You need to eliminate the redundancy while maintaining …

SIMULATION
You have just received some room and Wi-Fi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer’s (CEO) office had multiple redundant security measures installed on the door
to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the “something you know” category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.
Company XYZ Corporate headquarters Building

Instructions: The original security controls for each office can be reset at anytime by selecting the Reset
button. Once you have met the above requirements for each office, select the Save button. When you have
completed the entire simulation, please select the Done button to submit. Once the simulation is submitted,
please select the Next button to continue.
Simulation

SIMULATION
You have just received some room and Wi-Fi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer’s (CEO) office had multiple redundant security measures installed on the door
to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the “something you know” category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.
Company XYZ Corporate headquarters Building

Instructions: The original security controls for each office can be reset at anytime by selecting the Reset
button. Once you have met the above requirements for each office, select the Save button. When you have
completed the entire simulation, please select the Done button to submit. Once the simulation is submitted,
please select the Next button to continue.
Simulation

Answer: See the explanation

Explanation:



Leave a Reply 11

Your email address will not be published. Required fields are marked *


Dominus

Dominus

Could the CEO be:
Iris Scanner (something you are)
Username/Password (something you know)
smart card reader (something you have)
?

Stunt Man

Stunt Man

CEO = Iris scanner (something you are), smart card reader (Something you have),
Pin to go with the smart card (something you know) ?

GAUDISSARD

GAUDISSARD

ATTENTION PLEASE!!!

The SY0-401 Exam Will Retire On July 31, 2018, and then the New Exam is SY0-501!

New SY0-501 Exam Questions Updated Recently (7/Nov/2017):

NEW QUESTION 129
A company’s user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select TWO.)

A. Replay
B. Rainbow tables
C. Brute force
D. Pass the hash
E. Dictionary

Answer: DE

NEW QUESTION 130
A user has attempted to access data at a higher classification level than the user’s account is currency authorized to access. Which of the following access control models has been applied to this user’s account?

A. MAC
B. DAC
C. RBAC
D. ABAC

Answer: D

NEW QUESTION 131
A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost of any potential loss. Which of the following is the company doing?

A. Transferring the risk
B. Accepting the risk
C. Avoiding the risk
D. Mitigating the risk

Answer: A

NEW QUESTION 132
An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?

A. RTO
B. RPO
C. MTBF
D. MTTR

Answer: B

NEW QUESTION 133
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, impact of similar incidents. Which of the following would assist Company.com with its goal?

A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation

Answer: D

NEW QUESTION 134
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?

A. ACLs
B. HIPS
C. NAT
D. MAC filtering

Answer: D

NEW QUESTION 135
A company wants to host a publicly available server that performs the following functions:
– Evaluates MX record lookup
– Can perform authenticated requests for A and AAA records
– Uses RRSIG
Which of the following should the company use to fulfill the above requirements?

A. DNSSEC
B. SFTP
C. nslookup
D. dig

Answer: C

NEW QUESTION 136
Which of the following attack types BEST describes a client-side attack that is used to mandate an HTML iframe with JavaScript code via web browser?

A. MITM
B. xss
C. SQLi

Answer: B

NEW QUESTION 137
A company has a data classification system with definitions for “Private” and “public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”. Which of the following is the MOST likely reason the company added this data type?

A. Reduced cost
B. More searchable data
C. Better data classification
D. Expanded authority of the privacy officer

Answer: B

NEW QUESTION 138
A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery?

A. Utilizing a single Qfor password recovery
B. Sending a PIN to a smartphone through text message
C. Utilizing CAPTCHA to avoid brute force attacks
D. Use a different e-mail address to recover password

Answer: B

NEW QUESTION 139
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?

A. Change management procedures
B. Job rotation policies
C. Incident response management
D. Least privilege access controls

Answer: A

NEW QUESTION 140
A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?

A. Install host-based firewalls on all computers that have an email client installed
B. Set the email program default to open messages in plain text
C. Install end-point protection on all computers that access web email
D. Create new email spam filters to delete all messages from that sender

Answer: C

NEW QUESTION 141
……

P.S. These New SY0-501 Exam Questions Were Just Updated From The Real SY0-501 Exam, You Can Get The Newest SY0-501 Dumps In PDF And VCE From — https://www.passleader.com/sy0-501.html (166q VCE and PDF)

Good Luck!

jaysonol

jaysonol

Can someone explain Public Cafe answers? These seem wrong/overkill to me.

And wouldn’t the Data Center also include the PinPad (something you know)?

m

m

I know right, these are wrong ;/

m

m

the answers seem wrong

Pasha

Pasha

Obviously, the answers are WRONG!!!

New SY0-501 Exam Questions and Answers (28/Dec/2017 Updated):

Lab Simulation 1 — Available Security Controls for Each Building
You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:
……

Lab Simulation 2 — Configure the Firewall
Configure the firewall (fill out the table) to allow these four rules:
– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2.
……

NEW QUESTION 141
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented?

A. Recovery agent
B. Ocsp
C. Crl
D. Key escrow

Answer: B

NEW QUESTION 142
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement?

A. HMAC
B. PCBC
C. CBC
D. GCM
E. CFB

Answer: A

NEW QUESTION 143
The Chief Security Officer (CSO) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

A. Use certificates signed by the company CA.
B. Use a signing certificate as a wild card certificate.
C. Use certificates signed by a public CA.
D. Use a self-signed certificate on each internal server.

Answer: D

NEW QUESTION 144
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A. Peer review
B. Component testing
C. Penetration testing
D. Vulnerability testing

Answer: C
Explanation:
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.

NEW QUESTION 145
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called “purchasing”, however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

A. Modify all the shared files with read only permissions for the intern.
B. Create a new group that has only read permissions for the files.
C. Remove all permissions for the shared files.
D. Add the intern to the “purchasing” group.

Answer: B

NEW QUESTION 146
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?

A. MAC filtering
B. Virtualization
C. OS hardening
D. Application white-listing

Answer: C

NEW QUESTION 147
A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format?

A. PFX
B. PEM
C. DER
D. CER

Answer: B

NEW QUESTION 148
When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select TWO.)

A. USB-attached hard disk
B. Swap/pagefile
C. Mounted network storage
D. ROM
E. RAM

Answer: AD

NEW QUESTION 149
When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

A. Owner
B. System
C. Administrator
D. User

Answer: C

NEW QUESTION 150
……

NEW QUESTION 151
A user clicked an email link that led to a website that infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not detected or blocked by the company’s email filter, website filter, or antivirus. Which of the following describes what occurred?

A. The user’s account was over-privileged.
B. Improper error handling triggered a false negative in all three controls.
C. The email originated from a private email server with no malware protection.
D. The virus was a zero-day attack.

Answer: A

NEW QUESTION 152
Which of the fallowing security controls does an iris scanner provide?

A. Logical
B. Administrative
C. Corrective
D. Physical
E. Detective
F. Deterrent

Answer: D

NEW QUESTION 153
……

P.S. These New SY0-501 Exam Questions Were Just Updated From The Real SY0-501 Exam, You Can Get The Newest SY0-501 Dumps In PDF And VCE From — https://www.passleader.com/sy0-501.html (182q VCE and PDF)

Good Luck!