1. A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used?

A) Credentialed scan
B) Bypassing security controls
C) Passive scan
D) Gray box vulnerability testing



2. A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement?

A) Dual factor authentication
B) Biometric authentication
C) Single factor authentication
D) Transitive authentication



3. Audit logs from a small company - s vulnerability scanning software show the following findings: Destinations scanned: -Server001- Internal human resources payroll server -Server101-Internet-facing web server -Server201- SQL server for Server101 -Server301-Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found: -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server201-OS updates not fully current -Server301- Accessible from internal network without the use of jumpbox -Server301-Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern,which of the following servers should be addressed FIRST?

A) Server101
B) Server301
C) Server001
D) Server201



4. A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? (Select TWO)(Select 2answers)

A) Email content encryption
B) Message integrity
C) Steganography
D) Transport security
E) Non-repudiation


5. Many employees are receiving email messages similar to the one shown below: From IT department To employee Subject email quota exceeded Pease click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quota. Upon reviewing other similar emails,the security administrator realized that all the phishing URLs have the following common elements,they all use HTTP,they all come from .info domains,and they all contain the same URI. Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL,while at the same time minimizing false positives?

A) DENY http://*.info/email.php?quota=1Gb
B) DROP http://'website.info/email.php?*
C) BLOCK http://www.*.info/'
D) Redirect http://www,*. Info/email.php?quota=*TOhttp://company.com/corporate_polict.html