A company is preparing to upgrade its NIPS at five locations around the world. The three platforms
the team plans to test, claims to have the most advanced features and lucrative pricing.
Assuming all platforms meet the functionality requirements, which of the following methods should
be used to select the BEST platform?

An organization has had component integration related vulnerabilities exploited in consecutive
releases of the software it hosts. The only reason the company was able to identify the
compromises was because of a correlation of slow server performance and an attentive security
analyst noticing unusual outbound network activity from the application servers. End-to-end
management of the development process is the responsibility of the applications development
manager and testing is done by various teams of programmers. Which of the following will MOST
likely reduce the likelihood of similar incidents?

A company has a single subnet in a small office. The administrator wants to limit non-web related
traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP
protocol anomalies from causing problems with the web server. Which of the following is the
MOST likely solution?

An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match “\bunion\b.{1,100}?\bselect\b” at
ARGS:$id. [data “union all select”] [severity “CRITICAL”] [tag “WEB_ATTACK”] [tag
“WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?

A team is established to create a secure connection between software packages in order to list
employee’s remaining or unused benefits on their paycheck stubs. Which of the following business
roles would be MOST effective on this team?

An administrator is notified that contract workers will be onsite assisting with a new project. The
administrator wants each worker to be aware of the corporate policy pertaining to USB storage
devices. Which of the following should each worker review and understand before beginning
work?

A new startup company with very limited funds wants to protect the organization from external
threats by implementing some type of best practice security controls across a number of hosts
located in the application zone, the production zone, and the core network. The 50 hosts in the
core network are a mixture of Windows and Linux based systems, used by development staff to
develop new applications. The single Windows host in the application zone is used exclusively by

the production team to control software deployments into the production zone. There are 10 UNIX
web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a
regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the
LEAST amount of disruption to staff?