A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools’ results. Which of the
following is the best method for collecting this information?

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to
replicate the backups to separate servers at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup
window?

An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with
the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of
these requirements?

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those
packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop
may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company’s applications.
Which of the following best describes what she will do?

An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control
methodologies would BEST mitigate this concern?

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious
gaming customers attempting to circumvent control by way of modifying consoles?

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with
the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following
actions will help detect attacker attempts to further alter log files?

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several
users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files
to the server. Which of the following will most likely fix the uploading issue for the users?