A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:
In an htaccess file or the site config add:
or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

• A.Create a temporary space on the user's drive root for ephemeral cookie storage
• B.Add a sequence ID to the cookie session ID while in transit to prevent CSRF.
• C.Allow cookie creation or updates only over TLS connections
• D.Prevent cookies from being transmitted to other domain names
• E.Ensure session IDs are generated dynamically with each cookie request
• F.Enforce the use of plain text HTTP transmission with secure local cookie storage

Comment: *

Name: *

Email: *

Verification: *

A Chief Information Officer (CIO) has mandated that all web-based applications the company uses are required to be hosted on the newest stable operating systems and application stack.
Additionally, a monthly report must be generated and provided to the audit department.
Which of the following security tools should a security analyst use to provide the BEST information?

• A.GRC software
• B.Protocol analyzer
• C.Vulnerability scanner
• D.Network enumerator
• E.Penetration testing platform

Comment: *

Name: *

Email: *

Verification: *

The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitaly communicate, and the following criteria are collectively determined:
* Must be encrypted on the email servers and clients
* Must be OK to transmit over unsecure Internet connections
Which of the following communication methods would be BEST to recommend?

• A.Switch both domains to utilize DNSSEC.
• B.Enable STARTTLS on both domains.
• C.Force TLS between domains.
• D.Use PGP-encrypted emails.

Comment: *

Name: *

Email: *

Verification: *

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network.
Vendors were authenticating directly to the retailer's AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept.
The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN's no other security action was taken.
To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

• A.Residual Risk calculation
• B.A cost/benefit analysis
• C.Quantitative Risk Analysis
• D.Qualitative Risk Analysis

Comment: *

Name: *

Email: *

Verification: *

An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?

• A.Risk assessment
• B.Vulnerability data
• C.Threat intelligence
• D.Risk metrics
• E.Exploit frameworks
• F.Threat modeling

Comment: *

Name: *

Email: *

Verification: *