An auditor is conducting a security audit and contacts the service desk at the target organization pretending to be a peer of the service desk employee. After
engaging the employee in small talk, the auditor reports getting locked out of the organization’s webmail system and requests that the employee reset the webmail
password. Which of the following principles of social engineering is the auditor attempting to leverage in this attempted attack?

Which of the following are BEST used in the process of hardening a public facing web server? (Select TWO)

A security engineer wants to communicate securely with a third party via email using PGP. Which of the following should the engineer send to the third party to
enable the third party to securely encrypt email replies?

An auditor is reviewing the following logs from the company’s proxy server used to store both sensitive and public documents. The documents are edited via a client
web interface and all processing is performed on the server side.
http://www.documents-portal.com/editdoc.php?document1=this%20is%20the%20content%20of%20document1
http://www.documents-portal.com/editdoc.php?document2=this%20is%20the%20content%20of%20document2
http://www.documents-portal.com/editdoc.php?document3=this%20is%20the%20content%20of%20document3

During an audit of a software development organization, an auditor found that the organization did not properly follow industry best practices including peer review
and board approval prior to moving applications into the production environment. The auditor recommended adapting a formal process incorporating these steps.
To remediate the finding, the organization implemented:

Virtualization would provide an ROI when implemented under which of the following situations?

A web server at an organization has been the target of distributed denial of service attacks. Which of the following, if correctly configured, would BEST mitigate
these and future attacks?

After a wireless security breach, the network administrator discovers the tool used to break into the network. Using a brute force attack, the tool is able to obtain the
wireless password in less that 11,000 attempts. Which of the following should be disabled to prevent this type of attack in the future?

The security director has a man trap installed in the company’s data center. This control is installed to mitigate:

A virtualized server was updated with the latest operating system security patch. Upon completion of the patch installation, the file server automatically restarted and
would not present a login screen. Which of the following would have prevented this issue?