A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card
corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy.
Which of the following are true statements? (Select TWO).

An internal development team has migrated away from Waterfall development to use Agile development.
Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market.
However, some staff within the security team have contended that Agile development is not secure. Which of
the following is the MOST accurate statement?

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website. Which of
the following is the MOST likely cause of the downtime?

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO
wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor
proposals have been received:
Vendor A: product-based solution which can be purchased by the pharmaceutical company.
Capital expenses to cover central log collectors, correlators, storage and management consoles expected to
be $150,000. Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the
solution, and 1 full time employee to respond to incidents per year.
Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company’s
needs.
Bundled offering expected to be $100,000 per year.
Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE
per year.
Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two
vendor proposals over a 5 year period, which of the following options is MOST accurate?

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at
Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from
gaining access to unauthorized Company ABC systems?

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

A large company is preparing to merge with a smaller company. The smaller company has been very profitable,
but the smaller company’s main applications were created in-house. Which of the following actions should the
large company’s security administrator take in preparation for the merger?

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The
legacy product generates $10,000 in revenue a month. The new software product has an initial cost of
$180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue
per month and be more secure. How many years until there is a return on investment for this new package?

An administrator is tasked with securing several website domains on a web server. The administrator elects to
secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same
certificate. Which of the following would allow the administrator to secure those domains with a single issued
certificate?

A business unit of a large enterprise has outsourced the hosting and development of a new external website
which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the
following is the MOST appropriate?