1. A company is in the process of implementing a new front-end user interface for its customers, the goal is to provide them with more self service functionality. The application is written by developers in the past six months and the project is currently in the testing phase. Which of the following security activities must be carried out as part of the SDL to the most safety cover on the solution? (Choose two).(Select 2answers)

A) Perform black box penetration testing on the solution
B) Execute code written on a sampling of the front end source code
C) Perform static code review on the front-end source code
D) Enter gray box penetration testing on the solution
E) Perform unit testing of binary code


2. A network administrator with NSP a company has received a CERT warning to hostile behavior directed at the company. In addition to the company's physical security, which of the following can use the network administrator to scan and detect the presence of a malicious actor physically access the network or information systems of the company from the inside? (Choose two).(Select 2answers)

A) HIDS
B) RAS
C) HTTP
D) vulnerability scanner
E) Port scanner


3. The Chief Executive Officer (CEO) of a small start-up company plans to set up offices in the country for the sales staff to generate business. The company has a need for an effective communication solution to remain in constant contact with each other, while maintaining a safe operation environment. A junior-level administrator suggests that the company and the sales staff stay connected through free social media. Which of the following acts is to make the best of the CEO?

A) None
B) Social media is an effective solution, because it is easy to adapt to new situations.
C) Social media is an ineffective solution, because it is not primarily intended for business applications.
D) Social media is an ineffective solution because it can not coordinate policy on the business.
E) Social media is an effective solution, because the SSL encryption is implemented.


4. XYZ Company has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the safety of the client and server components of the web application to launch. Which of the following is the penetration tester most likely to use when performing black box testing of the safety of the companyà ¬ YS purchased app? (Choose two).(Select 2answers)

A) local proxy
B) sandbox
C) Port scanner
D) code review
E) fuzzer


5. A security consultant is conducting a network assessment and wants each legacy backup Internet connections on the network may have discovered. Where the consultant would this information and why it would be valuable?

A) This information can be found by accessing the telecom billing records and valuable, because back-up connections usually have much lower latency than the primary connections.
B) This information can be found by querying the network DNS servers, and is valuable because backup DNS servers usually permissible recursive questions of Internet hosts.
C) None
D) This information can be found in the global routing tables, and is valuable because backup connections usually have no perimeter protection as strong as the primary connection.
E) This information can be found by calling the regional Internet registry, and is valuable because backup connections usually do not need VPN access to the network.