Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s
policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s
financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption,
while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing
telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board
of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of
accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal
data between the companies. Which of the following solutions is BEST suited for this scenario?

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate networks while keeping one consistent wireless client
configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies
is authenticated by the home office when connecting to the other companies’ wireless network. All three companies have agreed to standardize on 802.1x EAPPEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am
having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?”
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay
between requirements documentation and feature delivery. This gap is resulting in an above average number of security- related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing,
system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor
responses to the RFQ. Which of the following questions is the MOST important?

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker

uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?

A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution
has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight
primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is
MOST applicable?

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data

sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop
sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible
via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the
following additional controls should be implemented to prevent data loss? (Select THREE).

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for
servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select
TWO).