QUESTION 21 A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?
A. Conduct web server load tests. B. Conduct static code analysis. C. Conduct fuzzing attacks. D. Conduct SQL injection and XSS attacks.
QUESTION 11 Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time. Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploited B. Remnants of network data from prior customers on the physical servers during a compute job C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
QUESTION 1 A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company’s video conference. All parties must be issued a VPN account and must connect to the company’s VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?
A. IPSec transport mode is enabled B. ICMP is disabled C. Split tunneling is disabled D. NAT-traversal is enabled