Which of the following was MOST likely compromised?
The security administrator installed a newly generated SSL certificate onto the company web
server. Due to a mis-configuration of the website, a downloadable file containing one of the pieces
of the key was available to the public. It was verified that the disclosure did not require a reissue of
the certificate. Which of the following was MOST likely compromised?
Which of the following is this an example of?
After analyzing and correlating activity from multiple sensors, the security administrator has
determined that a group of very well organized individuals from an enemy country is responsible
for various attempts to breach the company network, through the use of very sophisticated and
targeted attacks. Which of the following is this an example of?
Which of the following was launched against a company based on the following IDS log? 122.41.15.252 – &#
Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA HTTP/1.1″ 200 2731 “http://www.company.com/cgibin/forum/commentary.pl/noframes/read/209” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; Hotbar 4.4.7.0)”
Which of the following lines in the user’s history log shows evidence that the user attempted to escape the
The security administrator is analyzing a user’s history file on a Unix server to determine if the
user was attempting to break out of a rootjail. Which of the following lines in the user’s history log
shows evidence that the user attempted to escape the rootjail?
Which of the following is the developer performing when testing the application?
A software development company has hired a programmer to develop a plug-in module to an
existing proprietary application. After completing the module, the developer needs to test the entire
application to ensure that the module did not introduce new vulnerabilities. Which of the following
is the developer performing when testing the application?
Which of the following technical controls must be implemented to enforce the corporate policy?
A security administrator must implement all requirements in the following corporate policy:
Passwords shall be protected against offline password brute force attacks.
Passwords shall be protected against online password brute force attacks.
Which of the following technical controls must be implemented to enforce the corporate policy?
(Select THREE).
Which of the following is a best practice for error and exception handling?
Which of the following is a best practice for error and exception handling?
Which of the following BEST protects the credit card data?
A merchant acquirer has the need to store credit card numbers in a transactional database in a
high performance environment. Which of the following BEST protects the credit card data?
Which of the following BEST protects the master password list?
A team of firewall administrators have access to a ‘master password list’ containing service
account passwords. Which of the following BEST protects the master password list?
Which of the following describes how this private key should be stored so that it is protected from theft?
An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests.
Which of the following describes how this private key should be stored so that it is protected from
theft?