Ann a new security specialist is attempting to access the internet using the company’s open wireless network.
The wireless network is not encrypted: however, once associated, ANN cannot access the internet or other
company resources. In an attempt to troubleshoot, she scans the wireless network with NMAP, discovering the
only other device on the wireless network is a firewall. Which of the following BEST describes the company’s
wireless network solution?

A recent audit has revealed that several users have retained permissions to systems they should no longer
have rights to after being promoted or changed job positions. Which of the following controls would BEST
mitigate this issue?

A company has a corporate infrastructure where end users manage their own certificate keys. Which of the
following is considered the MOST secure way to handle master keys associated with these certificates?

A company would like to implement two-factor authentication for its vulnerability management database to
require system administrators to use their token and random PIN codes. Which of the following authentication
services accomplishes this objective?

A company has experienced problems with their ISP, which has failed to meet their informally agreed upon
level of service. However the business has not negotiated any additional formal agreements beyond the
standard customer terms. Which of the following is the BEST document that the company should prepare to
negotiate with the ISP?

Which of the following is it MOST difficult to harden against?

Which of the following will provide data encryption, key management and secure application launching?

The sales force in an organization frequently travel to remote sites and requires secure access to an internal
server with an IP address of 192.168.0.220. Assuming services are using default ports, which of the following
firewall rules would accomplish this objective? (Choose Two)

An assessment too reports that the company’s web server may be susceptible to remote buffer overflow. The
web server administrator insists that the finding is a false positive. Which of the following should the
administrator do to verify if this is indeed a false positive?

Joe the system administrator has noticed an increase in network activity from outside sources. He wishes to
direct traffic to avoid possible penetration while heavily monitoring the traffic with little to no impact on the
current server load. Which of the following would be BEST course of action?