Ann is starting a disaster recovery program. She has gathered specifics and team members for a
meeting on site. Which of the following types of tests is this?

An internal auditing team would like to strengthen the password policy to support special
characters. Which of the following types of password controls would achieve this goal?

Which of the following can be implemented in hardware or software to protect a web server from
cross-site scripting attacks?

Ann, the software security engineer, works for a major software vendor. Which of the following
practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies
unapplied security controls and patches without attacking or compromising the system, Ann would

use which of the following?

Ann, the security administrator, received a report from the security technician, that an
unauthorized new user account was added to the server over two weeks ago. Which of the
following could have mitigated this event?

Which of the following ports should be opened on a firewall to allow for NetBIOS communication?
(Select TWO).

Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and
needs to prevent other employees from accessing it. Which of the following would BEST address
this?

After Ann, a user, logs into her banking websites she has access to her financial institution
mortgage, credit card, and brokerage websites as well. Which of the following is being described?

Which of the following means of wireless authentication is easily vulnerable to spoofing?