A member of the software development team has requested advice from the security team to implement a new
secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

A company sales manager received a memo from the company’s financial department which stated that the
company would not be putting its software products through the same security testing as previous years to
reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the
marketing material and service level agreement for each product would remain unchanged. The sales manager
has reviewed the sales goals for the upcoming year and identified an increased target across the software
products that will be affected by the financial department’s change. All software products will continue to go
through new development in the coming year. Which of the following should the sales manager do to ensure
the company stays out of trouble?

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all
common web-based development frameworks are susceptible to attack. Proof-of- concept details have
emerged on the Internet. A security advisor within a company has been asked to provide recommendations on
how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor
should respond?

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder
circumvented numerous layers of physical and electronic security measures. Company leadership has asked
for a thorough review of physical security controls to prevent this from happening again. Which of the following
departments are the MOST heavily invested in rectifying the problem? (Select THREE).

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company
employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective
troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is
located within the company headquarters and 90% of the callers are telecommuters, which of the following
tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same
time reducing company costs? (Select TWO).

Executive management is asking for a new manufacturing control and workflow automation solution. This
application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following
notes:
-Human resources would like complete access to employee data stored in the application. They would like
automated data interchange with the employee management application, a cloud- based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers. -Legal is asking for adequate
safeguards to protect trade secrets. They are also concerned with data ownership questions and legal
jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with
additional steps or overhead. System interaction needs to be quick and easy. -Quality assurance is concerned
about managing the end product and tracking overall performance of the product being produced. They would
like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL
functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation,
custom fields, and data encryption.
Which of the following departments’ request is in contrast to the favored solution?

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the
POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An
additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice
connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless.
Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times
when accessing the POS application from store computers as well as degraded voice quality when making
phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to review the
configuration and suggest changes to prevent this from happening again. Which of the following denotes theBEST way to mitigate future malware risk?

During a recent audit of servers, a company discovered that a network administrator, who required remote
access, had deployed an unauthorized remote access application that communicated over common ports
already allowed through the firewall. A network scan showed that this remote access application had already
been installed on one third of the servers in the company. Which of the following is the MOST appropriate
action that the company should take to provide a more appropriate solution?

A security engineer is working on a large software development project. As part of the design of the project,
various stakeholder requirements were gathered and decomposed to an implementable and testable level.
Various security requirements were also documented. Organize the following security requirements into the
correct hierarchy required for an SRTM. Requirement 1: The system shall provide confidentiality for data in
transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4: The system shall
provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the
company’s security posture quickly with regard to targeted attacks. Which of the following should the CSO
conduct FIRST?