Three companies want to allow their employees to seamlessly connect to each other’s wireless
corporate networks while keeping one consistent wireless client configuration. Each company
wants to maintain its own authentication infrastructure and wants to ensure that an employee who
is visiting the other two companies is authenticated by the home office when connecting to the
other companies’ wireless network. All three companies have agreed to standardize on 802.1x
EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies
implement?

A government agency considers confidentiality to be of utmost importance and availability issues
to be of least importance. Knowing this, which of the following correctly orders various

vulnerabilities in the order of MOST important to LEAST important?

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce
business costs by outsourcing to a third party company in another country. Functions to be
outsourced include: business analysts, testing, software development and back office functions
that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about
the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls
are not implemented?

An organization has just released a new mobile application for its customers. The application has
an inbuilt browser and native application to render content from existing websites and the
organization’s new web services gateway. All rendering of the content is performed on the mobile
application.
The application requires SSO between the application, the web services gateway and legacy UI.
Which of the following controls MUST be implemented to securely enable SSO?

A bank provides single sign on services between its internally hosted applications and externally
hosted CRM. The following sequence of events occurs:
1. The banker accesses the CRM system, a redirect is performed back to the organization’s
internal systems.
2. A lookup is performed of the identity and a token is generated, signed and encrypted.
3. A redirect is performed back to the CRM system with the token.
4. The CRM system validates the integrity of the payload, extracts the identity and performs a
lookup.
5. If the banker is not in the system and automated provisioning request occurs.
6. The banker is authenticated and authorized and can access the system.
This is an example of which of the following?

A corporation implements a mobile device policy on smartphones that utilizes a white list for
allowed applications. Recently, the security administrator notices that a consumer cloud based
storage application has been added to the mobile device white list. Which of the following security
implications should the security administrator cite when recommending the application’s removal
from the white list?