Given the following output from a local PC:

Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

• A.Allow 172.30.0.28:80 -> 172.30.0.28:53
• B.Allow 172.30.0.28:80 -> 172.30.0.28:443
• C.Allow 172.30.0.28:80 -> ANY
• D.Allow 172.30.0.28:80 -> 172.30.0.0/16

Comment: *

Name: *

Email: *

Verification: *

A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

• A.Compatible services
• B.Data remnants
• C.Chain of custody
• D.Storage encryption
• E.Sovereignty
• F.Data migration

Comment: *

Name: *

Email: *

Verification: *

Providers at a healthcare system with many geographically dispersed clinics have been fined five times
this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

• A.Implement a system that will tokenize patient numbers.
• B.Implement a secure text-messaging application for mobile devices and workstations.
• C.Write a policy requiring this information to be given over the phone only.
• D.Provide a courier service to deliver sealed documents containing public health informatics.
• E.Implement FTP services between clinics to transmit text documents with the information.

Comment: *

Name: *

Email: *

Verification: *

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

• A.Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data.
  Attempt to exploit via the proof-of-concept code. Consider remediation options.
• B.Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any 'high' or 'critical' penetration test findings and put forward recommendations for mitigation.
• C.Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
• D.Notify all customers about the threat to their hosted data. Bring the web servers down into "maintenance mode" until the vulnerability can be reliably mitigated through a vendor patch.

Comment: *

Name: *

Email: *

Verification: *