After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the
price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT); The programmer found that every
time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The
temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and atimestamp in the form of MM- DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item
being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping
cart’s items?

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the
POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An
additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice
connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless.
Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times
when accessing the POS application from store computers as well as degraded voice quality when making
phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to review the
configuration and suggest changes to prevent this from happening again. Which of the following denotes the
BEST way to mitigate future malware risk?

An industry organization has implemented a system to allow trusted authentication between all of its partners.
The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was
able to set up a malicious server and conduct a successful man-in- the-middle attack. Which of the following
controls should be implemented to mitigate the attack in the future?

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition
to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect
needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on
the VMs. Which of the following will meet this goal without requiring any hardware pass-through
implementations?

A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port
37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response?
(Select TWO).

A security engineer is a new member to a configuration board at the request of management. The company
has two new major IT projects starting this year and wants to plan security into the application deployment. The
board is primarily concerned with the applications’ compliance with federal assessment and authorization
standards. The security engineer asks for a timeline to determine when a security assessment of both
applications should occur and does not attend subsequent configuration board meetings. If the security
engineer is only going to perform a security assessment, which of the following steps in system authorization
has the security engineer omitted?

Executive management is asking for a new manufacturing control and workflow automation solution. This
application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following
notes:
-Human resources would like complete access to employee data stored in the application. They would like
automated data interchange with the employee management application, a cloud- based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers. -Legal is asking for adequate
safeguards to protect trade secrets. They are also concerned with data ownership questions and legal
jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with
additional steps or overhead. System interaction needs to be quick and easy. -Quality assurance is concerned
about managing the end product and tracking overall performance of the product being produced. They would
like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL
functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation,
custom fields, and data encryption. Which of the following departments’ request is in contrast to the favored
solution?

An extensible commercial software system was upgraded to the next minor release version to patch a security
vulnerability. After the upgrade, an unauthorized intrusion into the system was
detected. The software vendor is called in to troubleshoot the issue and reports that all core components were
updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

A security administrator notices a recent increase in workstations becoming compromised by malware. Often,
the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by
the corporate antivirus. Which of the following solutions
would provide the BEST protection for the company?

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and
observes that numerous guests have been
allowed to join, without providing identifying information. The topics covered during the web conference are
considered proprietary to the company. Which of the following security concerns does the analyst present to
management?