An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and

configuration parameters that technicians could follow during the deployment process?

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management
software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?

In a situation where data is to be recovered from an attacker’s location, which of the following are the FIRST things to capture? (Select TWO).

A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is
also anticipated that the city’s emergency and first response communication systems will be required to operate across the same network. The project manager has
experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical

infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due
care in considering all project factors prior to building its new WAN?

ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC
connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would
need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection.
Which of the following actions should be taken by the security analyst?

A critical system audit shows that the payroll system is not meeting security policy due to missing
OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current
OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as
not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to
unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.
Which of the following is the solutions architect MOST likely trying to implement?

A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation
of this approach to risk

management?

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk
manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value
calculated by the accountant?

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during
the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires
is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?