A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

• A.Data custodian
• B.Data owner
• C.Security analyst
• D.Business unit director
• E.Chief Executive Officer (CEO)

Comment: *

Name: *

Email: *

Verification: *

A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history:
dd if=dev/sda of=/dev/sdb
Which of the following MOST likely occurred?

• A.The hard drive was formatted after the incident.
• B.The DNS log files were rolled daily as expected
• C.A tape backup of the server was performed.
• D.The drive was cloned for forensic analysis.

Comment: *

Name: *

Email: *

Verification: *

While investigating suspicious activity on a server, a security administrator runs the following report:

In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)

• A.An attacker compromised the server and may have installed a rootkit to always generate valid MD5 hashes to hide the changes to the /etc/shadow file
• B.An attacker compromised the server and may have used a collision hash in the MD5 algorithm to hide the changes to the /etc/shadow file
• C.An attacker compromised the server and may have used MD5 collision hashes to generate valid passwords, allowing further access to administrator accounts on the server
• D.An attacker compromised the server and may have used SELinux mandatory access controls to hide the changes to the /etc/shadow file
• E.An attacker compromised the server and may have also compromised the file integrity database to hide the changes to the /etc/shadow file

Comment: *

Name: *

Email: *

Verification: *

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

• A.Move line 3 below line 4 and add port 443 to line.
• B.Add port 22 to line 2.
• C.Add port 22 to line 5.
• D.Move line 3 below line 4 and change port 80 to 443 on line 4.
• E.Add port 443 to line 5.
• F.Move line 4 below line 5 and add port 80 to 8080 on line 2.
• G.Add port 443 to line 2.

Comment: *

Name: *

Email: *

Verification: *

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

• A.Write a policy requiring this information to be given over the phone only.
• B.Provide a courier service to deliver sealed documents containing public health informatics.
• C.Implement a secure text-messaging application for mobile devices and workstations.
• D.Implement a system that will tokenize patient numbers.
• E.Implement FTP services between clinics to transmit text documents with the information.

Comment: *

Name: *

Email: *

Verification: *