A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload:
“ORA-000001: SQL command not properly ended”
Which of the following is the response an example of?

An insurance company has an online quoting system for insurance premiums. It allows potential customers to
fill in certain details about their car and obtain a quote. During an investigation, the following patterns were
detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields
are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer
numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend
against it? (Select TWO).

A security services company is scoping a proposal with a client. They want to perform a general security audit
of their environment within a two week period and consequently have the following requirements:
Requirement 1 – Ensure their server infrastructure operating systems are at their latest patch levels
Requirement 2 – Test the behavior between the application and database
Requirement 3 – Ensure that customer data can not be exfiltrated
Which of the following is the BEST solution to meet the above requirements?

An employee is performing a review of the organization’s security functions and noticed that there is some
cross over responsibility between the IT security team and the financial fraud team. Which of the following
security documents should be used to clarify the roles and responsibilities between the teams?

A company has noticed recently that its corporate information has ended up on an online forum. An
investigation has identified that internal employees are sharing confidential corporate information on a daily
basis. Which of the following are the MOST effective security controls that can be implemented to stop the
above problem? (Select TWO).

A security architect has been engaged during the implementation stage of the SDLC to review a new HR
software installation for security gaps. With the project under a tight schedule to meet market commitments on
project delivery, which of the following security activities should be prioritized by the security architect? (Select
TWO).

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the
highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility
that the investigator should follow?

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The
third party service provider will manage the outsourced systems on their own premises and will continue to
directly interface with the bank’s other systems through dedicated encrypted links. Which of the following is
critical to ensure the successful management of system security concerns between the two organizations?

The finance department for an online shopping website has discovered that a number of customers were able
to purchase goods and services without any payments. Further analysis conducted by the security
investigations team indicated that the website allowed customers to update a payment amount for shipping. A
specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted
from the balance and in some instances resulted in a negative balance. As a result, the system processed the
negative balance as zero dollars. Which of the following BEST describes the application issue?

A software developer and IT administrator are focused on implementing security in the organization to protect
OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).