A company has two server administrators that work overnight to apply patches to minimize disruption to the
company. With the limited working staff, a security engineer performs a risk assessment to ensure the
protection controls are in place to monitor all assets including the administrators in case of an emergency.
Which of the following should be in place?

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the
corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his
personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of
material on his personal laptop. Which of the following should the company have employees acknowledge
before allowing them to access the corporate WLAN with their personal devices?

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into
storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined
that the authorities would need to be involved, there was little evidence to present to the investigators. Which of
the following procedures could have been implemented to aid the authorities in their investigation?

Several departments in a corporation have a critical need for routinely moving data from one system to another
using removable storage devices. Senior management is concerned with data loss and the introduction of
malware on the network. Which of the following choices BEST mitigates the range of risks associated with the
continued use of removable storage devices?

A company has just deployed a centralized event log storage system. Which of the following can be used to
ensure the integrity of the logs after they are collected?

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time
compromise. Which of the following is MOST important to the security manager?

A systems engineer has been presented with storage performance and redundancy requirements for a new
system to be built for the company. The storage solution must be designed to support the highest performanceand must also be able to support more than one drive failure. Which of the following should the engineer
choose to meet these requirements?

Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime.
Which of the following BEST describes the type of system Ann is installing?

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts
are not disabled after an employee leaves the company. Which of the following could Ann implement to help
identify accounts that are still active for terminated employees?

A security administrator would like to ensure that system administrators are not using the same password for
both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes
this goal?