Which of the following is the BEST solution to meet the above requirements?

A security services company is scoping a proposal with a client. They want to perform a general security auditof their environment within a two week period and consequently have the following requirements:Requirement 1 Ensure their server infrastructure operating systems are at their latest patch levelsRequirement 2 Test the behavior between the application and database Requirement […]

Read More

Which of the following logs and vulnerabilities would MOST likely be related to the security breach?

A security manager looked at various logs while investigating a recent security breach in the data center froman external source. Each log below was collected from various security devices compiled from a report throughthe company’s security information and event management server.Logs:Log 1:Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packetsLog 2:HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaLog 3:Security Error AlertEvent […]

Read More

Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring?

Company policy requires that all company laptops meet the following baseline requirements:Software requirements:AntivirusAnti-malwareAnti-spywareLog monitoringFull-disk encryptionTerminal services enabled for RDPAdministrative access for local usersHardware restrictions:Bluetooth disabledFireWire disabledWiFi adapter disabledAnn, a web developer, reports performance issues with her laptop and is not able to access any networkresources. After further investigation, a bootkit was discovered and it was […]

Read More

Which of the following solutions would allow the users to access the active FTP server?

VPN users cannot access the active FTP server through the router but can access any server in the datacenter.Additional network information:DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24Datacenter 192.168.2.0/24User network – 192.168.3.0/24HR network 192.168.4.0/24\Traffic shaper configuration:VLAN Bandwidth Limit (Mbps)VPN 50User 175HR 250Finance 250Guest 0Router ACL:Action Source DestinationPermit 192.168.1.0/24 192.168.2.0/24Permit 192.168.1.0/24 192.168.3.0/24Permit 192.168.1.0/24 192.168.5.0/24Permit […]

Read More

Which of the following security assessment methods are likely to reveal this security weakness?

The following has been discovered in an internally developed application:Error – Memory allocated but not freed:char *myBuffer = malloc(BUFFER_SIZE);if (myBuffer != NULL) {*myBuffer = STRING_WELCOME_MESSAGE;printf(“Welcome to: %s\n”, myBuffer);}exit(0);Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). A. Static code analysis B. Memory dumping C. Manual code review D. […]

Read More

Which of the following is occurring on the network?

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the financedepartment. The following information is compiled:Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0All callers are connected to the same switch and are routed by a router with five built-in interfaces. Theupstream router interface’s […]

Read More

which of the following strategies should be employed?

The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15%per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same timeperiod, the number of attacks against applications has decreased or stayed flat each year. At the start of […]

Read More

Which of the following is evidence that would aid Ann i

A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Whichof the following is evidence that would aid Ann in making a case to management that action needs to be takento safeguard these servers? A. Provide a report of all the IP addresses that are connecting to the systems […]

Read More

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted thefollowing HTTP request:POST /login.aspx HTTP/1.1Host: comptia.orgContent-type: text/htmltxtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=trueWhich of the following should Ann perform to test whether the website is susceptible to a simple authenticationbypass? A. Remove all of the post data and change the request to /login.aspx from POST […]

Read More