The Chief Information Security Officer (CISO) of a power generation facility s concerned about being able to detect missing security updates on the critical infrastructure in use at the facility Most of this critical infrastructure consists of ICS and SCADA systems that are maintained by vendors, and the vendors have warned the CISO that proxying network traffic is likely to cause a DoS condition. Which of the following would be BEST to address the CISO s concerns while keeping the critical systems functional?

• A.Configuring the existing SIEM to ingest al log files property
• B.Implementing a passive vulnerability scanning solution
• C.Adding more frequent antivirus and anti-malware signature updates
• D.Adjusting Me access rules to use the concept of least privilege
• E.Deploying a data diode for internal websites

Comment: *

Name: *

Email: *

Verification: *

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company's security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client Log 4:
Encoder oe = new OracleEncoder ();
String query = "Select user_id FROM user_data WHERE user_name = ' "
+ oe.encode ( req.getParameter("userID") ) + " ' and user_password = ' "
+ oe.encode ( req.getParameter("pwd") ) +" ' ";
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

• A.Log 1
• B.Log 2
• C.Log 3
• D.Log 4
• E.Buffer overflow
• F.ACL
• G.XSS
• H.SQL injection

Comment: *

Name: *

Email: *

Verification: *

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents.
Proposal:
External cloud-based software as a service subscription costing $5,000 per month.
Expected to reduce the number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?

• A.-$30,000
• B.$120,000
• C.$150,000
• D.$180,000

Comment: *

Name: *

Email: *

Verification: *

IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.

Correct Answer:

Explanation:
With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot control the keyboard or mouse to make any changes.
Desktop sharing traffic may be intercepted by network attackers - Use SSL for remote sessions.
SSL (Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data would be encrypted and therefore unreadable to the attacker.
No guarantees that shoulder surfing attacks are not occurring at the vendor - Identified control gap.
Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant risk.
The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application windows for the duration of the desktop sharing session.

Comment: *

Name: *

Email: *

Verification: *

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead.
Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

• A.Risk assessment
• B.Data abstraction
• C.Business impact assessment
• D.User story development
• E.Regression testing

Comment: *

Name: *

Email: *

Verification: *