To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?

A security analyst receives an alert from a WAF with the following payload:

var data= "<test test test>" ++ <../../../../../../etc/passwd>"

Which of the following types of attacks is this?

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?

The SSID broadcast for a wireless router has been disabled but a network administrator notices

that unauthorized users are accessing the wireless network. The administor has determined that

attackers are still able to detect the presence of the wireless network despite the fact the SSID

has been disabled. Which of the following would further obscure the presence of the wireless

network?

After a merger, it was determined that several individuals could perform the tasks of a network

administrator in the merged organization. Which of the following should have been performed to

ensure that employees have proper access?

A company exchanges information with a business partner. An annual audit of the business

partner is conducted against the SLA in order to verify:

Which of the following is the proper way to quantify the total monetary damage resulting from an

exploited vulnerability?

A security administrator needs to implement a system that detects possible intrusions based upon

a vendor provided list. Which of the following BEST describes this type of IDS?

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred.

By doing which of the following is the CSO most likely to reduce the number of incidents?

A system administrator wants to provide balance between the security of a wireless network and

usability. The administrator is concerned with wireless encryption compatibility of older devices

used by some employees. Which of the following would provide strong security and backward

compatibility when accessing the wireless network?

An information security specialist is reviewing the following output from a Linux server.

user@server:~$ crontab -1

5 ****/user/local/bin/backup.sh

user@server:~ cat/usr/local/bin/backup.sh

#!/bin/bash

if!grep - - quiet joeuser/etc/passwd

then rm -rf/

fi

Based on the above information, which of the following types of malware was installed on the

server? / local/

In terms of encrypting data, which of the following is BEST described as a way to safeguard

password data by adding random data to it in storage?

An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization?

A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:

- There is no standardization.

- Employees ask for reimbursement for their devices.

- Employees do not replace their devices often enough to keep them running efficiently.

- The company does not have enough control over the devices.

Which of the following is a deployment model that would help the company overcome these problems?

When trying to log onto a company's new ticketing system, some employees receive the following message:

Access denied: too many concurrent sessions.

The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message?

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?

Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?

A database backup schedule consists of weekly full backups performed on Saturday at 12:00 A.M. and daily differential backups also performed at 12:00 A.M. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery?

Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?

Which of the following BEST describes a routine in which semicolons, dashes, quotes, and commas are removed from a string?

A company is currently using the following configuration:

- IAS server with certificate-based EAP-PEAP and MSCHAP.

- Unencrypted authentication via PAP.

A security administrator needs to configure a new wireless setup with the following configurations:

- PAP authentication method.

- PEAP and EAP provide two-factor authentication.

Which of the following forms of authentication are being used? (Select TWO.)

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements?

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies?

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could do what?

You are looking for a method to manage access to a secure area. You want to allow entry through a locked

gate that unlocks automatically and track individuals going into and out of the area, Which method should

you use?

Your company has three computer security professionals. Every month, a different one is assigned to

auditing duties.

What principle does this illustrate?

What is the difference between the MTBF and the MTTR of a system component?

What can be done at the client to mitigate the risk of XSS?

You are looking for ways to prevent users from copying data from their computer systems to an external

drive. You have disabled all floppy disk drives, and the computers are configured with read-only CD\DVD

players.

What else should you do? (Choose two.)

Company A is planning to partner with Company B on a project. The project w ill require an application

server at Company A to access a database server at Company B. You need to document the business and compliance requirements of the connection.

What should you use?

Users report that they lose connection to the wireless access point. You investigate and discover radio

frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?

Which one is the MAIN reason for a security administrator to run a password cracker in a company

Which two types of attacks rely mainly on the attacker seeming to be familiar to the victim for their

effectiveness? (Choose two,)

A company has completed a security audit, which has highlighted some gaps. The report has recommended

upgrading some network components. The company has provided the following requirements:

* Implement a security device that consolidates multiple functions to protect the network, filter malicious

websites, and stop SPAM messages.

* Implement a tool to identify malware and security incidents using real-time and historical analysis.

Which of the following set of devices and tools is BEST suited for that purpose?

A company's internal network is divided into multiple subnets. The network is isolated from the Internet by a

perimeter network, The perimeter network is bounded by routers. Subnets are defined using routers, Layer 3 switches, and Wi-Fi routers.

This is an example of what type of defense policy?

An attacker exploits a valid session to gain access to a secure network computer.

This is an example of what type of attack?

What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose two,)

A security analyst has enabled a protocol analyzer to capture and analyse network traffic. The report has

recommended disabling a weak protocol on one device based on the following capture:

Transmission Control Protocol , Src Port: 1251, Ost Port: 23, Seq: 199, Ack: 133, Len: 0

Transmission Control Protocol , Src Port: 23, Ost Port: 1251, Seq: 101, Ack: 199, Len: 32

Which protocol should be enabled instead?