An administrator has enabled salting for users’ passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following
files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal.
However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested
that the user’s ongoing communication be retained in the user’s account for future investigations. Which of the following will BEST meet the goals of law

enforcement?

A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing
system. The systems must exchange large amounts of fixed format data such as names, addresses, and phone numbers, as well as occasional chunks of data in
unpredictable formats. The developers want to construct a new data format and create custom tools to parse and process the data. The security administrator
instead suggests that the developers:

A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Which of the following is evidence that would aid Ann in
making a case to management that action needs to be taken to safeguard these servers?

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST
passwords in the shortest time period?

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security?
(Select THREE).

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that
can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest
possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).

ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone
has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company
and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:
POST /login.aspx HTTP/1.1

Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?