A network administrator wants to ensure that users do not connect any unauthorized devices to the
company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the
BEST way to accomplish this?

An administrator has concerns regarding the traveling sales team who works primarily from smart
phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the
data in case of loss or theft?

A user of the wireless network is unable to gain access to the network. The symptoms are:
1.) Unable to connect to both internal and Internet resources
2.) The wireless icon shows connectivity but has no network access
The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to
authenticate. Which of the following is the MOST likely cause of the connectivity issues?

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a
recent audit report detailing deficiencies in the organization security controls. The CFO would like to
know ways in which the organization can improve its authorization controls. Given the request by the
CFO, which of the following controls should the CISO focus on in the report? (Select Three)

A mobile device user is concerned about geographic positioning information being included in messages
sent between users on a popular social network platform. The user turns off the functionality in the
application, but wants to ensure the application cannot re-enable the setting without the knowledge of
the user. Which of the following mobile device capabilities should the user disable to achieve the stated
goal?

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data.
Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the
following is the correct order in which Joe should collect the data?

An organization has hired a penetration tester to test the security of its ten web servers. The penetration
tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated
with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following
recommendations should the penetration tester provide to the organization to better protect their web
servers in the future?

A security engineer is faced with competing requirements from the networking group and database
administrators. The database administrators would like ten application servers on the same subnet for
ease of administration, whereas the networking group would like to segment all applications from one
another. Which of the following should the security administrator do to rectify this issue?

A security analyst has been asked to perform a review of an organization’s software development
lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate
and provide critical feedback of another developer’s code. Which of the following assessment techniques
is BEST described in the analyst’s report?

An attacker wearing a building maintenance uniform approached a company’s receptionist asking for
access to a secure area. The receptionist asks for identification, a building access badge and checks the
company’s list approved maintenance personnel prior to granting physical access to the secure are. The
controls used by the receptionist are in place to prevent which of the following types of attacks?