Which of the following tools would allow Ann, the security administrator, to be able to BEST
quantify all traffic on her network?

Which of the following should an administrator implement to research current attack
methodologies?

Which of the following consists of peer assessments that help identify security threats and
vulnerabilities?

Ann is starting a disaster recovery program. She has gathered specifics and team members for a
meeting on site. Which of the following types of tests is this?

An internal auditing team would like to strengthen the password policy to support special
characters. Which of the following types of password controls would achieve this goal?

Which of the following can be implemented in hardware or software to protect a web server from
cross-site scripting attacks?

Ann, the software security engineer, works for a major software vendor. Which of the following
practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies
unapplied security controls and patches without attacking or compromising the system, Ann would

use which of the following?

Ann, the security administrator, received a report from the security technician, that an
unauthorized new user account was added to the server over two weeks ago. Which of the
following could have mitigated this event?

Which of the following ports should be opened on a firewall to allow for NetBIOS communication?
(Select TWO).