A security administrator is tasked with securing a company’s headquarters and branch offices
move to unified communications. The Chief Information Officer (CIO) wants to integrate the
corporate users’ email, voice mail, telephony, presence and corporate messaging to internal
computers, mobile users, and devices. Which of the following actions would BEST meet the CIO’s
goals while providing maximum unified communications security?

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP
cameras with built-in web management. Ann has several security guard desks on different
networks that must be able to view the cameras without unauthorized people viewing the video as
well. The selected IP camera vendor does not have the ability to authenticate users at the camera
level. Which of the following should Ann suggest to BEST secure this environment?

A general insurance company wants to set up a new online business. The requirements are that
the solution needs to be:
Extendable for new products to be developed and added
Externally facing for customers and business partners to login
Usable and manageable
Be able to integrate seamlessly with third parties for non core functions such as document
printing
Secure to protect customer’s personal information and credit card information during transport
and at rest
The conceptual solution architecture has specified that the application will consist of a traditional
three tiered architecture for the front end components, an ESB to provide services, data
transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the
solution architecture? (Select TWO).

A retail bank has had a number of issues in regards to the integrity of sensitive information across
all of its customer databases. This has resulted in the bank’s share price decreasing in value by
50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to
solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following
requirements:
Be across all major platforms, applications and infrastructure.
Be able to track user and administrator activity.
Does not significantly degrade the performance of production platforms, applications, and
infrastructures.
Real time incident reporting.
Manageable and has meaningful information.
Business units are able to generate reports in a timely manner of the unit’s system assets.
In order to solve this problem, which of the following security solutions will BEST meet the above
requirements? (Select THREE).

Company XYZ has employed a consultant to perform a controls assessment of the HR system,
backend business operations, and the SCADA system used in the factory. Which of the following
correctly states the risk management options that the consultant should use during the
assessment?

Company XYZ has had repeated vulnerability exploits of a critical nature released to the
company’s flagship product. The product is used by a number of large customers. At the Chief
Information Security Officer’s (CISO’s) request, the product manager now has to budget for a team
of security consultants to introduce major product security improvements.
Here is a list of improvements in order of priority:

1. A noticeable improvement in security posture immediately.
2. Fundamental changes to resolve systemic issues as an ongoing process
3. Improvements should be strategic as opposed to tactical
4. Customer impact should be minimized
Which of the following recommendations is BEST for the CISO to put forward to the product
manager?