A security administrator is auditing a database server to ensure the correct security measures are
in place to protect the data. Some of the fields consist of people’s first name, last name, home
address, date of birth and mothers last name. Which of the following describes this type of data?

Which of the following would be MOST appropriate if an organization’s requirements mandate
complete control over the data and applications stored in the cloud?

Joe, the information security manager, is tasked with calculating risk and selecting controls to
protect a new system. He has identified people, environmental conditions, and events that could
affect the new system. Which of the following does he need to estimate NEXT in order to complete
his risk calculations?

The data security manager is notified that a client will be sending encrypted information on optical
discs for import into the company database. Once imported, the information is backed up and the
discs are no longer needed. Following the import, which of the following is the BEST action for the
manager to take?

A network administrator identifies sensitive files being transferred from a workstation in the LAN to
an unauthorized outside IP address in a foreign country. An investigation determines that the
firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following
is the MOST likely reason for the incident?

Which of the following represents a cryptographic solution where the encrypted stream cannot be
captured by a sniffer without the integrity of the stream being compromised?

A security administrator must implement a network that is immune to ARP spoofing attacks. Which
of the following should be implemented to ensure that a malicious insider will not be able to
successfully use ARP spoofing techniques?

After working on his doctoral dissertation for two years, Joe, a user, is unable to open his
dissertation file. The screen shows a warning that the dissertation file is corrupted because it is
infected with a backdoor, and can only be recovered by upgrading the antivirus software from the
free version to the commercial version. Which of the following types of malware is the laptop
MOST likely infected with?

An employee connects a wireless access point to the only jack in the conference room to provide
Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious
user is able to intercept clear text HTTP communication between the meeting attendees and the
Internet. Which of the following is the reason the malicious user is able to intercept and see the
clear text communication?

A technician wants to securely collect network device configurations and statistics through a
scheduled and automated process. Which of the following should be implemented if configuration
integrity is most important and a credential compromise should not allow interactive logons?