A security audit identifies a number of large email messages being sent by a specific user from their company
email account to another address external to the company. These messages were sent prior to a company data
breach, which prompted the security audit. The user was one of a few people who had access to the leaked
data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during
a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief
Security Officer (CSO) to discuss ways to better protect the privacy of customer data.
Which of the following controls support this goal?

Several departments within a company have a business need to send high volumes of confidential information
to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of
confidential information?

A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?

An online store wants to protect user credentials and credit card information so that customers can store their
credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a
mobile device’s removable media in the event that the device is lost or stolen?

Customers’ credit card information was stolen from a popular video streaming company. A security consultant
determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor.
Which of the following methods should the company consider securing this data in the future?

After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is
no longer encrypted. Which of the following can a security technician implement to ensure that documents
stored on Joe’s desktop remain encrypted when moved to external media or other network based storage?

Which of the following is the BEST concept to maintain required but non-critical server availability?

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production
server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic
failure of the primary datacenter’s HVAC. Which of the following can be implemented?