An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?
A. Use a honeypot B. Disable unnecessary services C. Implement transport layer security D. Increase application event logging
Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?
A. Data Labeling and disposal B. Use of social networking C. Use of P2P networking D. Role-based training
A government agency wants to ensure that the systems they use have been deployed as security as possible. Which of the following technologies will enforce protections on these systems to prevent files and services from operating outside of a strict rule set?
A. Host based Intrusion detection B. Host-based firewall C. Trusted OS D. Antivirus
A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:
A. Gray box testing B. Active control testing C. White box testing D. Black box testing
A company has a BYOD policy that includes tablets and smart phones. In the case of a legal investigation, which of the following poses the greatest security issues?
A. Recovering sensitive documents from a device if the owner is unable or unwilling to cooperate B. Making a copy of all of the files on the device and hashing them after the owner has provided the PIN C. Using GPS services to locate the device owner suspected in the investigation D. Wiping the device from a remote location should it be identified as a risk in the investigation
Ann a new small business owner decides to implement WiFi access for her customers. There are several other businesses nearby who also have WiFi hot spots. Ann is concerned about security of the wireless network and wants to ensure that only her customers have access. Which of the following choices BEST meets her intent of security and access?
A. Enable port security B. Enable WPA C. Disable SSID broadcasting D. Enable WEP