A company has a single subnet in a small office. The administrator wants to limit non-web related
traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP
protocol anomalies from causing problems with the web server. Which of the following is the
MOST likely solution?

An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match “\bunion\b.{1,100}?\bselect\b” at
ARGS:$id. [data “union all select”] [severity “CRITICAL”] [tag “WEB_ATTACK”] [tag
“WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?

A team is established to create a secure connection between software packages in order to list
employee’s remaining or unused benefits on their paycheck stubs. Which of the following business
roles would be MOST effective on this team?

An administrator is notified that contract workers will be onsite assisting with a new project. The
administrator wants each worker to be aware of the corporate policy pertaining to USB storage
devices. Which of the following should each worker review and understand before beginning
work?

A new startup company with very limited funds wants to protect the organization from external
threats by implementing some type of best practice security controls across a number of hosts
located in the application zone, the production zone, and the core network. The 50 hosts in the
core network are a mixture of Windows and Linux based systems, used by development staff to
develop new applications. The single Windows host in the application zone is used exclusively by

the production team to control software deployments into the production zone. There are 10 UNIX
web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a
regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the
LEAST amount of disruption to staff?

A security manager is developing new policies and procedures. Which of the following is a best
practice in end user security?

If a technician must take an employee’s workstation into custody in response to an investigation,
which of the following can BEST reduce the likelihood of related legal issues?

An organization has had six security incidents over the past year against their main web
application. Each time the organization was able to determine the cause of the incident and
restore operations within a few hours to a few days. Which of the following provides the MOST
comprehensive method for reducing the time to recover?

A company runs large computing jobs only during the overnight hours. To minimize the amount of
capital investment in equipment, the company relies on the elastic computing services of a major
cloud computing vendor. Because the virtual resources are created and destroyed on the fly
across a large pool of shared resources, the company never knows which specific hardware
platforms will be used from night to night. Which of the following presents the MOST risk to
confidentiality in this scenario?

A business wants to start using social media to promote the corporation and to ensure that
customers have a good experience with their products. Which of the following security items
should the company have in place before implementation? (Select TWO).