A systems security engineer is assisting an organization's market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?

• A.The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
• B.These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
• C.The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set
• D.The associated firmware is more likely to remain out of date and potentially vulnerable

Comment: *

Name: *

Email: *

Verification: *

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor's report based on the above findings?

• A.The data represents part of the disk BIOS.
• B.The hard disk contains bad sectors
• C.The disk has been degaussed.
• D.Sensitive data might still be present on the hard drives.

Comment: *

Name: *

Email: *

Verification: *

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

• A.PING
• B.NESSUS
• C.NSLOOKUP
• D.NMAP

Comment: *

Name: *

Email: *

Verification: *

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.
Which of the following is MOST likely to produce the needed information?

• A.Fingerprinting
• B.DNS enumeration
• C.Vulnerability scanner
• D.Whois

Comment: *

Name: *

Email: *

Verification: *

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

• A.Move the files from the marketing share to a secured drive.
• B.Search the metadata for each file to locate the file's creator and transfer the files to the personal drive of the listed creator.
• C.Remove the access for the internal audit group from the accounts payable and payroll shares
• D.Configure the DLP tool to delete the files on the shared drives

Comment: *

Name: *

Email: *

Verification: *