The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy systemoperational for the next two years. The legacy system is out of support because the vendor and security
patches are no longer released. Additionally, this is a proprietary embedded system and little is documented
and known about it. Which of the following should the Information Technology department implement to reduce
the security risk from a compromise of this system?

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure.
The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following
security goals does this meet? (Select TWO).

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP
intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by
the developers?

A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the “big data” platform
Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be
used for the purpose of trending, insights, and/or discoveryWhich of the following are the BEST security considerations to protect data from one customer being disclosed
to other customers? (Select THREE).

Company A needs to export sensitive data from its financial system to company B’s database, using company
B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to
transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial
system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial
software does not support encryption, while company B’s API supports encryption. Which of the following will
provide end-to-end encryption for the data transfer while adhering to these requirements?

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-tothe-home in many areas with hopes of also providing telephone and Internet services. The telephone and
Internet services portions of the company will each be separate subsidiaries of the parent company. The board
of directors wishes to keep the subsidiaries separate from the parent company. However all three companies
must share customer data for the purposes of accounting, billing, and customer authentication. The solution
must use open standards, and be simple and seamless for customers, while only sharing minimal data between
the companies. Which of the following solutions is BEST suited for this scenario?

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate
networks while keeping one consistent wireless client configuration. Each company wants to maintain its own
authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is
authenticated by the home office when connecting to the other companies’ wireless network. All three
companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the
following should the three companies implement?

A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a
lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance
targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get back on track. What should we do first to securely enable this capability for my
group?”
Based on the information provided, which of the following would be the MOST appropriate response to the
CFO?

A software development manager is taking over an existing software development project. The team currently
suffers from poor communication due to a long delay between requirements documentation and feature
delivery. This gap is resulting in an above average number of security-related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?

The helpdesk department desires to roll out a remote support application for internal use on all company
computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging,
inventory management, and remote registry access. The risk management team has been asked to review
vendor responses to the RFQ. Which of the following questions is the MOST important?