335. An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability management process? A. Create a third environment between development and production that mirrors production and tests all changes before deployment to the users B. Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production C. Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment D. Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities My guess: B Others answer: A *Please Only Answer These Questions If You Are 100% Sure* __________________________________________________ 339. The security team has determined that the current incident response resources cannot meet management's objective to secure a forensic image for all serious security incidents within 24 hours. Which of the following compensating controls can be used to help meet management's expectations? A. Separation of duties B. Scheduled reviews C. Dual control D. Outsourcing My guess: D Others answer: D __________________________________________________ 340. Which of the following describes why it is important for an organization's incident response team and legal department to meet and discuss communication processes during the incident response process? A. To comply with existing organization policies and procedures on interacting with internal and external parties B. To ensure all parties know their roles and effective lines of communication are established C. To identify which group will communicate details to law enforcement in the event of a security incident D. To predetermine what details should or should not be shared with internal or external parties in the event of an incident. My guess: A Others answer: A __________________________________________________ 344. During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the legitimacy of the team. Which of the following information should be shown to the officer? A. Letter of engagement B. Scope of work C. Timing information D. Team reporting My guess: A Others answer: A __________________________________________________ 345. A security analyst is performing a stealth black-box audit of the local WiFi network and is running a wireless sniffer to capture local WiFi network traffic from a specific wireless access point. The SSID is not appearing in the sniffing logs of the local wireless network traffic. Which of the following is the best action that should be performed NEXT to determine the SSID? A. Set up a fake wireless access point B. Power down the wireless access point C. Deauthorize users of that access point D. Spoof the MAC addresses of adjacent access points My guess: B Others answer: A __________________________________________________