DRAG DROP
Company A has experienced external attacks on their network and wants to minimize the attacks from
reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam,
downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost
list for each item is listed below:
1. Anti-Virus Server – $10,000
2. Firewall-$15,000
3. Load Balanced Server – $10,000 4. NIDS/NIPS-$10,000
5. Packet Analyzer – $5,000
6. Patch Server-$15,000
7. Proxy Server-$20,000 8. Router-$10,000
9. Spam Filter-$5,000
10. Traffic Shaper – $20,000
11. Web Application Firewall – $10,000
Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place
an object on the network diagram, you can remove it by clicking the (x) in the upper right-hand of the object.

A security manager looked at various logs while investigating a recent security breach in the data center from
an external source. Each log below was collected from various security devices compiled from a report through
the company’s security information and event management server.
Logs: Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3:Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has
disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ` ” + oe.encode ( req.getParameter
(“userID”) ) + ” ` and user_password = ` ” + oe.encode ( req.getParameter(“pwd”) ) +” ` “;
Vulnerabilities Buffer overflow SQL injection ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select
TWO).

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the
following HTTP request:
POST /login.aspx HTTP/1.1 Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true Which of the following should Ann
perform to test whether the website is susceptible to a simple authentication bypass?

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web
request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type:
application/json
{
“account”: [
{ “creditAccount”:”Credit Card Rewards account”}
{ “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”} ],
“customer”: [
{ “name”:”Joe Citizen”} { “custRef”:”3153151″}
]}
The banking website responds with: HTTP/1.1 200 OK {
“newAccountDetails”: [
{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″} { “cardCVV”:”909″}
],
“marketingCookieTracker”:”JSESSIONID=000000001″ “returnCode”:”Account added successfully”
}
Which of the following are security weaknesses in this example? (Select TWO).

Customers are receiving emails containing a link to malicious software. These emails are subverting spam
filters. The email reads as follows:
Delivered-To: customer@example.com Received: by 10.14.120.205 Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from
<IT@company.com>)
Received: by smtpex.example.com (SMTP READY) with ESMTP (AIO); Mon, 01 Nov 2010
13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500 From: Company
<IT@Company.com>
To: “customer@example.com” <customer@example.com> Date: Mon, 1 Nov 2010 13:15:11 – Subject: New
Insurance Application Thread-Topic: New Insurance Application Please download and install software from the
site below to maintain full access to your account.
www.examplesite.comAdditional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11. The network’s
subnet is 192.168.2.0/25. Which of the following are the MOST appropriate courses of action a security
administrator could take to eliminate this risk? (Select TWO).

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The
third party service provider will manage the outsourced systems on their own premises and will continue to
directly interface with the bank’s other systems through dedicated encrypted links. Which of the following iscritical to ensure the successful management of system security concerns between the two organizations?

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related
incidents at the organization and comparing them to current industry trends. The desktop security engineerfeels that the use of USB storage devices on office computers has contributed to the frequency of security
incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user
receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations
on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST
effectively mitigate the logical risks associated with the use of USB
storage devices?

A security solutions architect has argued consistently to implement the most secure method of encrypting
corporate messages. The solution has been derided as not being cost effective by other members of the IT
department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to
unauthorized decryption. The method also requires special handling and security for all key material that goes
above and beyond most encryption systems. Which of the following is the solutions architect MOST likely trying
to implement?

VPN users cannot access the active FTP server through the router but can access any server in the data
center. Additional network information:DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24 Datacenter –
192.168.2.0/24 User network – 192.168.3.0/24 HR network 192.168.4.0/24\\ Traffic shaper configuration: VLAN
Bandwidth Limit (Mbps) VPN50 User175 HR250
Finance250 Guest0
Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24
Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

DRAG DROP
An organization is implementing a project to simplify the management of its firewall network flows and
implement security controls. The following requirements exist. Drag and drop the BEST security solution to
meet the given requirements. Options may be used once or not at all.
All placeholders must be filled.