A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company’s clients. Which of the following is being used?
A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls
A security administrator suspects that data on a server has been exhilarated as a result of un-authorized remote access. Which of the following would assist the administrator in confirming the suspicions? (Select TWO)
A. Networking access control B. DLP alerts C. Log analysis D. File integrity monitoring E. Host firewall rules
An employee finds a usb drive in the employee lunch room and plugs the drive into a shared workstation to determine who owns the drive. When the drive is inserted, a command prompt opens and a script begins to run. The employee notifies a technician who determines that data on a server have been compromised. This is an example of:
A. Device removal B. Data disclosure C. Incident identification D. Mitigation steps
In performing an authorized penetration test of an organization’s system security, a penetration tester collects information pertaining to the application versions that reside on a server. Which of the following is the best way to collect this type of information?
A. Protocol analyzer B. Banner grabbing C. Port scanning D. Code review
Given the following set of firewall rules:
From the inside to outside allow source any destination any port any
From inside to dmz allow source any destination any port tcp-80
From inside to dmz allow source any destination any port tcp-443
Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?
A. Implicit deny B. Policy routing C. Port forwarding D. Forwarding proxy
Which of the following is a best practice when setting up a client to use the LDAPS protocol with a server?
A. The client should follow LDAP referrals to other secure servers on the network B. The client should trust the CA that signed the server’s certificate C. The client should present a self-signed certificate to the server D. The client should have access to port 389 on the server
An administrator performs a risk calculation to determine if additional availability controls need to be in place. The administrator estimates that a server fails and needs to be replaced once every 2 years at a cost of $8,000. Which of the following represents the factors that the administrator would use to facilitate this calculation?
A. ARO= 0.5; SLE= $4,000; ALE= $2,000 B. ARO=0.5; SLE=$8,000; ALE=$4,000 C. ARO=0.5; SLE= $4,000; ALE=$8,000 D. ARO=2; SLE= $4,000; ALE=$8,000 E. ARO=2; SLE= $8,000; ALE= $16,000
A server crashes at 6 pm. Senior management has determined that data must be restored within two hours of a server crash. Additionally, a loss of more than one hour worth of data is detrimental to the company’s financial well-being. Which of the following is the RTO?
A. 7pm B. 8pm C. 9pm D. 10pm