1.) Which of the following is the FASTEST method to disclose one way hashed passwords?

2.) A network has been impacted by downtime resulting from unauthorized devices connecting directly to the wired network. The network administrator has been tasked to research and evaluate technical controls that would effectively mitigate risks associated with such devices. Which of the following capabilities would be MOST suitable for implementation in this scenario?

3.) A company is providing mobile devices to all employees. The system administrator has been tasked with providing input for the company’s mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select Two)

4.) Forensics analyst is asked to identify identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate. Which of the following should be selected?

5.) John wants to secure an 802.11n network. Which of the following encryption methods would provide the highest level of protection?

6.) Which of the following is the MOST influential concern that contributes to an organization’s ability to extend enterprise policies to mobile devices?

7.) An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified resulting in the breach?

8.) Joe just installed a new (ECS) environmental control system for a room that is critical to the company’s operation and needs the ability to manage and monitor the system from any part of the network. Which of the following should the security administrator utilize to minimize the attack surface and still allow the needed access?

You want to communicate securely with a third party via email using PGP. Which of the following should you send to the third party to enable the third party to securely encrypt email replies?

11.) Which of the following should you implement if you want to preserve your internal authentication and authorization process and credentials if you are going to a cloud service provider?

A university police department is housed on the first floor of a student dormitory. Which of the following would prevent students from using ARP spoofing attacks against computers at the police department?

13.) During a recent vulnerability assessment, the pen testers were able to successfully crack a large number of employee passwords. The company technology use agreement clearly states that passwords used on the company network must be at least eight characters long and contain at least one uppercase letter and special character. What can they do to standardize and enforce these rules across the entire organization to resolve this issue?

14.) You want to create several different environments for application development, testing, and quality control. Controls are being put into place to manage how software is moved into the production environment. Which of the following should the software development manager request to be put into place to implement the three new environments?

15.) A research user needs to transfer multiple terabytes of data across a network. The data is not confidential, so for performance reasons, does not need to be encrypted. However, the authentication process must be confidential. Which of the following is the BEST solution to satisfy these requirements?

16.) What technology would you use to ensure that the systems that your organization is using is going to deployed as securely as possible and prevent files and services from operation outside of a strict rule set?

17.) A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company systems. The combination of these two technologies is an example of which of the following?

18.) What can be implemented to address the findings that revealed a company is lacking deterrent security controls?

19.) A technician is about to perform a major upgrade to the operating system of a critical system. This system is currently in a virtualization environment. Which of the following actions would result in the LEAST amount of downtime if the upgrade were to fail?

20.) What is the name for an attack that can be used to guess the PIN of an access point for the purpose of connecting to the wireless network?

21.) When performing a risk analysis, which of the following is considered a threat?

22.) A company would like to protect its e-commerce site from SQL injection and cross site scripting (XSS). The company should consider deploying which of the following technologies?

23.) A company uses digital signatures to sign contracts. The company requires external entities to create an account with a third party digital signature provider and to sign an agreement stating that they will protect the account from unauthorized access. Which of the following security goals is the company trying to address in the given scenario?

24.) The security administrator generates a key pair and sends one key inside a request file to a third party. The third party sends back a signed file. In this scenario the file sent by the administrator is a :

25.) A third party has been contracted to perform a remote penetration test of the DMZ network. The company has only provided the third party with the billing department contact information for final payment and a technical point of contact who will receive the penetration test results. Which of the following tests will be performed?

26.) An administrator is reviewing the logs for a content management system that supports the organizations public facing websites. The administrator is concerned about the number of attempted login failures from other countries for administrator accounts. Which of the following capabilities is BEST to implement if the administrator wants the system to dynamically react to such attacks?

27.) Jane, a security analyst, is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?

28.) A high traffic website is experiencing numerous brute force attacks against its user base. The attackers are using a very large botnet to carry out the attack. As a result, many users passwords are being compromised. Which of the following actions is appropriate for the website administrators to take in order to reduce the threat from this type of attack in the future?

29.) An employee connects a wireless access point to the only jack in the conference room to provide internet access during a meeting. The access point is configured to secure its users with WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communications?

30.) A user is able to access shares that store confidential information that is not related to the users current job duties. Which of the following should be implemented to prevent this from occurring?

