A company is in the process of implementing a new front end user interface for its customers, the goal is to
provide them with more self service functionality. The application has been written by developers over the last
six months and the project is currently in the test phase. Which of the following security activities should be
implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select
TWO).

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop
exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be
implemented to reduce the risk of an extended customer service outage due to the VoIP system being
unavailable. Which of the following BEST describes the scenario presented and the document the ISO is
reviewing?

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because
money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The
business recently funded a patch management product and SOE hardening initiative. A third party auditor
reported findings against the business because some systems were missing patches. Which of the following
statements BEST describes this situation?

A new internal network segmentation solution will be implemented into the enterprise that consists of 200
internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a
new application onto the network before it is operational. Security now has a significant effect on overall
availability. Which of the following would be the FIRST process to perform as a result of these findings?

A security administrator wants to calculate the ROI of a security design which includes the purchase of new
equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The
administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design
and equipment will allow the company to increase revenue and make an additional $100,000 on the first year,
which of the following is the ROI expressed as a percentage for the first year?

A security administrator notices a recent increase in workstations becoming compromised by malware. Often,
the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by
the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

News outlets are beginning to report on a number of retail establishments that are experiencing payment card
data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit,
network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the
MOST effective solution to protect against unrecognized malware infections?

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for
the sales staff to generate business. The company needs an effective communication solution to remain in
constant contact with each other, while maintaining a secure business environment. A junior-level administrator
suggests that the company and the sales staff stay connected via free social media. Which of the following
decisions is BEST for the CEO to make?

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the
following is a way to stay current on exploits and information security news?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her
investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on
the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778Based on this information, which of the following operating systems is MOST likely running on the unknown
node?