An administrator is implementing a new network-based storage device. In selecting a storage protocol, the
administrator would like the data in transit’s integrity to be the most important concern. Which of the following
protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data?

A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a
company asset. Which of the following is a limitation of this approach to risk management?

An accountant at a small business is trying to understand the value of a server to determine if the business can
afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000,
ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the
accountant?

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a
business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager
that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to
fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average
every four years. Which of the following is the ALE?

The telecommunications manager wants to improve the process for assigning company-owned mobile devices
and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard
and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following
should be implemented to ensure these processes can be automated? (Select THREE).

An international shipping company discovered that deliveries left idle are being tampered with. The company
wants to reduce the idle time associated with international deliveries by ensuring that personnel are
automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be
implemented to help the company increase the security posture of its operations?

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt
text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in
memory?

Using SSL, an administrator wishes to secure public facing server farms in three subdomains:
dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the
number of wildcard SSL certificates that should be purchased?

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network
administrator sets up rules to deny packets with a source address in this subnet from entering the network, and
to deny packets with a destination address in this subnet from leaving the network. Which of the following is the
administrator attempting to prevent?

A company has adopted a BYOD program. The company would like to protect confidential information.
However, it has been decided that when an employee leaves, the company will not completely wipe the
personal device. Which of the following would MOST likely help the company maintain security when
employees leave?