A trucking company delivers products all over the country. The executives at the company would like to have
better insight into the location of their drivers to ensure the shipments are following secure routes. Which of the
following would BEST help the executives meet this goal?

An administrator believes that the web servers are being flooded with excessive traffic from time to time. The
administrator suspects that these traffic floods correspond to when a competitor makes major announcements.
Which of the following should the administrator do to prove this theory?

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-
day patching policy. Which of the following BEST maximizes the protection of these systems from malicious
software?

A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload:
“ORA-000001: SQL command not properly ended”
Which of the following is the response an example of?

An insurance company has an online quoting system for insurance premiums. It allows potential customers to
fill in certain details about their car and obtain a quote. During an investigation, the following patterns were
detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields
are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer
numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend
against it? (Select TWO).

A security services company is scoping a proposal with a client. They want to perform a general security audit
of their environment within a two week period and consequently have the following requirements:
Requirement 1 – Ensure their server infrastructure operating systems are at their latest patch levels
Requirement 2 – Test the behavior between the application and database
Requirement 3 – Ensure that customer data can not be exfiltrated
Which of the following is the BEST solution to meet the above requirements?

An employee is performing a review of the organization’s security functions and noticed that there is some
cross over responsibility between the IT security team and the financial fraud team. Which of the following
security documents should be used to clarify the roles and responsibilities between the teams?

A company has noticed recently that its corporate information has ended up on an online forum. An
investigation has identified that internal employees are sharing confidential corporate information on a daily
basis. Which of the following are the MOST effective security controls that can be implemented to stop the
above problem? (Select TWO).

A security architect has been engaged during the implementation stage of the SDLC to review a new HR
software installation for security gaps. With the project under a tight schedule to meet market commitments on
project delivery, which of the following security activities should be prioritized by the security architect? (Select
TWO).

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the
highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility
that the investigator should follow?