An administrator deploys a WPA2 Enterprise wireless network with EAP-PEAP-MSCHAPv2. The deployment is
successful and company laptops are able to connect automatically with no user intervention. A year later, the
company begins to deploy phones with wireless capabilities. Users report that they are receiving a warning
when they attempt to connect to the wireless network from their phones. Which of the following is the MOST
likely cause of the warning message?

A security analyst, while doing a security scan using packet capture security tools, noticed large volumes of
data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST
step in responding to scan results?

A company requires that all wireless communication be compliant with the Advanced encryption standard. The
current wireless infrastructure implements WEP + TKIP. Which of the following wireless protocols should be
implemented?

A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users.
Guests can obtain their portal password at the service desk. A security consultant alerts the administrator that
the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of the
following attacks did the security consultant use?

The security administrator receives a service ticket saying a host based firewall is interfering with the operation
of a new application that is being tested in development. The administrator asks for clarification on which ports
need to be open. The software vendor replies that it could use up to 20 ports and many customers have
disabled the host based firewall. After examining the system, the administrator sees several ports that are open
for database and application servers that only used locally. The vendor continues to recommend disabling the
host based firewall.
Which of the following is the best course of action for the administrator to take?

A chief information officer (CIO) is concerned about PII contained in the organization’s various data warehouse
platforms. Since not all of the PII transferred to the organization is required for proper operation of the data
warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of
the following controls would be MOST appropriate in this scenario?

An employee finds a USB drive in the employee lunch room and plugs the drive into a shared workstation to
determine who owns the drive. When the drive is inserted, a command prompt opens and a script begins to
run. The employee notifies a technician, who determines that data on a server have been compromised. This is
an example of:

Employees are reporting that they have been receiving a large number of emails advertising products and
services. Links in the email direct the users’ browsers to the websites for the items being offered. No reports of
increased virus activity have been observed. A security administrator suspects that the users are the targets of:

A security administrator is selecting an MDM solution for an organization, which has strict security requirements
for the confidentiality of its data on end user devices. The organization decides to allow BYOD, but requires that
users wishing to participate agree to the following specific device configurations; camera disablement,
password enforcement, and application whitelisting. The organization must be able to support a device portfolio
of differing mobile operating systems. Which of the following represents the MOST relevant technical security
criteria for the MDM?

Joe has hired several new security administrators and have been explaining the4 design of the company’s
network. He has described the position and descriptions of the company’s firewalls, IDS sensors, antivirus
server, DMZs, and HIPS. Which of the following best describes the incorporation of these elements?