The sales division within a large organization purchased touch screen tablet computers for all 250
sales representatives in an effort to showcase the use of technology to its customers and increase
productivity. This includes the development of a new product tracking application that works with
the new platform. The security manager attempted to stop the deployment because the equipment
and application are non-standard and unsupported within the organization. However, upper
management decided to continue the deployment. Which of the following provides the BEST
method for evaluating the potential threats?

Based on the results of a recent audit, a company rolled out a standard computer image in an
effort to provide consistent security configurations across all computers. Which of the following
controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

Due to a new regulation, a company has to increase active monitoring of security-related events to
24 hours a day. The security staff only has three full time employees that work during normal
business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to
meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed
Security Service (MSS) to monitor events. Which of the following should the company do to
ensure that the chosen MSS meets expectations?

The company’s marketing department needs to provide more real-time interaction with its partners
and consumers and decides to move forward with a presence on multiple social networking sites
for sharing information. Which of the following minimizes the potential exposure of proprietary
information?

Company Z is merging with Company A to expand its global presence and consumer base. This
purchase includes several offices in different countries. To maintain strict internal security and
compliance requirements, all employee activity may be monitored and reviewed. Which of the
following would be the MOST likely cause for a change in this practice?

An administrator wants to virtualize the company’s web servers, application servers, and database
servers. Which of the following should be done to secure the virtual host machines? (Select TWO).

A security incident happens three times a year on a company’s web server costing the company
$1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled
to be decommissioned in five years. The cost of implementing software to prevent this incident
would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST
cost-effective manner to deal with this risk?

An administrator is assessing the potential risk impact on an accounting system and categorizes it
as follows:
Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}
Vendor Information = {(Confidentiality, Moderate), (Integrity, Low), (Availability, Low)}
Payroll Data = {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}
Which of the following is the aggregate risk impact on the accounting system?

An administrator is reviewing a recent security audit and determines that two users in finance also
have access to the human resource data. One of those users fills in for any HR employees on
vacation, the other user only works in finance. Which of the following policies is being violated by
the finance user according to the audit results?

After a security incident, an administrator revokes the SSL certificate for their web server
www.company.com. Later, users begin to inform the help desk that a few other servers are
generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com.

Which of the following is MOST likely the reason for this?