A security specialist has been asked to evaluate a corporate network by performing a vulnerability
assessment. Which of the following will MOST likely be performed?

Which of the following would a security administrator implement in order to identify change from
the standard configuration on a server?

Several users report to the administrator that they are having issues downloading files from the file
server. Which of the following assessment tools can be used to determine if there is an issue with
the file server?

One of the servers on the network stops responding due to lack of available memory. Server
administrators did not have a clear definition of what action should have taken place based on the
available memory. Which of the following would have BEST kept this incident from occurring?

Ann, the software security engineer, works for a major software vendor. Which of the following

practices should be implemented to help prevent race conditions, buffer overflows, and other
similar vulnerabilities prior to each production release?

Which of the following assessment techniques would a security administrator implement to ensure
that systems and software are developed properly?

A financial company requires a new private network link with a business partner to cater for
realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to
establishing the link?

Which of the following assessments would Pete, the security administrator, use to actively test that
an application’s security controls are in place?

Which of the following is the MOST intrusive type of testing against a production system?

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared
print spool directory, and was able to download a document from the spool. Which statement
BEST describes her privileges?