A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last
release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the
following?

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be
mentioned as the MOST secure way for password recovery?

Which of the following use the SSH protocol? (Choose two).

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network
administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the
type of attack the proxy has been legitimately programmed to perform?

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The

assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using
in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator
been tasked to perform?

An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for
identification, a building access badge and checks the company’s list approved maintenance personnel prior to granting physical access to the secure are. The
controls used by the receptionist are in place to prevent which of the following types of attacks?

A security analyst has been asked to perform a review of an organization’s software development lifecycle. The analyst reports that the lifecycle does not contain a
phase in which team members evaluate and provide critical feedback of another developer’s code. Which of the following assessment techniques is BEST
described in the analyst’s report?

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten
application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of
the following should the security administrator do to rectify this issue?

An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several
servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations
should the penetration tester provide to the organization to better protect their web servers in the future?

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must
collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data?