In an effort to test the effectiveness of an organization’s security awareness training, a penetrator tester
crafted an email and sent it to all of the employees to see how many of them clicked on the enclosed
links. Which of the following is being tested?

Devices on the SCADA network communicate exclusively at Layer 2. Which of the following should be
used to prevent unauthorized systems using ARP-based attacks to compromise the SCADA network?

When information is shared between two separate organizations, which of the following documents
would describe the sensitivity as well as the type and flow of the information?

Joe noticed that there is a larger than normal account of network on the printer VLAN of his organization,
causing users to have to wait a long time for a print job. Upon investigation Joe discovers that printerswere ordered and added to the network without his knowledge. Which of the following will reduce the
risk of this occurring again in the future?

Jo an employee reports to the security manager that several files in a research and development folder
that only JOE has access to have been improperly modified. The modified data on the files in recent and
the modified by account is Joe’s. The permissions on the folder have not been changed, and there is no
evidence of malware on the server hosting the folder or on Joe’s workstation. Several failed login
attempts to Joe’s account were discovered in the security log of the LDAP server. Given this scenario,
which of the following should the security manager implement to prevent this in the future?

A user contacts the help desk after being unable to log in to a corporate website. The user can log into
the site from another computer in the next office, but not from the PC. The user’s PC was able to connect
earlier in the day. The help desk has user restart the NTP service. Afterwards the user is able to log into
the website. The MOST likely reason for the initial failure was that the website was configured to use
which of the following authentication mechanisms?

A security analyst has been investigating an incident involving the corporate website. Upon investigation,
it has been determined that users visiting the corporate website would be automatically redirected to a,
malicious site. Further investigation on the corporate website has revealed that the home page on the
corporate website has been altered to include an unauthorized item. Which of the following would
explain why users are being redirected to the malicious site?

A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users online
activities and sends them to a central logging server. Which of the following attacks took place?

A project manager is working with an architectural firm that focuses on physical security. The project
manager would like to provide requirements that support the primary goal of safely. Based on the project
manager’s desires, which of the following controls would the BEST to incorporate into the facility design?

While performing surveillance activities an attacker determines that an organization is using 802.1X to
secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the
identified network security controls?