A security services company is scoping a proposal with a client. They want to perform a general security audit
of their environment within a two week period and consequently have the following requirements:
Requirement 1 Ensure their server infrastructure operating systems are at their latest patch levels
Requirement 2 Test the behavior between the application and database Requirement 3 Ensure that customer
data can not be exfiltratedWhich of the following is the BEST solution to meet the above requirements?

A security manager looked at various logs while investigating a recent security breach in the data center from
an external source. Each log below was collected from various security devices compiled from a report through
the company’s security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?
user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa
Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has
disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ` ” + oe.encode ( req.getParameter
(“userID”) ) + ” ` and user_password = ` ” + oe.encode ( req.getParameter(“pwd”) ) +” ` “;
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select
TWO).

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users
Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabledAnn, a web developer, reports performance issues with her laptop and is not able to access any network
resources. After further investigation, a bootkit was discovered and it was trying to access external websites.
Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring?
(Select TWO).

VPN users cannot access the active FTP server through the router but can access any server in the data
center.Additional network information:
DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24
Datacenter 192.168.2.0/24
User network – 192.168.3.0/24
HR network 192.168.4.0/24\\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN 50
User 175
HR 250
Finance 250
Guest 0
Router ACL:
Action Source Destination
Permit 192.168.1.0/24 192.168.2.0/24
Permit 192.168.1.0/24 192.168.3.0/24
Permit 192.168.1.0/24 192.168.5.0/24
Permit 192.168.2.0/24 192.168.1.0/24
Permit 192.168.3.0/24 192.168.1.0/24
Permit 192.168.5.1/32 192.168.1.0/24
Deny 192.168.4.0/24 192.168.1.0/24
Deny 192.168.1.0/24 192.168.4.0/24
Deny any any
Which of the following solutions would allow the users to access the active FTP server?

The following has been discovered in an internally developed application:
Error – Memory allocated but not freed:
char *myBuffer = malloc(BUFFER_SIZE);
if (myBuffer != NULL) {
*myBuffer = STRING_WELCOME_MESSAGE;
printf(“Welcome to: %s\\n”, myBuffer);
}
exit(0);
Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance
department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The
upstream router interface’s MAC is 00-01-42-32-ab-1a
A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 6553409:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 65534
09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534
Which of the following is occurring on the network?

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15%
per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same timeperiod, the number of attacks against applications has decreased or stayed flat each year. At the start of the
measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago,
the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would
seem to suggest which of the following strategies should be employed?

A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Which
of the following is evidence that would aid Ann in making a case to management that action needs to be taken
to safeguard these servers?

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the
following HTTP request:
POST /login.aspx HTTP/1.1
Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication
bypass?