1. An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix: DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY FinancialHIGHHIGHLOW Client particular medium medium high Client addressLOWMEDIUMLOW AGGREGATEMEDIUMMEDIUMMEDIUM The auditor is advising the company for the total score and give it to senior management. Which of the following would be the revised total score?

A) MEDIUM, MEDIUM, MEDIUM
B) MEDIUM, MEDIUM, LOW
C) HIGH MID LOW
D) HIGH, HIGH, HIGH
E) None


2. An administrator has enabled salts passwords of users on a UNIX box. A penetration tester should try to get the password hashes to. Which of the following files penetration tester should use to eventually obtain passwords on the system? (Choose two).(Select 2answers)

A) / Sbin / logon
B) / Etc / shadow
C) / Etc / passwd
D) / Etc / security
E) / Etc / password


3. A security manager is looking to the next vendor proposal for a cloud-based SIEM solution. It is intended that the cost of the SIEM solution will be justified to have reduced the number of incidents and thereby save on the amount spent investigating incidents. Proposal: External cloud-based software as a service subscription costs $ 5,000 per month. Expected to reduce the current number of incidents per year with 50%. The company currently has ten security incidents per year at an average price of $ 10,000 per incident. Which of the following is the ROI for this proposal after three years?

A) $150,000
B) $120,000
C) $180,000
D) None
E) ($30,000)


4. During refresh a new desktop, all hosts are hardened at the operating system level before deployment to comply with the policy. Six months later, the company has been checked for compliance. The audit found that 40 percent did not meet the desktops. Which of the following is the most likely cause of the failure?

A) The devices are changed and settings will be overwritten in production.
B) The patch management system is caused by the devices non-compliant after release of the latest patches.
C) None
D) 40 percent of the devices to use full disk encryption.
E) The desktop applications are configured with the default username and password.


5. The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is composed of: Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch, and led by a router with five built-in interfaces. The upstream router interfaceà ¬ YS MAC 00-01-42-32-ab-1a A packet capture shows: 09: 05: 15.934840 ARP reply 172.16.34.1 is provided at 00: 01: 42: 32: ab: 1a (00: 01: 42: 32: ab: 1a) 09: 06: 16.124850 ARP reply 172.16.34.1 is provided at 00: 01: 42: 32: ab: 1a (00: 01: 42: 32: ab : 1a) 09: 07: 25.439811 ARP reply 172.16.34.1 is provided at 00: 01: 42: 32: ab: 1a (00: 01: 42: 32: ab: 1a) 09: 08: 10.937590 IP 172.16.35.1> 172.16.35.255: ICMP echo request, ID 2305, Ed 1, length 65534 09: 08: 10.937591 IP 172.16.35.1> 172.16.35.255: ICMP echo request, id 2306, the following 2, length 65534 09: 08: 10.937592 IP 172.16.35.1> 172.16 .35.255: ICMP echo request, id 2307, following three, length 65 534 which of the following is occurring on the network?

A) The default gateway is spoofed on the network.
B) One such attack is aimed at the router.
C) ARP flood attack is focused on the router
D) None
E) A man-in-the-middle attack is working on the network.