1. An assessor identifies automated methods for identifying the security compliance by validating sensors on the endpoint and Tier 2. Which of the following practices to meet continuous monitoring of unauthorized information?

A) test and evaluate safety
B) Risk assessment
C) None
D) current authorization
E) Independent verification and validation


2. select id, name, surname of authors User Input = firstname = Hack; man name = Johnson Which of the following types of attacks are attempts user?

A) None
B) Command injection
C) SQL injection
D) XML injection
E) Cross-site scripting


3. A government agency considers confidentiality is paramount and availability are issues to be of minimal importance. Knowing which of the following commands correct several vulnerabilities in order of most important to least important?

A) CSRF, Fault injection, Memory Leaks
B) Uncertain object found, CSRF, Smurf
C) Privilege escalation, Application DoS, buffer overflow
D) None
E) SQL injection, resource depletion, Privilege escalation


4. A security administrator wants the ROI of a security design that includes calculating the purchase of new equipment. The equipment costs $ 50,000 and it will take 50 hours to install and configure the equipment. The manager intends to hire a contractor at a rate of $ 100 / hour to do the installation. Given that the new design and the equipment will allow the company to increase revenues and make an additional $ 100,000 for the first year, which of the following ROI is expressed as a percentage for the first year?

A) 82 percent
B) 5.5 percent
C) 45 percent
D) None
E) -45 percent


5. A new internal network segmentation solution will be implemented in the enterprise consisting of 200 internal firewalls. As part of carrying out a pilot project was established that the application takes place three new changes to the network before operational. Security now has a significant effect on the overall availability. Which of the following would execute the first process as a result from these findings?

A) Engage internal auditors for a review of the project to determine why and how the project is not carried out to meet the safety requirements. As part of the review asking them to assess control effectiveness.
B) Reviewed in order to determine whether the control effectiveness is in line with the complexity of the solution. Decide whether the requirements can be met with a simpler solution.
C) None
D) Decrease the SLA to an acceptable level and run to see a risk assessment or the solution can be met by a different solution. Reuse firewall infrastructure to other projects.
E) Conducting a cost-benefit analysis and implementation of the solution as it is, as long as the risks are understood by the entrepreneurs around availability issues. Reduce the current SLA expectations for the new solution to adapt.