Which of the following should be implemented?
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be
determined even during an extended internet outage. Which of the following should be implemented?
Which of the following AES modes of operation would meet this integrityonly requirement?
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but
not confidentiality protection. Which of the following AES modes of operation would meet this integrityonly requirement?
Which of the following is the best solution for the network administrator to secure each internal website?
The chief security officer (CS0) has issued a new policy that requires that all internal websites be
configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites
without incurring additional costs. Which of the following is the best solution for the network
administrator to secure each internal website?
which shows vulnerabilities that were actually exploited?
A security program manager wants to actively test the security posture of a system. The system is not yet
in production and has no uptime requirement or active user base. Which of the following methods will
produce a report which shows vulnerabilities that were actually exploited?
Which of the following attacks is being attempted?
An administrator discovers the following log entry on a server.
Nov 12 2013 00:23:45 httpd[2342]: /app2/prod/process.php?input=change.cd%20./././ect:
cat%20shadow
Which of the following attacks is being attempted?
Which of the following would be the BEST method of updating this application?
An organization relies heavily on an application that has a high frequency of security updates. At present,
the security team only updates the application the security updates are released as often as twice a week.
Which of the following would be the BEST method of updating this application?
This message is an example of
Joe, the security administrator, sees this in a vulnerability scan report:
‘The server 10.1..2.232 is running Apache 2.2.20 which may be vulnerabel to a mod_cgi exploit.”
Joe verifies that mod_cgi module is not enabled on 10.1.2.232. This message is an example of
Which of the following is the summary of loss for a given year?
Which of the following is the summary of loss for a given year?
Which of the following would BEST help them establish plans and procedures?
A Security team wants to establish an Incident Response plan. The team has never experienced an
incident. Which of the following would BEST help them establish plans and procedures?
Which of the following ports should they block on the firewall?
A Security Officer on a military base needs to encrypt several smart phones that will be going into the
field. Which of the following ports should they block on the firewall?