DRAG DROP
IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.

正解:

質問 2:
A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?
A. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network.
B. A separate physical interface placed on a private VLAN should be configured for live host operations.
C. Database record encryption should be used when storing sensitive information on virtual servers.
D. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data.
正解:B
質問 3:
A large bank deployed a DLP solution to detect and block customer and credit card data from leaving the organization via email. A disgruntled employee was able to successfully exfiltrate data through the corporate email gateway by embedding a word processing document containing sensitive data as an object in a CAD file. Which of the following BEST explains why it was not detected and blocked by the DLP solution? (Select TWO).
A. The embedding of objects in other documents enables document encryption by default.
B. The product does not understand how to decode embedded objects.
C. The mail client used to send the email is not compatible with the DLP product.
D. The DLP product cannot scan multiple email attachments at the same time.
E. The process of embedding an object obfuscates the data.
正解:B,E
質問 4:
Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?
A. Enable deduplication on the storage pools
B. Enable multipath to increase availability
C. Implement snapshots to reduce virtual disk size
D. Implement replication to offsite datacenter
正解:A
質問 5:
A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network.
The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?
A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.
B. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
C. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.
D. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.
正解:A
質問 6:
An external penetration tester compromised one of the client organization's authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization's other systems, without impacting the integrity of any of the systems?
A. Use the pass the hash technique
B. Use social engineering to obtain the actual password
C. Use rainbow tables to crack the passwords
D. Use the existing access to change the password
正解:A



0 お客様のコメント