A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Which
of the following is evidence that would aid Ann in making a case to management that action needs to be takento safeguard these servers?

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords.
Which of the following would crack the MOST passwords in the shortest time period?

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the
organization to achieve compliance and ensure security? (Select THREE).

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new
application. The application utilizes streaming video that can be viewed both on computers and mobile devices.The application designers have asked that the algorithm support the transport encryption with the lowest
possible performance overhead. Which of the following recommendations would BEST meet the needs of the
application designers? (Select TWO).

ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are
part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following
restricts different zone administrators from directly accessing the console of a VM host from another zone?

An organization has implemented an Agile development process for front end web application development. A
new security architect has just joined the company and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select
TWO).

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the
following HTTP request:
POST /login.aspx HTTP/1.1
Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authenticationbypass?

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web
application and a RESTful application server. Which of the following security tools would be required to assess
the security between the mobile web application and the RESTful application server? (Select TWO).

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web
request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json
{
“account”:
[
{ “creditAccount”:”Credit Card Rewards account”}
{ “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”} ],
“customer”:
[
{ “name”:”Joe Citizen”} { “custRef”:”3153151″}
]}The banking website responds with:
HTTP/1.1 200 OK
{
“newAccountDetails”:
[
{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″} { “cardCVV”:”909″}
],
“marketingCookieTracker”:”JSESSIONID=000000001″
“returnCode”:”Account added successfully”
}
Which of the following are security weaknesses in this example? (Select TWO).

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL
inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application
payload data to specified internal security employees. Which of the following steps should Joe take to reach the
desired outcome?