After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?

• A.One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
• B.One key pair will be used for encryption. The other key pair will provide extended validation.
• C.Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
• D.One key pair will be used for internal communication, and the other will be used for external communication.

Comment: *

Name: *

Email: *

Verification: *

An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact.

Which of the following is this table an example of?

• A.Privacy impact assessment
• B.Internal threat assessment
• C.Supply chain assessment
• D.Qualitative risk assessment

Comment: *

Name: *

Email: *

Verification: *

A vulnerability scan was run multiple times. The first lime, the scan detected multiple operating system flaws The second time the scan indicated that a few third-party application programs required patching and no operating system flaws. Which of the following is the MOST likely cause tor the different scan results?

• A.The second scan used credentials that were configured for time-of-day scanning
• B.The initial scan used credentials mat had limited access to system resources
• C.The vulnerability scanner was not configured with the common vulnerability and exposure database
• D.The first scan had full-system scanning capabilities

Comment: *

Name: *

Email: *

Verification: *

A security administrator has found a hash in the environment known to belong to malware. The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system.
File: winx86_adobe_flash_upgrade.exe
Hash: 99ac28bede43ab869b853ba62c4ea243
The administrator pulls a report from the patch management system with the following output:

Given the above outputs, which of the following MOST likely happened?

• A.The file was infected when the patch manager downloaded it.
• B.The file was embedded with a logic bomb to evade detection.
• C.The file was corrupted after it left the patch system.
• D.The file was not approved in the application whitelist system.

Comment: *

Name: *

Email: *

Verification: *

Drag and drop the correct protocol to its default port.

Correct Answer:

Explanation

FTP uses TCP port 21. Telnet uses port 23.
SSH uses TCP port 22.
All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25.
Port 69 is used by TFTP.
SNMP
makes use of UDP ports 161 and 162. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Comment: *

Name: *

Email: *

Verification: *