In an effort to minimize costs, the management of a small candy company wishes to explore a cloud service
option for the development of its online applications. The company does not wish to invest heavily in IT
infrastructure. Which of the following solutions should be recommended?

A senior network security engineer has been tasked to decrease the attack surface of the corporate network.
Which of the following actions would protect the external network interfaces from external attackers performing
network scanning?

Customers have recently reported incomplete purchase history and other anomalies while accessing their
account history on the web server farm. Upon investigation, it has been determined that there are version
mismatches of key e-commerce applications on the production web servers. The development team has direct
access to the production servers and is most likely the cause of the different release versions. Which of the
following process level solutions would address this problem?

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote
server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further
investigation, a technician notices that there are a few unidentified processes running on a number of the
servers. What would be a key FIRST step for the data security team to undertake at this point?

A company has a difficult time communicating between the security engineers, application developers, and
sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and
application developers are falling behind schedule. Which of the following should be done to solve this?

A facilities manager has observed varying electric use on the company’s metered service lines. The facility
management rarely interacts with the IT department unless new equipment is being delivered. However, the
facility manager thinks that there is a correlation between spikes in electric use and IT department activity.
Which of the following business processes and/or practices would provide better management of organizational
resources with the IT department’s needs? (Select TWO).

An IT manager is working with a project manager to implement a new ERP system capable of transacting data
between the new ERP system and the legacy system. As part of this process, both parties must agree to the
controls utilized to secure data connections between the two enterprise systems. This is commonly
documented in which of the following formal documents?

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the
risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE
resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering
solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy
of a data leakage event after implementing the web filtering solution?

An IT Manager is concerned about errors made during the deployment process for a new model of tablet.
Which of the following would suggest best practices and configuration parameters that technicians could follow
during the deployment process?

An information security assessor for an organization finished an assessment that identified critical issues with
the human resource new employee management software application. The assessor submitted the report to
senior management but nothing has happened. Which of the following would be a logical next step?