Jo an employee reports to the security manager that several files in a research and development
folder that only JOE has access to have been improperly modified. The modified data on the files
in recent and the modified by account is Joe’s. The permissions on the folder have not been
changed, and there is no evidence of malware on the server hosting the folder or on Joe’s
workstation. Several failed login attempts to Joe’s account were discovered in the security log of
the LDAP server. Given this scenario, which of the following should the security manager
implement to prevent this in the future?

A user contacts the help desk after being unable to log in to a corporate website. The user can log
into the site from another computer in the next office, but not from the PC. The user’s PC was able
to connect earlier in the day. The help desk has user restart the NTP service. Afterwards the user
is able to log into the website. The MOST likely reason for the initial failure was that the website
was configured to use which of the following authentication mechanisms?

A security analyst has been investigating an incident involving the corporate website. Upon
investigation, it has been determined that users visiting the corporate website would be
automatically redirected to a, malicious site. Further investigation on the corporate website has
revealed that the home page on the corporate website has been altered to include an
unauthorized item. Which of the following would explain why users are being redirected to the
malicious site?

A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users
online activities and sends them to a central logging server. Which of the following attacks took
place?

A project manager is working with an architectural firm that focuses on physical security. The
project manager would like to provide requirements that support the primary goal of safely. Based
on the project manager’s desires, which of the following controls would the BEST to incorporate
into the facility design?

While performing surveillance activities an attacker determines that an organization is using
802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize
to bypass the identified network security controls?

An administrator wants to configure a switch port so that it separates voice and data traffic. Which
of the following MUST be configured on the switch port to enforce separation of traffic?

A company must send sensitive data over a non-secure network via web services. The company
suspects that competitors are actively trying to intercept all transmissions. Some of the information
may be valuable to competitors, even years after it has been sent. Which of the following will help
mitigate the risk in the scenario?

When implementing a mobile security strategy for an organization which of the following is the
MOST influential concern that contributes to that organization’s ability to extend enterprise policies
to mobile devices?

A recent review of accounts on various systems has found that after employees passwords are
required to change they are recycling the same password as before. Which of the following
policies should be enforced to prevent this from happening? (Select TWO)