A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had
a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance
targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get backon track. What should we do first to securely enable this capability for my group?” Based on the information
provided, which of the following would be the MOST appropriate response to the CFO?

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the
following types of attacks is the user attempting?

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the
browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The
browser crashes due to an exception error when a heap memory that is unused is accessed. Which of thefollowing BEST describes the application issue?

A mature organization with legacy information systems has incorporated numerous new processes and
dependencies to manage security as its networks and infrastructure are modernized. The Chief Information
Office has become increasingly frustrated with frequent releases, stating that the organization needs everything
to work completely, and the vendor should already have those desires built into the software product. The
vendor has been in constant communication with personnel and groups within the organization to understand
its business process and capture new software requirements from users. Which of the following
methods of software development is this organization’s configuration management process using?

An organization would like to allow employees to use their network username and password to access a thirdparty service. The company is using Active Directory Federated Services for their directory service. Which of
the following should the company ensure is supported by the third-party? (Select TWO).

An organization is concerned with potential data loss in the event of a disaster, and created a backup
datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both
datacenters. Which of the following options increases data availability in the event of a datacenter failure?

A software project manager has been provided with a requirement from the customer to place limits on the
types of transactions a given user can initiate without external interaction from another user with elevated
privileges. This requirement is BEST described as an implementation of:

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all
common web-based development frameworks are susceptible to attack. Proof-of- concept details have
emerged on the Internet. A security advisor within a company has been asked to provide recommendations onhow to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor
should respond?

The Chief Information Security Officer (CISO) at a company knows that many users store business documents
on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a
mandatory training course in which all employees are instructed on the proper use of cloud-based storage.
Which of the following risk strategies did the CISO implement?

The security administrator finds unauthorized tables and records, which were not present before, on a Linux
database server. The database server communicates only with one web server, which connects to the
database server via an account with SELECT only privileges. Web server logs show the following: 90.76.165.40
– [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden HTTP/1.1” 200 5724 90.76.165.40 –
[08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200
5724 90.76.165.40 – [08/Mar/2014:10:54:04] “GET index.php?user<;scrip>;Creat<;/scrip>; HTTP/1.1” 200
5724 The security administrator also inspects the following file system locations on the database server using
the command `ls -al /root’ drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws—— 25 root root 4096 Mar 8 09:30 .bash_history -rw——- 25 root root 4096 Mar 8 09:30 .bash_history –
rw——- 25 root root 4096 Mar 8 09:30 .profile
-rw——- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the security
administrator implement to detect such attacks in the future? (Select TWO).