1. File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:chmod 777 Rv /usrWhich of the following may be occurring?

A) Administrative functions have been locked from users.
B) Administrative commands have been made world readable/writable.
C) The ownership pf /usr has been changed to the current user.
D) The ownership of/usr has been changed to the root user.



2. A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report theapplications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day. Which of the followingshould a security architect recommend to improve the end-user experience without lowering the security posture?

A) Configure directory services with a federation provider to manage accounts.
B) Configure user accounts for self-service account management.
C) Configure a web browser to cache the user credentials.
D) Create a group policy to extend the default system lockout period.



3. An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kalis latestdistribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of thefollowing techniques did the analyst use to perform these unauthorized activities?

A) Impersonation
B) Directory traversal
C) Privilege escalation
D) Input injection



4. A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results ofthe scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)(Select 2answers)

A) Business process interruption
B) Inappropriate data classifications
C) Incomplete asset inventory
D) SLAs with the supporting vendor
E) Required sandbox testing


5. An alert has been distributed throughout the information security community regarding a critical Apache vulnerability. Which of the following courses of action wouldONLY identify the known vulnerability?

A) Perform an authenticated scan on all web servers in the environment.
B) Perform a web vulnerability scan on all servers in the environment.
C) Perform an unauthenticated vulnerability scan on all servers in the environment.
D) Perform a scan for the specific vulnerability on all web servers.