An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?
A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?
A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:
Which of the following can the security analyst conclude based on the review?
A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?