1. Upon notification of a problem with the online shopping cart where customers are able to arbitrarily change the price of these items, a programmer analyzes the following piece of code used by a web-based shopping. SELECT ITEM from the basket WHERE ITEM = addslashes ($ user input); The programmer found that every time a user an item to the cart, creates a temporary file on the web server / tmp directory. The temporary file has a name that is generated by concatenating the contents of the $ user input variable and a time stamp in the form of DD-MM-YYYY, (e.g. smartphone 12-25-2013.tmp) for which the price of the item being purchased. Which of the following is most likely to be exploited to manipulate the price of a shopping Carta ¬ YS items?

A) input validation
B) TOCTOU
C) None
D) Session hijacking
E) SQL injection


2. A large company acquires another company which virus uses a different supplier. The CISO has requested the data feeds from the two antivirus platforms are combined in a way that allows management to assess and rate the overall effectiveness of antivirus throughout the organization. Which of the following instruments can best meet the CISOÃ ¬ YS requirement?

A) None
B) IPS
C) CMDB
D) Syslog-ng
E) GRC


3. A security administrator was doing a packet capture and saw a system communicates with an unauthorized address in the 2001 :: / 32 prefix. The network administrator confirms that no IPv6 routing on or off the network. Which of the following is the best course of action?

A) Research network traffic and block UDP port 3544 at the firewall
B) The system outside the network on and off to the IPv6 router
C) Find and remove unauthorized 6to4 relay network
D) None
E) Turn on the switch port and block the 2001 :: / 32 traffic at the firewall


4. The Chief Information Security Officer (CISO) at a company knows that many users store business documents on the public cloud-based storage, and realizes this is a risk for the company. In response, the CISO has implements a required course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies, the CISO implement?

A) soften
B) Accept
C) Handover
D) None
E) Avoid


5. A company is in the process of outsourcing the customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and customers. The purchasing department has requested that security operations must be carried out for the deal to go through. Which of the following are the most appropriate security activities to be performed as part of the due diligence? (Choose two).(Select 2answers)

A) Security clauses are implemented in the contract, including the right to audit.
B) Revision of the organizations security policies, procedures and relevant certifications hosting
C) Penetration testing of the solution so that the customer data protected.
D) Code review of the solution to ensure that there are no loopholes in the software.
E) Physical penetration test of the data center to ensure appropriately monitored.