It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has
been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the
following would be the MOST effective at preventing the “post your comment” field from being exploited?

A company has decided to change its current business direction and refocus on core business. Consequently,
several company sub-businesses are in the process of being sold-off. A security consultant has been engaged
to advise on residual information security concerns with a de-merger. From a high-level perspective, which of
the following BEST provides the procedure that the consultant should follow?

A web developer is responsible for a simple web application that books holiday accommodations. The frontfacing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signedinteger variable and is then checked to ensure that the user is in the adult age range.
Users have reported that the website is not functioning correctly. The web developer has inspected log files and
sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of
the following is the MOST likely situation that has occurred?

Customers are receiving emails containing a link to malicious software. These emails are subverting spam
filters. The email reads as follows:
Delivered-To: customer@example.com
Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from
<IT@company.com>)
Received: by smtpex.example.com (SMTP READY)
with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500
From: Company <IT@Company.com>
To: “customer@example.com” <customer@example.com>
Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application
Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
www.examplesite.com
________________________________
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.
Which of the following are the MOST appropriate courses of action a security administrator could take to
eliminate this risk? (Select TWO).

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system
compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years
responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three
quotes from different companies that provide HIPS.
The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual
support fee based on the number of workstations.
The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual
fee based on the number of workstations.
The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on
the number of workstations.
Which solution should the company select if the contract is only valid for three years?

Two universities are making their 802.11n wireless networks available to the other university’s students. The
infrastructure will pass the student’s credentials back to the home school for authentication via the Internet.
The requirements are:
Mutual authentication of clients and authentication server
The design should not limit connection speeds
Authentication must be delegated to the home school
No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on
the same physical platform?

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for
over 20 years. He has designed a network defense method which he says is significantly better than prominent
international standards. He has recommended that the company use his cryptographic method. Which of the
following methodologies should be adopted?

An industry organization has implemented a system to allow trusted authentication between all of its partners.
The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was
able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following
controls should be implemented to mitigate the attack in the future?

Two separate companies are in the process of integrating their authentication infrastructure into a unified single
sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The
system administrators have configured a trust relationship between the authentication backend to ensure
proper process flow. How should the employees request access to shared resources before the authentication
integration is complete?