NEW QUESTION NO: 10
A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring?
A. Offboarding
B. Account expiration
C. Time-of-day restrictions
D. Permission auditing and review
Answer: A

NEW QUESTION NO: 11
Which of the following must be intact for evidence to be admissible in court?
A. Order of violation
B. Preservation
C. Legal hold
D. Chain of custody
Answer: D

NEW QUESTION NO: 12
A security administrator has found a hash in the environment known to belong to malware. The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system.
File: winx86_adobe_flash_upgrade.exe
Hash: 99ac28bede43ab869b853ba62c4ea243
The administrator pulls a report from the patch management system with the following output:

Given the above outputs, which of the following MOST likely happened?
A. The file was not approved in the application whitelist system.
B. The file was infected when the patch manager downloaded it.
C. The file was embedded with a logic bomb to evade detection.
D. The file was corrupted after it left the patch system.
Answer: C

NEW QUESTION NO: 13
An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server?
A. Snapshot
B. Full
C. Incremental
D. Differential
Answer: C

NEW QUESTION NO: 14
Malicious traffic from an internal network has been detected on an unauthorized port on an application server.
Which of the following network-based security controls should the engineer consider implementing?
A. ACLs
B. MAC filtering
C. HIPS
D. NAT
Answer: A

NEW QUESTION NO: 15
Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transported. Which of the following BEST describes the attack vector used to infect the devices?
A. DNS poisoning
B. URL hijacking
C. Typo squatting
D. Cross-site scripting
Answer: C

NEW QUESTION NO: 16
Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Which of the following should be used to sign the user's certificates?
A. RA
B. CSR
C. CA
D. CRL
Answer: C

NEW QUESTION NO: 17
An auditor is reviewing the following output from a password-cracking tool:
User:1: Password1
User2: Recovery!
User3: Alaskan10
User4: 4Private
User5: PerForMance2
Which of the following methods did the author MOST likely use?
A. Hybrid
B. Rainbow table
C. Brute force
D. Dictionary
Answer: A

NEW QUESTION NO: 18
Users report the following message appears when browsing to the company's secure site: This website cannot be trusted.Which of the following actions should a security analyst take to resolve these messages? (Select two.)
A. Update the root certificate into the client computer certificate store.
B. Have users clear their browsing history and relaunch the session.
C. Install the updated private key on the web server.
D. Ensure the certificate has a .pfx extension on the server.
E. Verify the certificate has not expired on the server.
Answer: A,E

NEW QUESTION NO: 19
A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network.

Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?
A. Conduct a ping sweep of each of the authorized systems and see if an echo response is received.
B. Physically check each of the authorized systems to determine if they are logged onto the network.
C. Deny the "unknown" host because the hostname is not known and MAC filtering is not applied to this host.
D. Apply MAC filtering and see if the router drops any of the systems.
Answer: C

NEW QUESTION NO: 20
A penetration tester finds that a company's login credentials for the email client were client being sent in clear text. Which of the following should be done to provide encrypted logins to the email server?
A. Enable MIME services and POP3.
B. Enable an SSL certificate for IMAP services.
C. Enable IPSec and configure SMTP.
D. Enable SSH and LDAP credentials.
Answer: B