A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the
external network interfaces from external attackers performing network scanning?

A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the
application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this?

A facilities manager has observed varying electric use on the company’s metered service lines. The facility management rarely interacts with the IT department
unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity.
Which of the following business processes and/or practices would provide better management of organizational resources with the IT department’s needs? (Select
TWO).

An IT manager is working with a project manager to implement a new ERP system capable of

transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data
connections between the two enterprise systems. This is commonly documented in which of the following formal documents?

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data
leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web
filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing
the web filtering solution?

An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and

configuration parameters that technicians could follow during the deployment process?

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management
software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?

In a situation where data is to be recovered from an attacker’s location, which of the following are the FIRST things to capture? (Select TWO).

A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is
also anticipated that the city’s emergency and first response communication systems will be required to operate across the same network. The project manager has
experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical

infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due
care in considering all project factors prior to building its new WAN?

ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC
connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would
need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection.
Which of the following actions should be taken by the security analyst?