A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the
POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An
additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice
connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless.
Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times
when accessing the POS application from store computers as well as degraded voice quality when making
phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to review the
configuration and suggest changes to prevent this from happening again. Which of the following denotes theBEST way to mitigate future malware risk?

During a recent audit of servers, a company discovered that a network administrator, who required remote
access, had deployed an unauthorized remote access application that communicated over common ports
already allowed through the firewall. A network scan showed that this remote access application had already
been installed on one third of the servers in the company. Which of the following is the MOST appropriate
action that the company should take to provide a more appropriate solution?

A security engineer is working on a large software development project. As part of the design of the project,
various stakeholder requirements were gathered and decomposed to an implementable and testable level.
Various security requirements were also documented. Organize the following security requirements into the
correct hierarchy required for an SRTM. Requirement 1: The system shall provide confidentiality for data in
transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4: The system shall
provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the
company’s security posture quickly with regard to targeted attacks. Which of the following should the CSO
conduct FIRST?

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO
is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as
well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of
the following equipment MUST be deployed to guard against unknown threats?

A human resources manager at a software development company has been tasked with recruiting personnel
for a new cyber defense division in the company. This division will require personnel to have high technology
skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into
this industry to execute the task?

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no
longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are
working. Which of the following tools would a security engineer use to make sure the DNS server is listening on
port 53?

A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at
the company. In addition to the company’s physical security, which of the following can the network
administrator use to detect the presence of a malicious actor physically accessing the company’s network or
information systems from within? (Select TWO).

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet
connections the network may have. Where would the consultant find this information and why would it be
valuable?

A new web based application has been developed and deployed in production. A security engineer decides to
use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be
uncovered by this tool?