QUESTION 31 The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment. Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?
A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing. B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider. C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information. D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted. Continue reading →
QUESTION 21 A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?
A. Conduct web server load tests. B. Conduct static code analysis. C. Conduct fuzzing attacks. D. Conduct SQL injection and XSS attacks.
QUESTION 11 Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time. Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploited B. Remnants of network data from prior customers on the physical servers during a compute job C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
QUESTION 1 A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company’s video conference. All parties must be issued a VPN account and must connect to the company’s VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?
A. IPSec transport mode is enabled B. ICMP is disabled C. Split tunneling is disabled D. NAT-traversal is enabled