A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company’s physical
security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company’s network or
information systems from within? (Select TWO).

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the
consultant find this information and why would it be valuable?

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application.
Which of the following problems would MOST likely be uncovered by this tool?

A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The
application has been written by developers over the last six months and the project is currently in the test phase.
Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select
TWO).

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to
determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable.
Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security
infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third
party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this
situation?

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was
determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall
availability. Which of the following would be the FIRST process to perform as a result of these findings?

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company
needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level
administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and
information security news?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command
string:
user@hostname:~$ sudo nmap O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?