1. ABC Company must achieve guarantees for PCI and SOX. Which of the following would be the best organization to achieve compliance and ensure security? (Choose three.)(Select 3answers)

A) Centralize management of all devices on the network
B) Apply technical controls to comply with the Regulation
C) Set a list of devices that must meet all regulations
D) Create a list of users that should work with any regulations
E) Compartmentalized network


2. Joe, a penetration test device, is charged with the testing of the safety robustness of the protocol between a mobile and web application REST application server. Which of the following security tools would be needed to assess the security between the mobile web application and the application server REST? (Choose two).(Select 2answers)

A) HTTP interceptor
B) Jailbroken mobile device
C) reconnaissance tool
D) vulnerability scanner
E) Network enumerator


3. The recent independent study shows that cyber attacks SCADA systems grew by an average of 15% annually in each of the last four years, but this year growth has slowed to about 7%. In the same period, the number of attacks on applications decreased or remained the same each year. At the beginning of the operation period, the incidence of PC boot loader or the BIOS-based attacks was negligible. From two years ago, the growth of PC bootloader attacks is growing exponentially. Analysis of these trends seem to suggest what should be used the following strategies?

A) The expenditure should increase SCADA security by 15%; application control spending must PC bootloader protections slightly increase and the spending should remain stable.
B) Spending on SCADA security must remain evenly; application management expenditure should slightly reduce spending and PC bootloader protection should improve substantially.
C) Spending all checks should increase by 15% to begin with; spending on application controls should be suspended, and the protection of PC bootloader research would increase by 100%.
D) Spending on SCADA protection must remain uniform; application management expenditure must significantly increase spending on PC and boot loader checks should increase significantly.
E) None


4. A bank in the development of a new mobile. The mobile client is content and communicate back to the company servers calls using REST / JSON. The bank wants to ensure that the stateless communication between the mobile and the web services gateway. Which of the following controls should be implemented to allow stateless communication?

A) None
B) Require SSL between the mobile and the web services gateway.
C) The jsession cookies should be stored safely after authentication.
D) Generate a one-time key as part of the registration device.
E) Authentication contention must be stored securely on the client.


5. After reviewing a business NAS setup and file access logs, the auditor recommends that the security administrator for additional security measures on the NFS exports. The security administrator decides to remove the no_root_squash directive of exports and add the nosuid directive. Which of the following is true about the security checks carried out by the security administrator?

A) Adding the nosuid directive disables regular users access files owned by the root user on NFS, even after using the SU command.
B) None
C) Removing the no_root_squash directive gain root user remote NFS read / write access to important files owned by root on the NAS.
D) Users with root access on the remote NFS client computers can always use the command SU to files from other users to change the NAS.
E) The newly introduced security measures to ensure that NFS encryption are regulated only by the root.