An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal
access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified, resulting in the breach?

A healthcare organization is in the process of building and deploying a new web server in the DMZ that will enable public Internet users the ability to securely send
and receive messages from their primary care physicians. Which of the following should the security administrator consider?

A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company
systems. The combination of these two technologies is an example of which of the following?

An administrator needs to deploy a new SSL wildcard certificate to three different web servers. Which of the following MUST be taken into consideration? (Select
TWO).

An analyst is documenting the user interaction process associated with the login prompts in an application structure, the user enters a username and a one-time
password, which was previously emailed to the user. Next, the user enters a PIN and is then allowed into the dashboard of the application to modify account details.
In this scenario, which of the following steps immediately precedes the authorization process?

Which of the following social engineering attacks would describe a situation where an attacker calls an employee while impersonating a corporate executive?

An attacker would like to target a company and redirect their legitimate traffic to other sites. Which of the following attacks would be used to cause this malicious
URL redirection?

When performing a risk analysis, which of the following is considered a threat?

A recent security audit revealed the company is lacking deterrent security controls. Which of the following could be implemented to address this finding?

A research user needs to transfer multiple terabytes of data across a network. The data is not confidential, so for performance reasons, does not need to be
encrypted. However, the authentication process must be confidential. Which of the following is the BEST solution to satisfy these requirements?