A financial company requires a new private network link with a business partner to cater for realtime and
batched data flows.
Which of the following activities should be performed by the IT security staff member prior to
establishing the link?

Which of the following assessments would Pete, the security administrator, use to actively test that an
application’s security controls are in place?

Which of the following is the MOST intrusive type of testing against a production system?

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print
spool directory, and was able to download a document from the spool. Which statement BEST describes
her privileges?

During a penetration test from the Internet, Jane, the system administrator, was able to establish a
connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST
likely to be open on the firewall? (Select FOUR).

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a
company’s live modem pool. Which of the following activities is MOST appropriate?

Which of the following is BEST utilized to actively test security controls on a particular system?

A security administrator is aware that a portion of the company’s Internet-facing network tends to be
non-secure due to poorly configured and patched systems. The business owner has accepted the risk of
those systems being compromised, but the administrator wants to determine the degree to which those
systems can be used to gain access to the company intranet. Which of the following should the
administrator perform?

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies
unapplied security controls and patches without attacking or compromising the system, Ann would use
which of the following?

Which of the following BEST represents the goal of a vulnerability assessment?