31.) A security administrator is having continued issues with malware variants infecting systems and encrypting several types of files. The malware users a document macro to create a randomly named executable that downloads the encrypting payload of the malware. Once downloaded the malware searches all drives, creates an HTML file with decryption instructions in the directory, and then proceeds to encrypt the target files. Which of the following actions would BEST interrupt the malware before it encrypts the other files while minimizing adverse impacts to the users?

32.) A healthcare organization is in the process of building and deploying a new web server in the DMZ that will enable public internet users the ability to securely send and receive messages from their primary care physicians. Which of the following should the security administrator consider?

33.) Which of the following should be used to implement voice encryption?

34.) A company wants to ensure that all software executing on a corporate server has been authorized to do so by a central control point. Which of the following can be implemented to enable such control?

35.) Company policy states that when a virus or malware alert is received, the suspected host is immediately removed from the company network. Which of the following BEST describes this component of incident response?

36.) A security manager has noticed several unrecognized devices connecting to the company’s internal wireless network. Only company –issued devices should be connected to the network. Which of the following controls should be implemented to prevent the unauthorized devices from connecting to the wireless network? ( Select Two)

37.) A security administrator receives reports from various organizations that a system on the company network is port scanning hosts on various networks across the internet. The administrator determines that the compromised system is a Linux host and notifies the owner that the system will be quarantined and isolated from the network. The system does not contain confidential data, and the root user was not compromised. The administrator would like to know how the system was compromised, what the attackers did, and what remnants the attackers may have left behind. Which of the following are the administrators NEXT steps in the investigation? (Select two)

38.) A manager is reviewing bids for internet service in support of a new corporate office location. The location will provide 24 hour service in the organization’s global user population. In which of the following documents would the manager MOST likely find quantitative data regarding latency levels and MTTR?

39.) A system administrator decided to perform maintenance on a production server servicing retail store operations. The system rebooted in the middle of the day due to the installations of monthly operating system patches. The downtime results in lost revenue due to the system being unavailable. Which of the following would reduce the likelihood of this issue occurring again?

40.) A UNIX server recently had restricted directories deleted as the result of an insider threat. The root account was used to delete the directories while logged on at the server console. There are five administrators that know the root password. Which of the following could BEST identify the administrator that removed the restricted directories?

41.) A system administrator is part of the organizations contingency and business continuity planning process. The systems administrator and relevant team participate in the analysis of a contingency situation intended to elicit constructive discussion. Which of the following types of activity is MOST accurately described in this scenario?

42.) Recently, the desktop support group has been performing a hardware refresh and has replaced numerous computers. An auditor discovered that a number of the new computers did not have the company’s antivirus software installed on them. Which of the following could be utilized to notify the network support group when computers without the antivirus software are added to the network?

43.) Which of the following types of attacks uses email to specifically target high level officials within an organization?

44.) A security architect is supporting a project team responsible for a new extranet application. As part of their activities, the team is identifying roles within the system and documenting possible conflicts between roles that could lead to collusion between users. Which of the following principles of risk mitigation is the team implementing?

45.) A company just purchased a new digital thermostat that automatically will update to a new firmware version when needed. Upon connecting it to the network a system administrator notices that he cannot get access to the thermostat but can get access to all other network devices. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

46.) A company has a proprietary device that requires access to the network be disabled. Only authorized users should have access to the device. To further protect the device from unauthorized access, which of the following would also need to be implemented?

47.) A company uses PKI certificates stored on a smart chip enabled badge. The badge is used for a small number of devices that connect to a wireless network. A user reported that their badge was stolen. Which of the following could the security administrator implement to prevent the stolen badge from being used to compromise the wireless network?

48.) The CSO is concerned with unauthorized access at the company’s off-site datacenter. The CSO would like to enhance the security posture of the datacenter. Which of the following would BEST prevent unauthorized individuals from gaining access to the datacenter?

49.) One of the driving factors towards moving an application to a cloud infrastructure is increased application availability. In the case where a company creates a private cloud, the risk of application downtime is being:

50.) A security administrator wishes to set up a site to site IPSec VPN tunnel between two locations. Which of the following IPSec encryptions and hashing algorithms would be chosen for the least performance impact?