A company is deploying a new video conferencing system to be used by the executive team for board
meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be
used for encryption of board papers, and chose the strongest available stream cipher to be configured for video
streaming.
Which of the following ciphers should be chosen? (Choose two)

In performing an authorized penetration test of an organization’s system security, a penetration tester collects
information pertaining to the application versions that reside on a server. Which of the following is the best way
to collect this type of information?

Client computers login at specified times to check and update antivirus definitions using a dedicated account
configured by the administrator. One day the clients are unable to login with the account, but the server still
responds to ping requests. The administrator has not made any changed. Which of the following most likely
happened?

A network administrator was to implement a solution that will allow authorized traffic, deny unauthorized traffic
and ensure that appropriate ports are being used for a number of TCP and UDP protocols. Which of the
following network controls would meet these requirements?

A switch is set up to allow only 2 simultaneous MAC addresses per switch port. An administrator is reviewing a
log and determines that a switch ort has been deactivated in a conference room after it detected 3 or more
MAC addresses on the same port. Which of the following reasons could have caused this port to be disabled?

During a recent audit, the auditors cited the company’s current virtual machine infrastructure as a concern. The
auditors cited the fact that servers containing sensitive customer information reside on the same physical host
as numerous virtual machines that follow less stringent security guild lines. Which of the following would be the
best choice to implement to address this audit concern while maintain the current infrastructure?

A risk management team indicated an elevated level of risk due to the location of a corporate datacenter in a
region with an unstable political climate. The chief information officer (CIO) accepts the recommendation to
transition the workload to an alternate datacenter in a more stable region. Which of the following forms of risk
mitigation has the CIO elected to pursue?

A user has called the help desk to report an enterprise mobile device was stolen. The technician receiving the
call accesses the MDM administration portal to identify the device’s last known geographic location. The
technician determines the device is still communicating with the MDM. After taking note of the last known
location, the administrator continues to follow the rest of the checklist. Which of the following identifies a
possible next step for the administrator?

A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device user
is a four-digit PIN.
Which of the following is a mobile device security control that ensures the confidentiality of company data?

A security analyst is working on a project team responsible for the integration of an enterprise SSO solution.
The SSO solution requires the use of an open standard for the exchange of authentication and authorization
across numerous web based applications. Which of the following solutions is most appropriate for the analyst to
recommend in this scenario?