A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention
is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore
saving on the amount spent investigating incidents.
Proposal:
External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the
number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which
of the following is the ROI for this proposal after three years?

ABC Corporation has introduced token-based authentication to system administrators due to the risk of
password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used.
Which of the following types of authentication mechanisms does this statement describe?

Since the implementation of IPv6 on the company network, the security administrator has been unable to
identify the users associated with certain devices utilizing IPv6 addresses, even when the devices are centrally
managed.
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether f8:1e:af:ab:10:a3
inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf
inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
Given this output, which of the following protocols is in use by the company and what can the system
administrator do to positively map users with IPv6 addresses in the future? (Select TWO).

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk
manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current
standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the
following cases should the helpdesk staff use the new procedure? (Select THREE).

A new IT company has hired a security consultant to implement a remote access system, which will enable
employees to telecommute from home using both company issued as well as personal computing devices,
including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in
transit to the company’s internally developed application GUI. Company policy prohibits employees from having
administrative rights to company issued devices. Which of the following remote access solutions has the lowest
technical complexity?

Company policy requires that all unsupported operating systems be removed from the network. The security
administrator is using a combination of network based tools to identify such systems for the purpose of
disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be
used to help the security administrator make an approximate determination of the operating system in use on
the local company network? (Select THREE).

A security administrator has noticed that an increased number of employees’ workstations are becominginfected with malware. The company deploys an enterprise antivirus system as well as a web content filter,
which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company
implements technical measures to disable external storage. Which of the following is a technical control that the
security administrator should implement next to reduce malware infection?

During an incident involving the company main database, a team of forensics experts is hired to respond to the
breach. The team is in charge of collecting forensics evidence from the company’s database server. Which of
the following is the correct order in which the forensics team should engage?

A security auditor suspects two employees of having devised a scheme to steal money from the company.
While one employee submits purchase orders for personal items, the other employee approves these purchase
orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal
activities. Which of the following should the human resource director implement to identify the employees
involved in these activities and reduce the risk of this activity occurring in the future?

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data
stored in the sensitive system according to the following matrix:
DATA TYPE CONFIDENTIALITY INTEGRITY AVAILABILITY
—————————————————————————————————————-
Financial HIGH HIGH LOW
Client name MEDIUM MEDIUM HIGH
Client address LOW MEDIUM LOW
—————————————————————————————————————–
AGGREGATE MEDIUM MEDIUM MEDIUM
The auditor is advising the company to review the aggregate score and submit it to senior management. Whichof the following should be the revised aggregate score?