An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management
(CRM) application. Which of the following ensures the organization mitigates the risk of managing separate
user credentials?

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It
will host the entire organization’s customer database. The database will be accessed by both the company’s
users and its customers. The procurement department has asked what security activities must be performed
for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as
part of due diligence? (Select TWO).

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation
shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million.
Additionally, the business unit which depends on the critical business function has determined that there is a
high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full
system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional
compensating controls. Which of the following should the CIO recommend to the finance director to minimize
financial loss?

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and
now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor
authentication on the company’s wireless system. Due to budget constraints, the company will be unable to
implement the requirement for the next two years. The ISO is required to submit a policy exception form to the
Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the
exception form? (Select THREE).

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the
company’s online shopping application. Based on heuristic information from the Security Operations Center
(SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business
Operations department has determined the loss associated to each attack is $40,000. After implementing
application caching, the number of DoS attacks was reduced to one time a year. The cost of the
countermeasures was $100,000. Which of the following is the monetary value earned during the first year of
operation?

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by
outsourcing to a third party company in another country. Functions to be outsourced include: business analysts,
testing, software development and back office functions that deal with the processing of customer data. The
Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST
likely to occur if adequate controls are not implemented?

A new piece of ransomware got installed on a company’s backup server which encrypted the hard drives
containing the OS and backup application configuration but did not affect the deduplication data hard drives.
During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of
the following is the PRIMARY concern?

An insurance company is looking to purchase a smaller company in another country. Which of the following
tasks would the security administrator perform as part of the security due diligence?

Which of the following describes a risk and mitigation associated with cloud data storage?

The risk manager has requested a security solution that is centrally managed, can easily be updated, and
protects end users’ workstations from both known and unknown malicious attacks when connected to either the
office or home network. Which of the following would BEST meet this requirement?