The data backup window has expanded into the morning hours and has begun to affect production users. The
main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data
center. Which of the following uses of deduplication could be implemented to reduce the backup window?

An organization is moving its human resources system to a cloud services provider. The company plans to
continue using internal usernames and passwords with the service provider, but the security manager does not
want the service provider to have a company of the passwords. Which of the following options meets all of
these requirements?

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The
attacker then user a function of the sniffer to push those packets back onto the network again, adding another
$20 to the gift card. This can be done many times. Which of the following describes this type of attack?

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe
is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is
an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company’s applications.
Which of the following best describes what she will do?

An audit has revealed that database administrators are also responsible for auditing database changes and
backup logs. Which of the following access control methodologies would BEST mitigate this concern?

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the
following controls reduces the risk created by malicious gaming customers attempting to circumvent control by
way of modifying consoles?

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no
useful information. After discussing the situation with the security team, the administrator suspects that the
attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions
will help detect attacker attempts to further alter log files?

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was
configured correctly, the administrator has several users test the FTP service. Users report that they are able to
connect to the FTP service and download their personal files, however, they cannot transfer new files to the
server. Which of the following will most likely fix the uploading issue for the users?

Which of the following is the appropriate network structure used to protect servers and services that must be
provided to external clients without completely eliminating access for internal users?