what will correct the concern?
A database administrator comes across the below records in one of the databases during an
internal audit of the payment system:
UserIDAddressCredit Card No.Password
jsmith123 fake street55XX-XXX-XXXX-1397Password100
jqdoe234 fake street42XX-XXX-XXXX-202717DEC12
From a security perspective, which of the following should be the administrator’s GREATEST
concern, and what will correct the concern?
which of the following needs to be incorporated into the SOA?
A security administrator is redesigning, and implementing a service-oriented architecture to
replace an old, in-house software processing system, tied to a corporate sales website. After
performing the business process analysis, the administrator decides the services need to operate
in a dynamic fashion. The company has also been the victim of data injection attacks in the past
and needs to build in mitigation features. Based on these requirements and past vulnerabilities,
which of the following needs to be incorporated into the SOA?
Which of the following BEST describes the purpose of an SRTM in this scenario?
A team of security engineers has applied regulatory and corporate guidance to the design of a
corporate network. The engineers have generated an SRTM based on their work and a thorough
analysis of the complete set of functional and performance requirements in the network
specification. Which of the following BEST describes the purpose of an SRTM in this scenario?
Which of the following is the hosting company MOST likely trying to achieve?
A small company hosting multiple virtualized client servers on a single host is considering adding a
new host to create a cluster. The new host hardware and operating system will be different from
the first host, but the underlying virtualization technology will be compatible. Both hosts will be
connected to a shared iSCSI storage solution. Which of the following is the hosting company
MOST likely trying to achieve?
Which of the following is true?
A security administrator is conducting network forensic analysis of a recent defacement of the
company’s secure web payment server (HTTPS). The server was compromised around the New
Year’s holiday when all the company employees were off. The company’s network diagram is
summarized below:
Internet
Gateway Firewall
IDS
Web SSL Accelerator
Web Server Farm
Internal Firewall
Company Internal Network
The security administrator discovers that all the local web server logs have been deleted.
Additionally, the Internal Firewall logs are intact but show no activity from the internal network to
the web server farm during the holiday.
Which of the following is true?
which of the following would be the MOST applicable for implementation?
A security consultant is called into a small advertising business to recommend which security
policies and procedures would be most helpful to the business. The business is comprised of 20
employees, operating off of two shared servers. One server houses employee data and the other
houses client data. All machines are on the same local network. Often these employees must work
remotely from client sites, but do not access either of the servers remotely. Assuming no security
policies or procedures are in place right now, which of the following would be the MOST applicable
for implementation? (Select TWO).
Which of the following technical means can the consultant use to determine the manufacturer and likely operati
The security manager of a company has hired an external consultant to conduct a security
assessment of the company network. The contract stipulates that the consultant is not allowed to
transmit any data on the company network while performing wired and wireless security
assessments. Which of the following technical means can the consultant use to determine the
manufacturer and likely operating system of the company wireless and wired network devices, as
well as the computers connected to the company network?
Which of the following would impact the security of conference’s resources?
When attending the latest security conference, an information security administrator noticed only a
few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference’s resources?
Which of the following causes such a process to become vulnerable?
A process allows a LUN to be available to some hosts and unavailable to others. Which of the
following causes such a process to become vulnerable?
Which of the following BEST covers the data lifecycle end-to-end?
In order for a company to boost profits by implementing cost savings on non-core business
activities, the IT manager has sought approval for the corporate email system to be hosted in the
cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken
into account. Which of the following BEST covers the data lifecycle end-to-end?