A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
Be efficient at protecting the production environment
Not require any change to the application
Act at the presentation layer
Which of the following techniques should be used?

• A.Tokenization
• B.Random substitution
• C.Masking
• D.Algorithmic

Comment: *

Name: *

Email: *

Verification: *

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

• A.Account enumerator
• B.Exploitation framework
• C.Password cracker
• D.Port scanner

Comment: *

Name: *

Email: *

Verification: *

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

• A.Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
• B.Read the /etc/passwd file to extract the usernames.
• C.Perform ASIC password cracking on the host.
• D.Initiate unquoted service path exploits.
• E.Use the UNION operator to extract the database schema.

Comment: *

Name: *

Email: *

Verification: *

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.
The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

• A.The pharmaceutical company
• B.The cloud software provider
• C.The database software vendor
• D.The web portal software vendor

Comment: *

Name: *

Email: *

Verification: *

SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Comment: *

Name: *

Email: *

Verification: *