QUESTION NO: 452
A system administrator has noticed vulnerability on a high impact production server. A recent
update was made available by the vendor that addresses the vulnerability but requires a reboot of
the system afterwards. Which of the following steps should the system administrator implement to
address the vulnerability?
A. Test the update in a lab environment, schedule downtime to install the patch, install the patch
and reboot the server and monitor for any changes
B. Test the update in a lab environment, backup the server, schedule downtime to install the
patch, install the patch, and monitor for any changes
C. Test the update in a lab environment, backup the server, schedule downtime to install the
patch, install the update, reboot the server, and monitor for any changes
D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for
QUESTION NO: 482
A firewall technician has been instructed to disable all non-secure ports on a corporate firewall.
The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed
traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and
A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP
B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS
C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS
D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS
QUESTION NO: 494
Review the following diagram depicting communication between PC1 and PC2 on each side of a
router. Analyze the network traffic logs which show communication between the two computers as
captured by the computer with IP 10.2.2.10.
[192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]-----
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.
QUESTION NO: 598
When a communications plan is developed for disaster recovery and business continuity plans,
the MOST relevant items to include would be: (Select TWO).
A. Methods and templates to respond to press requests, institutional and regulatory reporting
B. Methods to exchange essential information to and from all response team members,
employees, suppliers, and customers.
C. Developed recovery strategies, test plans, post-test evaluation and update processes.
D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss
E. Methods to review and report on system logs, incident response, and incident handling.
QUESTION NO: 599
Key elements of a business impact analysis should include which of the following tasks?
A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and
B. Identify institutional and regulatory reporting requirements, develop response teams and
communication trees, and develop press release templates.
C. Employ regular preventive measures such as patch management, change management,
antivirus and vulnerability scans, and reports to management.
D. Identify critical assets systems and functions, identify dependencies, determine critical
downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
QUESTION NO: 645
The security administrator at ABC company received the following log information from an external
10:45:01 EST, SRC 10.4.3.7:3056, DST 22.214.171.124:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 126.96.36.199:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 188.8.131.52:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is
the reason the ABC company's security administrator is unable to determine the origin of the
A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.
QUESTION NO: 876
Jane, an IT security technician, needs to create a way to secure company mobile devices. Which
of the following BEST meets this need?
A. Implement voice encryption, pop-up blockers, and host-based firewalls.
B. Implement firewalls, network access control, and strong passwords.
C. Implement screen locks, device encryption, and remote wipe capabilities.
D. Implement application patch management, antivirus, and locking cabinets.