1. As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined inthe SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)(Select 2answers)

A) IPS configuration
B) Maintenance windows
C) Timing of the scan
D) Incident response policies
E) Excluded hosts
F) Contents of the executive summary report

2. A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate networkwith a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were givencopies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware thatoriginated from one of the contractors laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

A) Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.
B) Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
C) Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.
D) Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
E) Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.


3. A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).(Select 2answers)

A) Encryption
B) Software assurance
C) Acceptable use policies
D) Password complexity
E) Log aggregation and analysis
F) Network isolation and separation

4. An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?

A) Utilize a jump box that is only allowed to connect to clients from the management network.
B) Implement role-based group policies on the management network for client access.
C) Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
D) Deploy a company-wide approved engineering workstation for management access.



5. A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performingslowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of thefollowing can be implemented to maintain the availability of the website?

A) VPN
B) MAC filtering
C) Honeypot
D) DMZ
E) Whitelisting