Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing
website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat?

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After
undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST
appropriate to consider implementing is response to the new requirement?

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the
following can be implemented to enable users to share encrypted data while abiding by company policies?

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should
Joe put in place to BEST reduce these incidents?

A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently,
the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so
the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the
following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip?

The firewall administrator is adding a new certificate for the company’s remote access solution. The solution requires that the uploaded file contain the entire
certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is
rejected. Which of the following is required to complete the certificate chain?

Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source:
10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?

A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system
must also support non- repudiation. Which of the following implements all these requirements?