A storage as a service company implements both encryption at rest as well as encryption in transit

of customers’ data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the
development team to implement a solution that will strengthen the customer’s encryption key. Which of the following, if implemented, will MOST increase the time
an offline password attack against the customers’ data would take?

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected
from various security devices compiled from a report through the company’s security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ` “
+ oe.encode ( req.getParameter(“userID”) ) + ” ` and user_password = ` “
+ oe.encode ( req.getParameter(“pwd”) ) +” ` “;
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption

Terminal services enabled for RDP
Administrative access for local users

Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was
discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from
reoccurring? (Select TWO).

VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:

DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11)
VPN network 192.168.1.0/24
Datacenter 192.168.2.0/24
User network – 192.168.3.0/24
HR network 192.168.4.0/24\\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN50
User175
HR250
Finance250
Guest0
Router ACL:

ActionSourceDestination
Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24
Permit192.168.1.0/24192.168.5.0/24
Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24
Permit192.168.5.1/32192.168.1.0/24
Deny192.168.4.0/24192.168.1.0/24

Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server
access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data
confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A
and the two are not competitors. Which of the following has MOST likely occurred?

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being
internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The
CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability,
and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the
BEST description of why this is true?

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but
also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following implementations would BEST meet
the needs?

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for
compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the
noncompliance?