Which of the following has the administrator been tasked to perform?
A security administrator is tasked with conducting an assessment made to establish the baseline
security posture of the corporate IT infrastructure. The assessment must report actual flaws and
weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing
must be performed using in-house or cheaply available resource. There cannot be a possibility of
any requirement being damaged in the test. Which of the following has the administrator been
tasked to perform?
Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure
website. During the troubleshooting process, the network administrator notices that the web
gateway proxy on the local network has signed all of the certificates on the local machine. Which
of the following describes the type of attack the proxy has been legitimately programmed to
perform?
Which of the following use the SSH protocol?
Which of the following use the SSH protocol?
Which of the following should be mentioned as the MOST secure way for password recovery?
A security administrator is developing training for corporate users on basic security principles for
personal email accounts. Which of the following should be mentioned as the MOST secure way for
password recovery?
which of the following?
A company researched the root cause of a recent vulnerability in its software. It was determined
that the vulnerability was the result of two updates made in the last release. Each update alone
would not have resulted in the vulnerability. In order to prevent similar situations in the future, the
company should improve which of the following?
Which of the following should be done to prevent this scenario from occurring again in the future?
A computer on a company network was infected with a zero-day exploit after an employee
accidently opened an email that contained malicious content. The employee recognized the email
as malicious and was attempting to delete it, but accidently opened it. Which of the following
should be done to prevent this scenario from occurring again in the future?
Which of the following should be implemented?
A company wants to ensure that the validity of publicly trusted certificates used by its web server
can be determined even during an extended internet outage. Which of the following should be
implemented?
Which of the following AES modes of operation would meet this integrity-only requirement?
An administrator intends to configure an IPSec solution that provides ESP with integrity protection,
but not confidentiality protection. Which of the following AES modes of operation would meet this
integrity-only requirement?
Which of the following is the best solution for the network administrator to secure each internal website?
The chief security officer (CS0) has issued a new policy that requires that all internal websites be
configured for HTTPS traffic only. The network administrator has been tasked to update all internal
sites without incurring additional costs. Which of the following is the best solution for the network
administrator to secure each internal website?
which shows vulnerabilities that were actually exploited?
A security program manager wants to actively test the security posture of a system. The system is
not yet in production and has no uptime requirement or active user base. Which of the following
methods will produce a report which shows vulnerabilities that were actually exploited?