Which of the following can only be mitigated through the use of technical controls rather that user
security training?

The security administrator is observing unusual network behavior from a workstation. The
workstation is communicating with a known malicious destination over an encrypted tunnel. A full
antivirus scan, with an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

Which of the following types of application attacks would be used to identify malware causing
security breaches that have NOT yet been identified by any trusted sources?

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the
following would provide the BEST level of protection?

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records
the temporary credentials being passed to Joe’s browser. The attacker later uses the credentials
to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this
impersonation?

How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the
users on her system?

Which of the following types of logs could provide clues that someone has been attempting to
compromise the SQL Server database?

Ann, the security administrator, received a report from the security technician, that an

unauthorized new user account was added to the server over two weeks ago. Which of the
following could have mitigated this event?

A security administrator needs to determine which system a particular user is trying to login to at
various times of the day. Which of the following log types would the administrator check?