a company is deploying an new video conferencing system to be used by the executive team for board
meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to
be used for encryption of board papers, and chose the strongest available stream cipher to be configured
for video streaming. Which of the following ciphers should be chosen? (Select two)

Joe has hired several new security administrators and have been explaining the4 design of the company’s
network. He has described the position and descriptions of the company’s firewalls, IDS sensors, antivirus
server, DMZs, and HIPS. Which of the following best describes the incorporation of these elements?

A security administrator is selecting an MDM solution for an organization, which has strict security
requirements for the confidentiality of its data on end user devices. The organization decides to allow
BYOD, but requires that users wishing to participate agree to the following specific device configurations;
camera disablement, password enforcement, and application whitelisting. The organization must be able
to support a device portfolio of differing mobile operating systems. Which of the following represents the
MOST relevant technical security criteria for the MDM?

Employees are reporting that they have been receiving a large number of emails advertising products and
services. Links in the email direct the users’ browsers to the websites for the items being offered. No
reports of increased virus activity have been observed. A security administrator suspects that the users
are the targets of:

An employee finds a usb drive in the employee lunch room and plugs the drive into a shared workstation
to determine who owns the drive. When the drive is inserted, a command prompt opens and a script
begins to run. The employee notifies a technician who determines that data on a server have been
compromised. This is an example of:

A chief information officer (CIO) is concerned about PII contained in the organization’s various data
warehouse platforms. Since not all of the PII transferred to the organization is required for proper
operation of the data warehouse application, the CIO requests the in needed PII data be parsed and
securely discarded. Which of the following controls would be MOST appropriate in this scenario?

The security administrator receives a service ticket saying a host based firewall is interfering with the
operation of a new application that is being tested in delevopment. The administrator asks for
clarification on which ports need to be open. The software vendor replies that it could use up to 20 ports
and many customers have disabled the host based firewall. After examining the system the administrator
sees several ports that are open for database and application servers that only used locally. The vendor
continues to recommend disabling the host based firewall. Which of the following is the best course of
action for the administrator to take?

A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users.
Guests can obtain their portal password at the service desk. A security consultant alerts the administrator
that the captive portal is easily bypassed, as long as one other wireless guest user is on the network.
Which of the following attacks did the security consultant use?

A company requires that all wireless communication be compliant with the Advanced encryption
standard. The current wireless infrastructure implements WEP + TKIP. Which of the following wireless
protocols should be implemented?

A security analyst, while doing a security scan using packet c capture security tools, noticed large volumes
of data images of company products being exfiltrated to foreign IP addresses. Which of the following is
the FIRST step in responding to scan results?