A security engineer is troubleshooting a possible virus infection, which may have spread to
multiple desktop computers within the organization. The company implements enterprise antivirus
software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus
infection. The border firewall logs show suspicious activity from multiple internal hosts trying to
connect to the same external IP address. The security administrator decides to post the firewall
logs to a security mailing list and receives confirmation from other security administrators that the
firewall logs indicate internal hosts are compromised with a new variant of the
Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the
following would have detected the malware infection sooner?

A security administrator is tasked with implementing two-factor authentication for the company
VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS
server. New company policies require a second factor of authentication, and the Information
Security Officer has selected PKI as the second factor. Which of the following should the security
administrator configure and implement on the VPN concentrator to implement the second factor
and ensure that no error messages are displayed to the user during the VPN connection? (Select
TWO).

A large international business has completed the acquisition of a small business and it is now in
the process of integrating the small business’ IT department. Both parties have agreed that the
large business will retain 95% of the smaller business’ IT staff. Additionally, the larger business
has a strong interest in specific processes that the smaller business has in place to handle its
regional interests. Which of the following IT security related objectives should the small business’
IT staff consider reviewing during the integration process? (Select TWO).

The security administrator finds unauthorized tables and records, which were not present before,
on a Linux database server. The database server communicates only with one web server, which
connects to the database server via an account with SELECT only privileges. Web server logs
show the following:
90.76.165.40 – – [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden
HTTP/1.1” 200 5724
90.76.165.40 – – [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 5724
90.76.165.40 – – [08/Mar/2014:10:54:04] “GET index.php?user=<script>Create</script> HTTP/1.1”
200 5724
The security administrator also inspects the following file system locations on the database server
using the command ‘ls -al /root’
drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws—— 25 root root 4096 Mar 8 09:30 .bash_history
-rw——- 25 root root 4096 Mar 8 09:30 .bash_history
-rw——- 25 root root 4096 Mar 8 09:30 .profile
-rw——- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the
security administrator implement to detect such attacks in the future? (Select TWO).

The Information Security Officer (ISO) is reviewing new policies that have been recently made
effective and now apply to the company. Upon review, the ISO identifies a new requirement to
implement two-factor authentication on the company’s wireless system. Due to budget constraints,
the company will be unable to implement the requirement for the next two years. The ISO is
required to submit a policy exception form to the Chief Information Officer (CIO). Which of the
following are MOST important to include when submitting the exception form? (Select THREE).

The senior security administrator wants to redesign the company DMZ to minimize the risks
associated with both external and internal threats. The DMZ design must support security in depth,
change management and configuration processes, and support incident reconstruction. Which of
the following designs BEST supports the given requirements?

Company A needs to export sensitive data from its financial system to company B’s database,
using company B’s API in an automated manner. Company A’s policy prohibits the use of any
intermediary external systems to transfer or store its sensitive data, therefore the transfer must
occur directly between company A’s financial system and company B’s destination server using
the supplied API. Additionally, company A’s legacy financial software does not support encryption,
while company B’s API supports encryption. Which of the following will provide end-to-end
encryption for the data transfer while adhering to these requirements?