A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate
network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST
explains why this company should proceed with protecting its corporate network boundary?

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location
of the malware file,

which of the following helps to determine when the system became infected?

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a
risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based
storage. Which of the following risk strategies did the CISO implement?

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists
access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records
management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and
specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the
following are of MOST concern? (Select TWO).

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design
must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST
supports the given requirements?

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network
that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the
following processes should be followed?

Which of the following provides the BEST risk calculation methodology?

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus
platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the
following tools can BEST meet the CISO’s requirement?

A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication
services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following
business agreements is MOST relevant to the vendors and service provider’s relationship?