A security administrator notices that a specific network administrator is making unauthorized
changes to the firewall every Saturday morning. Which of the following would be used to mitigate
this issue so that only security administrators can make changes to the firewall?

A security administrator notices large amounts of traffic within the network heading out to an
external website. The website seems to be a fake bank site with a phone number that when called,
asks for sensitive information. After further investigation, the security administrator notices that a
fake link was sent to several users. This is an example of which of the following attacks?

After a user performed a war driving attack, the network administrator noticed several similar
markings where WiFi was available throughout the enterprise. Which of the following is the term
used to describe these markings?

The system administrator notices that their application is no longer able to keep up with the large
amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the
server is taken offline. Which of the following would be a possible solution to look into to ensure
their application remains secure and available?

After a recent internal audit, the security administrator was tasked to ensure that all credentials
must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or
patterns. All credentials will remain enabled regardless of the number of attempts made. Which of
the following types of user account options were enforced? (Select TWO).

A security analyst has been notified that trade secrets are being leaked from one of the executives
in the corporation. When reviewing this executive’s laptop they notice several pictures of the
employee’s pets are on the hard drive and on a cloud storage network. When the analyst hashes
the images on the hard drive against the hashes on the cloud network they do not match. Which of
the following describes how the employee is leaking these secrets?

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the
following should be disabled to mitigate this risk? (Select TWO).

Review the following diagram depicting communication between PC1 and PC2 on each side of a
router. Analyze the network traffic logs which show communication between the two computers as
captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10]

LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?

The Chief Information Officer (CIO) wants to implement a redundant server location to which the
production server images can be moved within 48 hours and services can be quickly restored, in
case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be
implemented?

The security administrator is observing unusual network behavior from a workstation. The
workstation is communicating with a known malicious destination over an encrypted tunnel. A full
antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which
of the following has happened on the workstation?