Virtual hosts with different security requirements should be:

Corporate policy states that the systems administrator should not be present during system audits.
The security policy that states this is:

When Company A and Company B merged, the network security administrator for Company A
was tasked with joining the two networks. Which of the following should be done FIRST?

A legacy system is not scheduled to be decommissioned for two years and requires the use of the
standard Telnet protocol. Which of the following should be used to mitigate the security risks of
this system?

An ISP is peering with a new provider and wishes to disclose which autonomous system numbers
should be allowed through BGP for network transport. Which of the following should contain this
information?

A wholesaler has decided to increase revenue streams by selling direct to the public through an
on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and
form part of the day to day business. The risk manager has raised two main business risks for the
initial trial:
1. IT staff has no experience with establishing and managing secure on-line credit card
processing.
2. An internal credit card processing system will expose the business to additional compliance
requirements.
Which of the following is the BEST risk mitigation strategy?

A large enterprise is expanding through the acquisition of a second corporation. Which of the
following should be undertaken FIRST before connecting the networks of the newly formed entity?

The company is considering issuing non-standard tablet computers to executive management.
Which of the following is the FIRST step the security manager should perform?

When authenticating over HTTP using SAML, which of the following is issued to the authenticating
user?

Which of the following activities could reduce the security benefits of mandatory vacations?