A regional bank hires your company to perform a security assessment on their network after a recent data
breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

The network administrator contacts you and tells you that she noticed the temperature on the internal wireless
router increases by more than 20% during weekend hours when the office was closed. She asks you to
investigate the issue because she is busy dealing with a big conference and she doesn’t have time to perform
the task.
What tool can you use to view the network traffic being sent and received by the wireless router?

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is
someone you did business with recently, but the subject line has strange characters in it.
What should you do?

It is a vulnerability in GNU’s bash shell, discovered in September of 2014, that gives attackers access to run
remote commands on a vulnerable system. The malicious software can take control of an infected machine,
launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers).
Which of the following vulnerabilities is being described?

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses
this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
<iframe src=”http://www.vulnweb.com/updateif.php” style=”display:none”></iframe>
What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a
sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of
vulnerability.
What is this style of attack called?

Your company was hired by a small healthcare provider to perform a technical assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?

A medium-sized healthcare IT business decides to implement a risk management strategy.
Which of the following is NOT one of the five basic responses to risk?

Which of the following is a component of a risk assessment?

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic
medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are
in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?