A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for

personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect
such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk
of this activity occurring in the future?

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the
following matrix:
DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY

—————————————————————————————————————-
FinancialHIGHHIGHLOW
Client nameMEDIUMMEDIUMHIGH
Client addressLOWMEDIUMLOW
—————————————————————————————————————–
AGGREGATEMEDIUMMEDIUMMEDIUM
The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate
score?

After reviewing a company’s NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security
controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the
following is true about the security controls implemented by the security administrator?

A storage as a service company implements both encryption at rest as well as encryption in transit

of customers’ data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the
development team to implement a solution that will strengthen the customer’s encryption key. Which of the following, if implemented, will MOST increase the time
an offline password attack against the customers’ data would take?

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected
from various security devices compiled from a report through the company’s security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ` “
+ oe.encode ( req.getParameter(“userID”) ) + ” ` and user_password = ` “
+ oe.encode ( req.getParameter(“pwd”) ) +” ` “;
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption

Terminal services enabled for RDP
Administrative access for local users

Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was
discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from
reoccurring? (Select TWO).

VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:

DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11)
VPN network 192.168.1.0/24
Datacenter 192.168.2.0/24
User network – 192.168.3.0/24
HR network 192.168.4.0/24\\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN50
User175
HR250
Finance250
Guest0
Router ACL:

ActionSourceDestination
Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24
Permit192.168.1.0/24192.168.5.0/24
Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24
Permit192.168.5.1/32192.168.1.0/24
Deny192.168.4.0/24192.168.1.0/24

Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server
access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data
confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A
and the two are not competitors. Which of the following has MOST likely occurred?

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being
internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The
CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability,
and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?