Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following
BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were
created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger?

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month.
The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per

month and be more secure. How many years until there is a return on investment for this new package?

An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org,
archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single
issued certificate?

A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in
order to speed up the time to market timeline. Which of the following is the MOST appropriate?

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting
attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?

A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process

of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de- merger. From a high-level perspective,
which of the following BEST provides the procedure that the consultant should follow?

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for
a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.
Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was
submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred?

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:

Delivered-To: customer@example.com
Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from <IT@company.com>)
Received: by smtpex.example.com (SMTP READY)
with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500
From: Company <IT@Company.com>
To: “customer@example.com” <customer@example.com>
Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application

Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
www.examplesite.com
________________________________
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).