A security administrator notices a recent increase in workstations becoming compromised by malware. Often,
the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by
the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

News outlets are beginning to report on a number of retail establishments that are experiencing payment card
data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit,
network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the
MOST effective solution to protect against unrecognized malware infections?

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for
the sales staff to generate business. The company needs an effective communication solution to remain in
constant contact with each other, while maintaining a secure business environment. A junior-level administrator
suggests that the company and the sales staff stay connected via free social media. Which of the following
decisions is BEST for the CEO to make?

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the
following is a way to stay current on exploits and information security news?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her
investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap –O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on
the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778Based on this information, which of the following operating systems is MOST likely running on the unknown
node?

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security
Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s
contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP
implement? (Select TWO).

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An
outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has
requested that his security engineers put temporary preventive controls in place. Which of the following would
MOST appropriately address Joe’s concerns?

An external penetration tester compromised one of the client organization’s authentication servers and retrieved
the password database. Which of the following methods allows the penetration tester to MOST efficiently use
any obtained administrative credentials on the client organization’s other systems, without impacting the
integrity of any of the systems?

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is
under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible,
and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing
the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface ismaxed out. The security engineer then inspects the following piece of log to try and determine the reason for
the downtime, focusing on the company’s external router’s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO and the
BEST solution for service restoration?