A small IT security form has an internal network composed of laptops, servers, and printers. The network has
both wired and wireless segments and supports VPN access from remote sites. To protect the network from
internal and external threats, including social engineering attacks, the company decides to implement stringent
security controls. Which of the following lists is the BEST combination of security controls to implement?

An employee reports work was being completed on a company owned laptop using a public wireless hot-spot.
A pop-up screen appeared and the user closed the pop-up. Seconds later the desktop background was
changed to the image of a padlock with a message demanding immediate payment to recover the data. Which
of the following types of malware MOST likely caused this issue?

An attacker went to a local bank and collected disposed paper for the purpose of collecting data that could be
used to steal funds and information from the bank’s customers. This is an example of:

Which of the following types of malware, attempts to circumvent malware detection by trying to hide its true
location on the infected system?

An organization currently uses FTP for the transfer of large files, due to recent security enhancements, is now
required to use a secure method of file transfer and is testing both SFTP and FTPS as alternatives. Which of
the following ports should be opened on the firewall in order to test the two alternatives? (Choose Two)

Which of the following will allow the live state of the virtual machine to be easily reverted after a failed upgrade?

Which of the following BEST describes disk striping with parity?

Ann, a security administrator is hardening the user password policies. She currently has the following in place.
Passwords expire every 60 days
Password length is at least eight characters
Passwords must contain at least one capital letter and one numeric character
Passwords cannot be reused until the password has been changed eight times
She learns that several employees are still using their original password after the 60-day forced change. Which
of the following can she implement to BEST mitigate this?

An application developer has coded a new application with a module to examine all user entries for the
graphical user interface. The module verifies that user entries match the allowed types for each field and that
OS and database commands are rejected before entries are sent for further processing within the application.
These are example of:

A server administrator discovers the web farm is using weak ciphers and wants to ensure that only stronger
ciphers are accepted. Which of the following ciphers should the administrator implement in the load balancer?
(Choose Two)