An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?
A. Review switch and router configurations
B. Review the security policies and standards
C. Perform a network penetration test
D. Review the firewall rule set and IPS logs
The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an
account with SELECT only privileges.
Web server logs show the following:
90.76.165.40 -- [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 90.76.165.40 -- [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 90.76.165.40 ?- [08/ Mar/2014:10:54:04] "GET index.php? user<;scrip>;Creat<;/scrip>; HTTP/1.1" 200 5724
The security administrator also inspects the following file system locations on the database server using the command `ls -al /root'
drwxrwxrwx 11 root root 4096 Sep 28 22:45 . drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws------ 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .profile
-rw------- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).
A. Privilege escalation
B. Brute force attack
C. SQL injection
D. Cross-site scripting
E. Using input validation, ensure the following characters are sanitized: <>
F. Update crontab with: find / \( -perm -4000 \) ype f rint0 | xargs -0 ls | email.sh
G. Implement the following PHP directive: $clean_user_input = addslashes($user_input)
H. Set an account lockout policy
A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?
A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
B. The Java developers accounted for network latency only for the read portion of the processing and not the write process.
C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/ or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).
A. Add guests with more memory to increase capacity of the infrastructure.
B. A backup is running on the thin clients at 9am every morning.
C. Install more memory in the thin clients to handle the increased load while booting.
D. Booting all the lab desktops at the same time is creating excessive I/O.
E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
F. Install faster SSD drives in the storage system used in the infrastructure.
G. The lab desktops are saturating the network while booting.
H. The lab desktops are using more memory than is available to the host systems.
An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization's new web services gateway. All rendering of the content is performed on the mobile application.
The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO?
A. A registration process is implemented to have a random number stored on the client.
B. The identity is passed between the applications as a HTTP header over REST.
C. Local storage of the authenticated token on the mobile application is secured.
D. Attestation of the XACML payload to ensure that the client is authorized.
The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?
A. hash = sha512(password + salt); for (k = 0; k < 4000; k++) { hash = sha512 (hash); }
B. hash = md5(password + salt); for (k = 0; k < 5000; k++) { hash = md5 (hash); }
C. hash = sha512(password + salt); for (k = 0; k < 3000; k++) { hash = sha512 (hash + password + salt); }
D. hash1 = sha1(password + salt); hash = sha1 (hash1);
A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?
A. Outdated antivirus definitions
B. Insecure wireless
C. Infected USB device
D. SQL injection
To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI?
A. Nearly four years
B. Nearly six years
C. Within the first year
D. Nearly three years
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
A. Secure Software Requirements
B. Secure Software Implementation
C. Secure Software Design
D. Software Acceptance
Which of the following displays an example of a XSS attack?
A.
B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
C.
