A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:
Which of the following should the administrator implement to meet the above requirements? (Select three.)

• A.Perform regular permission audits and reviews.
• B.Create a standard naming convention for accounts.
• C.Implement usage auditing and review.
• D.Eliminate shared accounts.
• E.Implement time-of-day restrictions.
• F.Copy logs in real time to a secured WORM drive.
• G.Enable account lockout thresholds.

Comment: *

Name: *

Email: *

Verification: *

After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp.
Which of the following vulnerabilities has MOST likely been exploited?

• A.Memory leak
• B.Pointer dereference
• C.Resource exhaustion
• D.Privilege escalation

Comment: *

Name: *

Email: *

Verification: *

After receiving the hard drive from detectives, the forensic analyst for a court case used a log to capture corresponding events prior to sending the evidence to lawyers. Which of the following do these actions demonstrate?

• A.Order if volatility
• B.Data analysis
• C.Chain of custody
• D.Tracking man hours and expenses

Comment: *

Name: *

Email: *

Verification: *

In the event of a security incident, which of the following should be captured FIRST?

• A.An internal hard drive
• B.Network interface data
• C.An external hard drive
• D.System memory

Comment: *

Name: *

Email: *

Verification: *

A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network.
The access the server using RDP on a port other than the typical registered port for the RDP protocol?

• A.SSH
• B.SCP
• C.MPLS
• D.TLS

Comment: *

Name: *

Email: *

Verification: *