A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.
Which of the following controls can the organization implement to reduce the risk of similar breaches?

• A.Cloud storage encryption
• B.Biometric authentication
• C.Hardware anti-tamper
• D.Application containerization

Comment: *

Name: *

Email: *

Verification: *

A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

• A.Vulnerability scanner
• B.Fuzzer
• C.Application fingerprinter
• D.HTTP interceptor

Comment: *

Name: *

Email: *

Verification: *

The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues.
Which of the following should the manager recommend to BEST address these issues?

• A.Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
• B.Update the change request form so that requesting teams can provide additional details about the requested changes.
• C.Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact.
• D.Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy.

Comment: *

Name: *

Email: *

Verification: *

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

• A.Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.
• B.Distribute a NAC client and use the client to push the company's private key to all the new devices.
• C.Distribute the device connection policy and a unique public/private key pair to each new employee's device.
• D.Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Comment: *

Name: *

Email: *

Verification: *

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

• A./etc/passwd
• B./etc/shadow
• C./etc/security
• D./etc/password
• E./sbin/logon
• F./bin/bash

Comment: *

Name: *

Email: *

Verification: *