A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company
projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received
three quotes from different companies that provide HIPS.
– The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.
– The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a
12% annual fee based on the number of workstations.
– The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?

Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back
to the home school for authentication via the Internet.
The requirements are:
– Mutual authentication of clients and authentication server
– The design should not limit connection speeds
– Authentication must be delegated to the home school
– No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on the same physical platform?

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense
method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which
of the following methodologies should be adopted?

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS
servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the- middle attack. Which of the
following controls should be implemented to mitigate the attack in the
future?

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an
AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to
ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third
party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on
mobile devices?

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users
against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the
second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and
ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to
the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in
securing the enterprise under the new policy? (Select TWO).

Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speaking with the network administrator, the security
administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Which of the following solutions minimizes
the performance impact on the router?