A large retail vendor provides access to a heating, ventilation, and air conditioning vendor for the purpose of issuing billing statements and receiving payments. A
security administrator wants to prevent attackers from using compromised credentials to access the billing system, moving laterally to the point-of-sale (POS)
system, and installing malware to skim credit card data. Which of the following is the MOST important security architecture consideration the retail vendor should
impose?

A server technician is about to perform a major upgrade to the operating system of a critical system. This system is currently in a virtualization environment. Which
of the following actions would result in the LEAST amount of downtime if the upgrade were to fail?

Ann, a network security engineer, is trying to harden her wireless network. Currently, users are able to connect any device to the wireless network as long as they

authenticate with their network username and password. She is concerned that devices that are not company-issued may gain unauthorized access. Which of the
following techniques would be BEST suited to remediate this vulnerability? (Select TWO).

Which of the following actions would help prevent SQL injection on a web application?

Which of the following authentication services utilizes UDP for communication between client and server?

A systems administrator is part of the organization’s contingency and business continuity planning process. The systems administrator and relevant team participant
in the analysis of a contingency situation intended to elicit constructive discussion. Which of the following types of activity is MOST accurately described in this
scenario?

A security administrator, believing it to be a security risk, disables IGMP snooping on a switch. This breaks a video application. The application is MOST likely using:

An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal
access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified, resulting in the breach?

A healthcare organization is in the process of building and deploying a new web server in the DMZ that will enable public Internet users the ability to securely send
and receive messages from their primary care physicians. Which of the following should the security administrator consider?

A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company
systems. The combination of these two technologies is an example of which of the following?