A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in
order to speed up the time to market timeline. Which of the following is the MOST appropriate?

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting
attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?

A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process

of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de- merger. From a high-level perspective,
which of the following BEST provides the procedure that the consultant should follow?

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for
a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.
Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was
submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred?

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:

Delivered-To: customer@example.com
Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from <IT@company.com>)
Received: by smtpex.example.com (SMTP READY)
with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500
From: Company <IT@Company.com>
To: “customer@example.com” <customer@example.com>
Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application

Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
www.examplesite.com
________________________________
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company
projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received
three quotes from different companies that provide HIPS.
– The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.
– The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a
12% annual fee based on the number of workstations.
– The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?

Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back
to the home school for authentication via the Internet.
The requirements are:
– Mutual authentication of clients and authentication server
– The design should not limit connection speeds
– Authentication must be delegated to the home school
– No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform?

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense
method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which
of the following methodologies should be adopted?

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS
servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the- middle attack. Which of the
following controls should be implemented to mitigate the attack in the
future?