VPN users cannot access the active FTP server through the router but can access any server in the data
center.
Additional network information:
DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24
Datacenter 192.168.2.0/24
User network – 192.168.3.0/24
HR network 192.168.4.0/24\\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN 50
User 175
HR 250
Finance 250
Guest 0
Router ACL:
Action Source Destination
Permit 192.168.1.0/24 192.168.2.0/24
Permit 192.168.1.0/24 192.168.3.0/24
Permit 192.168.1.0/24 192.168.5.0/24
Permit 192.168.2.0/24 192.168.1.0/24
Permit 192.168.3.0/24 192.168.1.0/24
Permit 192.168.5.1/32 192.168.1.0/24
Deny 192.168.4.0/24 192.168.1.0/24
Deny 192.168.1.0/24 192.168.4.0/24
Deny any any
Which of the following solutions would allow the users to access the active FTP server?

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the followingfigures is the system’s SLE?

A company provides on-demand cloud computing resources for a sensitive project. The company implements a
fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the
administrative website. The security administrator at the company has uncovered a breach in data
confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B.
Company B is not in the same industry as company A and the two are not competitors. Which of the following
has MOST likely occurred?

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex
vulnerabilities that may exist in a payment system being internally developed. The payment system being
developed will be sold to a number of organizations and is in direct competition with another leading product.
The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the
competition in terms of the product’s reliability, stability, and performance. Which of the following would provide
the MOST thorough testing and satisfy the CEO’s requirements?

A company decides to purchase commercially available software packages. This can introduce new security
risks to the network. Which of the following is the BEST description of why this is true?

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000
end points. The product must meet regulations but also be flexible enough to minimize overhead and support in
regards to password resets and lockouts. Which of the following implementations would BEST meet the
needs?

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy.
Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of
the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).