** Please with an explanation if possible **

*Please answers all or leave it to another expert*

Question #:1

Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution?

A. Buffer overflow

B. DLL injection

C. Pointer dereference

D. Race condition

-------------------------------------------------------------------------------------------------------------

Question #:2

A Chief Executive Officer (CEO) is staying at a hotel during a business trip. The hotel's wireless network does not show a lock symbol. Which of the following precautions should the CEO take? (Select TWO).

Change the connection type to WPA2.

Change TKIP to CCMR

Use a VPN. Tether to a mobile phone.

Create a tunnel connection with EAP-TTLS.

-------------------------------------------------------------------------------------------------------------

Question #:3

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Select TWO).

Privileged accounts

Password reuse restrictions

Password complexity requirements

Password recovery

Account disablement

------------------------------------------------------------------------------------------------------------- Question #:4

Which of the following BEST explains likelihood of occurrence'?

The chance that an event will happen regardless of how much damage it may cause

The overall impact to the organization once all factors have been considered

The potential for a system to have a weakness or aw that might be exploited

The probability that a threat actor will target and attempt to exploit an organization's systems

-------------------------------------------------------------------------------------------------------------

Question #:5

A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue?

A. OSCP

B. OID

C. PEM

D. SAN

------------------------------------------------------------------------------------------------------------- Question #:6

A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?

A. Nmap

B. Nslookup

C. Netcat

D. Netstat

-------------------------------------------------------------------------------------------------------------

Question #:7

Which of the following explains why a vulnerability scan might return a false positive?

A. The scan is performed at a time of day when the vulnerability does not exist.

B. The test Is performed against the wrong host.

C. The signature matches the product but not the version information.

D. The hosts are evaluated based on an OS-specific profile.

------------------------------------------------------------------------------------------------------------- Question #:8

Which of the following may indicate a configuration item has reached end-of-life?

A. The device will no longer turn on and indicates an error

B. The vendor has not published security patches recently.

C. The object has been removed from the Active Directory.

D. Logs show a performance degradation of the component.

------------------------------------------------------------------------------------------------------------- Question #:9

Which of the following are considered among the BEST indicators that a received message is a hoax? (Select TWO.)

A. Minimal use of uppercase letters in the message

B. Warnings of monetary loss to the receiver

C. No valid digital signature from a known security organization

D. Claims of possible damage to computer hardware

E. Embedded URLs

------------------------------------------------------------------------------------------------------------- Question #:10

An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

A. Call the CEO directly to ensure awareness of the event

B. Run a malware scan on the CEO's workstation

C. Reimage the CEO's workstation

D. Disconnect the CEO's workstation from the network.