An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?

• A.Insecure direct object reference
• B.SQL injection of ERP back end
• C.Brute forcing of account credentials
• D.Plan-text credentials transmitted over the Internet

Comment: *

Name: *

Email: *

Verification: *

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users
Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).

• A.Group policy to limit web access
• B.Restrict VPN access for all mobile users
• C.Remove full-disk encryption
• D.Remove administrative access to local users
• E.Restrict/disable TELNET access to network resources
• F.Perform vulnerability scanning on a daily basis
• G.Restrict/disable USB access

Comment: *

Name: *

Email: *

Verification: *

A large, public university has recently been experiencing an increase in ransomware attacks against computers connected to its network. Security engineers have discovered various staff members receiving seemingly innocuous files in their email that are being run. Which of the following would BEST mitigate this attack method?

• A.Enabling application whitelisting
• B.Improving organizations email filtering
• C.Upgrading endpoint anti-malware software
• D.Conducting user awareness training

Comment: *

Name: *

Email: *

Verification: *

The legal department has required that all traffic to and from a company's cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

• A.Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
• B.Latency when viewing videos and other online content may increase.
• C.Stored logs may contain non-encrypted usernames and passwords for personal websites.
• D.Confidential or sensitive documents are inspected by the firewall before being logged.

Comment: *

Name: *

Email: *

Verification: *

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

• A.The risk of unplanned server outages is reduced.
• B.Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
• C.The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
• D.The results should reflect what attackers may be able to learn about the company.

Comment: *

Name: *

Email: *

Verification: *