A chief information security officer (CISO) is providing a presentation to a group of network engineers. In the
presentation, the CISO presents information regarding exploit kits. Which of the following might the CISO
A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this
goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and
supports authenticated encryption. Which of the following would meet these objectives?
A company wishes to prevent unauthorized employee access to the data center. Which of the following is the
MOST secure way to meet this goal?
A risk assessment team is concerned about hosting data with a cloud service provider (CSP) which of the
following findings would justify this concern?
An administrator is implementing a new management system for the machinery on the company’s production
line. One requirement is that the system only be accessible while within the production facility. Which of the
following will be the MOST effective solution in limiting access based on this requirement?
To mitigate the risk of intrusion, an IT Manager is concerned with using secure versions of protocols and
services whenever possible. In addition, the security technician is required to monitor the types of traffic being
generated. Which of the following tools is the technician MOST likely to use?
A server crashes at 6 pm. Senior management has determined that data must be restored within two hours of a
server crash. Additionally, a loss of more than one-hour worth of data is detrimental to the company’s financial
Which of the following is the RTO?
The IT department has been tasked with reducing the risk of sensitive information being shared with
unauthorized entities from computers it is saved on, without impeding the ability of the employees to access the
internet. Implementing which of the following would be the best way to accomplish this objective?
A system administrator is conducting baseline audit and determines that a web server is missing several critical
updates. Which of the following actions should the administrator perform first to correct the issue?
A Company transfers millions of files a day between their servers. A programmer for the company has created
a program that indexes and verifies the integrity of each file as it is replicated between servers. The
programmer would like to use the fastest algorithm to ensure integrity. Which of the following should the