A new intern in the purchasing department requires read access to shared documents. Permissions are
normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow
write access. Which of the following would be the BEST course of action?
Which of the following encrypts data a single bit at a time?
A security program manager wants to actively test the security posture of a system. The system is not yet in
production and has no uptime requirement or active user base. Which of the following methods will produce a
report which shows vulnerabilities that were actually exploited?
The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for
HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring
additional costs. Which of the following is the best solution for the network administrator to secure each internal
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not
confidentiality protection. Which of the following AES modes of operation would meet this integrity-only
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be
determined even during an extended internet outage. Which of the following should be implemented?
A computer on a company network was infected with a zero-day exploit after an employee accidentally opened
an email that contained malicious content. The employee recognized the email as malicious and was
attempting to delete it, but accidentally opened it. Which of the following should be done to prevent this scenario
from occurring again in the future?
A company researched the root cause of a recent vulnerability in its software. It was determined that the
vulnerability was the result of two updates made in the last release. Each update alone would not have resulted
in the vulnerability.In order to prevent similar situations in the future, which of the following should the company improve?
A security administrator is developing training for corporate users on basic security principles for personal email
accounts. Which of the following should be mentioned as the MOST secure way for password recovery?
Which of the following use the SSH protocol?