A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication?
A. Waterfall
B. Agile
C. Rapid
D. Spiral
正解:B
質問 2:
A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including monitoring server performance, is achieved through a third party web enabled application installed on the Linux server. The security administrator is concerned about vulnerabilities in the web application that may allow an attacker to retrieve data from the virtual machines.
Which of the following will BEST protect the data on the virtual machines from an attack?
A. The security administrator must install the third party web enabled application in a chroot environment.
B. The security administrator must install the data exfiltration detection software on the perimeter firewall.
C. The security administrator must install anti-virus software on both the Linux server and the virtual machines.
D. The security administrator must install a software firewall on both the Linux server and the virtual machines.
正解:A
質問 3:
A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial:
1.IT staff has no experience with establishing and managing secure on-line credit card processing.
2.An internal credit card processing system will expose the business to additional compliance requirements.
Which of the following is the BEST risk mitigation strategy?
A. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.
B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out.
C. Transfer the risks to another internal department, who have more resources to accept the risk.
D. Transfer the initial risks by outsourcing payment processing to a third party service provider.
正解:D
質問 4:
An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?
A. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.
B. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.
C. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.
D. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.
正解:D
質問 5:
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple securityflaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:
A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.
B. error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
C. error elimination, trash collection, documenting race conditions, peer review, and typical security problems.
D. error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
正解:A
質問 6:
A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?
A. Introduce an ESA framework
B. Construct a library of re-usable security patterns
C. Construct a security control library
D. Include SRTM in the SDLC
正解:A
質問 7:
A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decreasing in value by 50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:
Be across all major platforms, applications and infrastructure.
Be able to track user and administrator activity.
Does not significantly degrade the performance of production platforms,
applications, and infrastructures.
Real time incident reporting.
Manageable and has meaningful information.
Business units are able to generate reports in a timely manner of the unit's system
assets.
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
B. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
C. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
D. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
E. Ensure appropriate auditing is enabled to capture the required information.
F. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting
--- ---
capabilities.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
正解:B,C,E
长峰** -
2週間で2回回すことで難問に足を引っ張らなくなり無事合格できました。
Pass4Testさんの問題集買ってよかったです