A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The
application has been written by developers over the last six months and the project is currently in the test phase.
Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select
TWO).

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to
determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable.
Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security
infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third
party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this
situation?

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was
determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall
availability. Which of the following would be the FIRST process to perform as a result of these findings?

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company
needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level
administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and
information security news?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command
string:
user@hostname:~$ sudo nmap O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black
box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service
(DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly
embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the
following would MOST appropriately address Joe’s concerns?