The risk committee has endorsed the adoption of a security system development life cycle
(SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s
mission. Which of the following BEST describes the correct order of implementing a five phase
SSDLC?

An organization determined that each of its remote sales representatives must use a smartphone
for email access.
The organization provides the same centrally manageable model to each person.
Which of the following mechanisms BEST protects the confidentiality of the resident data?

An organization did not know its internal customer and financial databases were compromised
until the attacker published sensitive portions of the database on several popular attacker
websites. The organization was unable to determine when, how, or who conducted the attacks but
rebuilt, restored, and updated the compromised database server to continue operations.
Which of the following is MOST likely the cause for the organization’s inability to determine what
really occurred?

An administrator has a system hardening policy to only allow network access to certain services,
to always use similar hardware, and to protect from unauthorized application configuration
changes.
Which of the following technologies would help meet this policy requirement? (Select TWO).

About twice a year a switch fails in a company’s network center. Under the maintenance contract,
the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a
spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if
purchased ahead of time. The maintenance contract is $1,500 per year.
Which of the following is true in this scenario?

An administrator receives reports that the network is running slow for users connected to a certain
switch. Viewing the network traffic, the administrator reviews the following:
18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.inaddr.arpa. (42)
18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)
18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.inaddr.arpa. (42)
18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)
18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq
1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr
215646227], length 48
18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.inaddr.arpa. (41)
18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win
124, options [nop,nop,TS val 215647479 ecr 16021424], length 48
18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525,
options [nop,nop,TS val 16021424 ecr 215647479], length 0
18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)
18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46
18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.inaddr.arpa. (41)
Given the traffic report, which of the following is MOST likely causing the slow traffic?

An intrusion detection system logged an attack attempt from a remote IP address. One week later,
the attacker successfully compromised the network. Which of the following MOST likely occurred?