1. The finance department has discovered an online shopping website that a number of customers to purchase capable products and services, without any payments. Further analysis carried out by the safety team indicated that the website allows customers to operate amount to pay for the shipping. A specially crafted value can be entered and cause a rollover, so transport costs are deducted from the balance sheet and in some cases led to a negative. As a result, the system processes the negative balance is zero dollars. Which of the following best describes application issue?

A) race condition
B) Use after free
C) integer overflow
D) Click-jacking
E) SQL injection


2. A company's Chief Executive Officer (CEO) is worried that the IT staff does not have the knowledge to complex vulnerabilities that may exist in a payment system will identify internally developed. The payment system is developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO stressed that codebase confidentiality is crucial to allow the company to outperform the competition in terms of product reliability, stability and performance. Which of the following would provide the most rigorous testing and meet the CeO ¬ YS requirements?

A) None
B) Signing an NDA with a large security consulting and using the firm Gray box testing to implement and address the findings.
C) Signing an MOU with a marketing company to the reputation of the company and use to keep their own resources for the samples.
D) Draw a BPA with a small software consultancy and the use of the company Black box testing implement and address the findings.
E) Use the most qualified and senior developers on the project to test a variety of White box and code reviews to execute.


3. A medical device manufacturer has decided to work with other international organizations to develop software for a new robotic surgical platform be implemented in hospitals within the next 12 months. With a view to ensuring a competitor not be aware, the management decided in the medical device manufacturer to keep it secret until the formal contracts are signed. Which of the following is most likely to contain a description of baseline conditions and regulations and is not legally enforceable?

A) STD
B) MOU
C) OLA
D) LETTUCE
E) BPA


4. A security analyst, Ann says she believes the Internet faced file servers are attacked. Which of the following is the proof that Ann would help in making a case to management that action must be taken to protect these servers?

A) Set up alerts at a certain threshold to the analyst of the high activity up to date
B) Provide a report with the file transfer logs from servers
C) Compare the current activity to the baseline of normal activity
D) None
E) Maintain a record of all IP addresses that connect to the system and their locations


5. A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized data center and access to the terminal server with two-factor authentication for customer access to the administration website. The security manager at the company has a breach in confidentiality of the data revealed. Sensitive customer data A was found in a hidden folder inside the VM from company B. B is not in the same sector as Company A and the two are not rivals. Which of the following is most likely to occur?

A) None
B) An employee with administrative access to virtual guests were able to host memory dump on a mapped drive.
C) A stolen two factor token was used to transfer data from one virtual host to another host on the same network segment.
D) Both VMs were left unprotected and an attacker was able to network vulnerabilities for any access to moving the data to exploit.
E) A hypervisor server was un-patched left and an attacker was able to use a resource exhaustion attack to gain unauthorized access to.