Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request?
A systems administrator has made several unauthorized changes to the server cluster that resulted in a
major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he
has requested immediately implement a risk mitigation strategy to prevent this type of event from
reoccurring. Which of the following would be the BEST risk mitigation strategy to implement in order to
meet this request?
Which of the following controls, if in place could have BEST prevented this successful attack?
An incident occurred when an outside attacker was able to gain access to network resources. During the
incident response, investigation security logs indicated multiple failed login attempts for a network
administrator. Which of the following controls, if in place could have BEST prevented this successful
attack?
Which of the following does Joe need to implement in order to enforce accountability?
Joe needs to track employees who log into a confidential database and edit files. In the past, critical files
have been edited, and no one admits to making the edits. Which of the following does Joe need to
implement in order to enforce accountability?
Which of the following would mitigate this attack?
A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests
show that it is still vulnerable to man-in-the-middle attacks, such as DNS hijacking. Which of the following
would mitigate this attack?
Which of the following attacks has taken place?
One month after a software developer was terminated the helpdesk started receiving calls that several
employees’ computers were being infected with malware. Upon further research, it was determined that
these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed
the errant code. Which of the following attacks has taken place?
Which of the following would an attacker use to penetrate and capture additional traffic prior to performing a
Which of the following would an attacker use to penetrate and capture additional traffic prior to
performing an IV attack?
Which of the following would BEST address this concern?
An administrator has concerns regarding the company’s server rooms Proximity badge readers were
installed, but it is discovered this is not preventing unapproved personnel from tailgating into these area.
Which of the following would BEST address this concern?
Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Cha
Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter
with Chain Block Message Authentication Code)?
Which of the following should the administrator do?
One of the findings of risk assessment is that many of the servers on the data center subnet contain data
that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of
their job function. Which of the following should the administrator do?
Which of the following could have prevented this situation from occurring?
Various employees have lost valuable customer data due to hard drives failing in company provided
laptops. It has been discovered that the hard drives used in one model of laptops provided by the
company has been recalled by the manufactory, The help desk is only able to replace the hard drives after
they fail because there is no centralized records of the model of laptop given to each specific user. Which
of the following could have prevented this situation from occurring?