A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:
In an htaccess file or the site config add:
or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

• A.Ensure session IDs are generated dynamically with each cookie request
• B.Prevent cookies from being transmitted to other domain names
• C.Create a temporary space on the user's drive root for ephemeral cookie storage
• D.Add a sequence ID to the cookie session ID while in transit to prevent CSRF.
• E.Allow cookie creation or updates only over TLS connections
• F.Enforce the use of plain text HTTP transmission with secure local cookie storage

Comment: *

Name: *

Email: *

Verification: *

Given the following output from a local PC:

Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

• A.Allow 172.30.0.28:80 -> 172.30.0.28:443
• B.Allow 172.30.0.28:80 -> 172.30.0.0/16
• C.Allow 172.30.0.28:80 -> 172.30.0.28:53
• D.Allow 172.30.0.28:80 -> ANY

Comment: *

Name: *

Email: *

Verification: *

A recent assessment identified that several users' mobile devices are running outdated versions of endpoint security software that do not meet the company's security policy. Which of the following should be performed to ensure the users can access the network and meet the company's security requirements?

• A.Risk assessment
• B.Device quarantine
• C.Incident management
• D.Patch management
• E.Vulnerability assessment

Comment: *

Name: *

Email: *

Verification: *

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information:

Which of the following commands would have provided this output?

• A.sqlmap -w
• B.ifconfig -arp
• C.netstat -a
• D.arp -s

Comment: *

Name: *

Email: *

Verification: *

Lab Simulation
Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks.
The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below:
User Subnet: 192.168.1.0/24
Server Subnet: 192.168.2.0/24
Finance Subnet:192.168.3.0/24
Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.
Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.
Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.
Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

Correct Answer:

Firewall rules should be re-arranged to look like this:

Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. The rule shown in the image below is the rule in question. It is not working because the action is set to Deny. This needs to be set to Permit.

Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.
The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port
443 for HTTPS (HTTP over SSL).

Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.

Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.
The network time rule is shown in the image below.

However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).

Comment: *

Name: *

Email: *

Verification: *