A user contacts the help desk after being unable to log in to the corporate website. The user can log into the site from another computer in the next office, but not
from the PC. The user’s PC was able to connect earlier in the day. The help desk has the user restart the NTP service. Afterwards, the user is able to log into the
website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms?

Which of the following attacks takes advantage of user provided input to inject executable binary code into a running program?

A network administrator recently implemented two caching proxy servers on the network. How can the administrator BEST aggregate the log files from the proxy
servers?

A security engineer wants to communicate securely with a third party via email using PGP. Which of the following should the engineer send to the third party to
securely encrypt email replies?

A company wants to ensure that all software executing on a corporate server have been authorized to do so by a central control point. Which of the following can be
implemented to enable such a control?

A new help desk employee at a cloud services provider receives a call from a customer. The customer is unable to log into the provider’s web application database.
The help desk employee is unable to find the customer’s user account in the directory services console, but see the customer information in the application
database. The application does nit appear to have any fields for a password. The customer then remembers the password and is able to log in. The help desk
employee still does not see the user account in directory services. Which of the following is the MOST likely ?

An organization uses a Kerberos-based LDAP service for network authentication. The service is also utilized by internal web applications. Finally, access to terminal
applications is achieved using the same authentication method by joining the legacy system to the Kerberos realm. The company is using Kerberos to achieve
which of the following?

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active
user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has
been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each
internal website?

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES

modes of operation would meet this integrity-only requirement?