1. A company is deploying a new iSCSI-based SAN. The requirements are as follows: SAN nodes to authenticate each other. Shared keys should not be used. Failure to use encryption to profit performance. Which meet the following design specifications all requirements? (Choose two).(Select 2answers)

A) Targets CHAP authentication
B) IPSec AH use PKI certificates for authentication
C) Fiber Channel are used with AES
D) Targets have SCSI ID authentication
E) Initiators and targets to use CHAP authentication


2. A security administrator is responsible for the implementation of two-factor authentication for enterprise VPN. The VPN is currently configured for VPN users to authenticate against a backend RADIUS server. New policies now require a second factor authentication, and PKI Information Security Officer has been selected as the second factor. Which of the following would execute configure the security administrator and run the VPN concentrator to the second factor and ensure that there are no errors during the VPN connection will be displayed to the user? (Choose two).(Select 2answers)

A) The CAA public key certificate must be installed on the VPN concentrator.
B) private key of the VPN concentrator should be installed on the VPN concentrator.
C) The CA certificate private key must be installed on the VPN concentrator.
D) certificate private key of the user to be installed on the VPN concentrator.
E) The user's private key certificate must be signed by the CA.


3. XYZ Company provides hosting services for hundreds of companies in various sectors such as health, education and manufacturing. The security architect for XYZ Company is reviewing a proposal to combine seller by operating XYZA ¬ YS hardware cost of multiple physical hosts to reduce the use of virtualization technologies. The security architect identifies concern about the separation of data, confidentiality, legal requirements relating to PII, and administrative complexity of the proposal. Which of the following BEST describes the main concerns of the security architect?

A) XYZ Company be liable for disclosure of sensitive data from one hosted customer when approached by a malicious user who has gained access to the virtual machine from a hosted customer.
B) Not all of the company XYZ customers need the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor denies hardware cost savings.
C) Most of the XYZ Company customers are willing to reduce the risks of unauthorized disclosure and access to accept external user information.
D) None
E) The requirements availability SLAs should be customer hosted together rewritten to take into account the transfer of virtual machines between physical platforms for regular maintenance.


4. A company must ensure that all devices that connect already approved previously by the network. The solution must support dual-factor mutual authentication with a strong identity assurance. To reduce the costs and administrative overhead, security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions to address the business requirements?

A) Using an HSM at the network perimeter handle network access device
B) Implementing federated network access to third party
C) Implementing 802.1x EAP-TTLS on infrastructure
D) A VPN concentrator dual factor support via hardware tokens.
E) None


5. It is the attention of the IT administrator has come to the field post your comment has been used on the company blog page, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be most effective in preventing post your comment field to be abused?

A) Install HIDS on the server
B) Updating the blog page to HTTPS
C) Patch the web application
D) None
E) filter metacharacters