A security administrator wants to perform routine tests on the network during working hours when
certain applications are being accessed by the most people. Which of the following would allow
the security administrator to test the lack of security controls for those applications with the least
impact to the system?

Jane has recently implemented a new network design at her organization and wishes to passively

identify security issues with the new network. Which of the following should Jane perform?

A company hires outside security experts to evaluate the security status of the corporate network.
All of the company’s IT resources are outdated and prone to crashing. The company requests that
all testing be performed in a way which minimizes the risk of system failures. Which of the
following types of testing does the company want performed?

A company hires outside security experts to evaluate the security status of the corporate network.
All of the company’s IT resources are outdated and prone to crashing. The company requests that
all testing be performed in a way which minimizes the risk of system failures. Which of the
following types of testing does the company want performed?

Which of the following tests a number of security controls in the least invasive manner?

Which of the following tests a number of security controls in the least invasive manner?

A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day
basis?

A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day
basis?

Which of the following is BEST utilized to identify common misconfigurations throughout the
enterprise?

Which of the following is BEST utilized to identify common misconfigurations throughout the
enterprise?