Which of the following must be kept secret for a public key infrastructure to remain secure?

Which of the following devices is BEST suited to protect an HTTP-based application that is
susceptible to injection attacks?

A security administrator develops a web page and limits input into their fields on the web page as
well as filters special characters in output. The administrator is trying to prevent which of the
following attacks?

Which of the following is best practice to put at the end of an ACL?

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that
limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on
her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

An achievement in providing worldwide Internet security was the signing of certificates associated
with which of the following protocols?

Several users report to the administrator that they are having issues downloading files from the file
server. Which of the following assessment tools can be used to determine if there is an issue with
the file server?

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within
the company. Which of the following would fulfill the CISO’s requirements?

Which of the following can a security administrator implement on mobile devices that will help
prevent unwanted people from viewing the data if the device is left unattended?

When a new network drop was installed, the cable was run across several fluorescent lights. The

users of the new network drop experience intermittent connectivity. Which of the following
environmental controls was MOST likely overlooked during installation?