Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or
compromising the system, Ann would use which of the following?

A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems.
The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can
be used to gain access to the company intranet. Which of the following should the administrator perform?

Which of the following is BEST utilized to actively test security controls on a particular system?

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool. Which of the following activities
is MOST appropriate?

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it.
Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document
from the spool. Which statement BEST describes her privileges?

Which of the following is the MOST intrusive type of testing against a production system?

Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place?

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to establishing the link?

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?