Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of
the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
“account”:

[
{ “creditAccount”:”Credit Card Rewards account”} {
“salesLeadRef”:”www.example.com/badcontent/exploitme.exe”}
],
“customer”:
[
{ “name”:”Joe Citizen”} { “custRef”:”3153151″}
] }

The banking website responds with:
HTTP/1.1 200 OK
{
“newAccountDetails”:
[
{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″}
{ “cardCVV”:”909″}
],
“marketingCookieTracker”:”JSESSIONID=000000001″
“returnCode”:”Account added successfully”
}
Which of the following are security weaknesses in this example? (Select TWO).

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be
centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to
reach the desired outcome?

A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by
the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator
recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?

An enterprise must ensure that all devices that connect to its networks have been previously
approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the
security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise
requirements?

Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).

A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with
a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by
the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of
the following is the MOST accurate statement?

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website. Which of the following is the MOST likely cause of the
downtime?

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would
be before looking further into this concern. Two vendor proposals have been received:
– Vendor A: product-based solution which can be purchased by the pharmaceutical company.
– Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to
be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.
– Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company’s needs.
Bundled offering expected to be $100,000 per year.
Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the
following options is MOST accurate?