A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and
information security news?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command
string:
user@hostname:~$ sudo nmap O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black
box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service
(DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly
embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the
following would MOST appropriately address Joe’s concerns?

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following
methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting
the integrity of any of the systems?

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are
normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts
by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then
inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO

and the BEST solution for service restoration?

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client
and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black
box testing of the security of the company’s purchased application? (Select TWO).

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm’s expertise is in penetration testing
corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this
goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs
show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled
maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations
is the percentage of uptime assuming there were 722 hours in the month?