A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an
enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the
company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement
next to reduce malware infection?

During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics
evidence from the company’s database server. Which of the following is the correct order in which the forensics team should engage?

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for

personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect
such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk
of this activity occurring in the future?

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the
following matrix:
DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY

—————————————————————————————————————-
FinancialHIGHHIGHLOW
Client nameMEDIUMMEDIUMHIGH
Client addressLOWMEDIUMLOW
—————————————————————————————————————–
AGGREGATEMEDIUMMEDIUMMEDIUM
The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate
score?

After reviewing a company’s NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security
controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the
following is true about the security controls implemented by the security administrator?

A storage as a service company implements both encryption at rest as well as encryption in transit

of customers’ data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the
development team to implement a solution that will strengthen the customer’s encryption key. Which of the following, if implemented, will MOST increase the time
an offline password attack against the customers’ data would take?

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected
from various security devices compiled from a report through the company’s security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ` “
+ oe.encode ( req.getParameter(“userID”) ) + ” ` and user_password = ` “
+ oe.encode ( req.getParameter(“pwd”) ) +” ` “;
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption

Terminal services enabled for RDP
Administrative access for local users

Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was
discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from
reoccurring? (Select TWO).

VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:

DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11)
VPN network 192.168.1.0/24
Datacenter 192.168.2.0/24
User network – 192.168.3.0/24
HR network 192.168.4.0/24\\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN50
User175
HR250
Finance250
Guest0
Router ACL:

ActionSourceDestination
Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24
Permit192.168.1.0/24192.168.5.0/24
Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24
Permit192.168.5.1/32192.168.1.0/24
Deny192.168.4.0/24192.168.1.0/24

Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?