Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her
investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on
the device:
TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown
node?

Which of the following provides the BEST risk calculation methodology?

Which of the following provides the BEST risk calculation methodology?

A security manager for a service provider has approved two vendors for connections to the service provider
backbone. One vendor will be providing authentication services for its payment card service, and the other
vendor will be providing maintenance to the service provider infrastructure sites. Which of the following
business agreements is MOST relevant to the vendors and service provider’s relationship?

Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speakingwith the network administrator, the security administrator learns that the existing routers have the minimum
processing power to do the required level of encryption. Which of the following solutions minimizes the
performance impact on the router?

An administrator wants to enable policy based flexible mandatory access controls on an opensource OS to prevent abnormal application modifications or executions. Which of the following would BEST
accomplish this?

A security administrator was recently hired in a start-up company to represent the interest of security and to
assist the network team in improving security in the company. The programmers are not on good terms with the
security team and do not want to be distracted with security issues while they are working on a major project.
Which of the following is the BEST time to make them address security issues in the project?

A company Chief Information Officer (CIO) is unsure which set of standards should govern the company’s IT
policy. The CIO has hired consultants to develop use cases to test against various government and industry
security standards. The CIO is convinced that there is large overlap between the configuration checks and
security controls governing each set of standards. Which of the following selections represent the BEST option
for the CIO?

A network engineer wants to deploy user-based authentication across the company’s wired and wireless
infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and
authenticated and that each user’s network access be controlled based on the user’s role within the company.
Additionally, the central authentication system must support hierarchical trust and the ability to natively
authenticate mobile devices and workstations. Which of the following are needed to implement these
requirements? (Select TWO).

Company XYZ finds itself using more cloud-based business tools, and password management is becomingonerous. Security is important to the company; as a result, password replication and shared accounts are not
acceptable. Which of the following implementations addresses the distributed login with centralized
authentication and has wide compatibility among SaaS vendors?