daily average B . The logfiles of the webserver are rotated and archived C . The website does not respond to a SYN packet for 30 minutes D . The website issues a RST to a client after the connection is idle
Which of the following actions produced the output seen below?
A . An access rule was removed from firewallrules.txt B . An access rule was added to firewallrules2.txt C . An access rule was added to firewallrules.txt D . An access rule was removed from firewallrules2.txt
What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control? A . Control which devices can connect to the network B . Passively identify new devices C . Inventory offline databases D . Actively identify new servers
Given the audit finding below, which CIS Control was being measured?
A . Controlled Access Based on the Need to Know B . Controlled Use of Administrative Privilege C . Limitation and Control of Network Ports, Protocols and Services D . Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers E . Inventory and Control of Hardware Assets
After installing a software package on several workstations, an administrator discovered the software opened network port TCP 23456 on each workstation. The port is part of a software management function that is not needed on corporate workstations.
Which actions would best protect the computers with the software package installed? A . Document the port number and request approval from a change control group B . Redirect traffic to and from the software management port to a non-default port C . Block TCP 23456 at the network perimeter firewall D . Determine which service controls the software management function and opens the port, and disable it
Dragonfly Industries requires firewall rules to go through a change management system before they are configured. Review the change management log.
Which of the following lines in your firewall ruleset has expired and should be removed from the configuration? A . access-list outbound permit tcp host 10.1.1.7 any eq smtp B . access-list outbound deny tcp any host 126.96.36.199 eq www C . access-list inbound permit tcp 188.8.131.52 0.0.0.255 10.10.12.252 eq 8080 D . access-list inbound permit tcp host 184.108.40.206 host 10.10.12.100 eq ssh