An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by
the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of
the following is the MOST accurate statement?

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website. Which of the following is the MOST likely cause of the
downtime?

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would
be before looking further into this concern. Two vendor proposals have been received:
– Vendor A: product-based solution which can be purchased by the pharmaceutical company.
– Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to
be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.
– Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company’s needs.
Bundled offering expected to be $100,000 per year.
Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the
following options is MOST accurate?

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following
BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were
created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger?

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month.
The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per

month and be more secure. How many years until there is a return on investment for this new package?

An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org,
archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single
issued certificate?

A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in
order to speed up the time to market timeline. Which of the following is the MOST appropriate?

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting
attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?