Which of the following threats is the HIGHEST risk to Company XYZ?
Company XYZ is selling its manufacturing business consisting of one plant to a competitor,
Company QRS. All of the people will become QRS employees, but will retain permissions to plantspecific information and resources for one month. To ease the transition, Company QRS also
connected the plant and employees to the Company QRS network. Which of the following threats
is the HIGHEST risk to Company XYZ?
Which of the following security solution options will BEST meet the above requirements?
Company ABC has grown yearly through mergers and acquisitions. This has led to over 200
internal custom web applications having standalone identity stores. In order to reduce costs and
improve operational efficiencies a project has been initiated to implement a centralized security
infrastructure.
The requirements are as follows:
Reduce costs
Improve efficiencies and time to market
Manageable
Accurate identity information
Standardize on authentication and authorization
Ensure a reusable model with standard integration patterns
Which of the following security solution options will BEST meet the above requirements? (Select
THREE).
Which of the following is the MOST appropriate action to take?
A bank has just outsourced the security department to a consulting firm, but retained the security
architecture group. A few months into the contract the bank discovers that the consulting firm has
sub-contracted some of the security functions to another provider. Management is pressuring the
sourcing manager to ensure adequate protections are in place to insulate the bank from legal and
service exposures. Which of the following is the MOST appropriate action to take?
which controls to implement?
Company XYZ has invested an increasing amount in security due to the changing threat
landscape. The company is going through a cost cutting exercise and the Chief Financial Officer
(CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO).
At the same time, the CISO is actively promoting business cases for additional funding to support
new initiatives. These initiatives will mitigate several security incidents that have occurred due to
ineffective controls.
A security advisor is engaged to assess the current controls framework and to provide
recommendations on whether preventative, detective, or corrective controls should be
implemented. How should the security advisor respond when explaining which controls to
implement?
Which of the following should be the primary focus of the privacy compliance training program?
There has been a recent security breach which has led to the release of sensitive customer
information. As part of improving security and reducing the disclosure of customer data, a training
company has been employed to educate staff. Which of the following should be the primary focus
of the privacy compliance training program?
Which of the following actions could a new security administrator take to further mitigate this issue?
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A
new security administrator has determined a possible cause, and the infected machines have
been quarantined. Which of the following actions could a new security administrator take to further
mitigate this issue?
Which of the following issues could be addressed through the use of technical controls specified in the new se
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a
company with low morale and numerous disgruntled employees. After reviewing the situation for
several weeks the CISO publishes a more comprehensive security policy with associated
standards. Which of the following issues could be addressed through the use of technical controls
specified in the new security policy?
Which of the following should the administrator do to resolve the problem?
A small company has recently placed a newly installed DNS server on the DMZ and wants to
secure it by allowing Internet hosts to query the DNS server. Since the company deploys an
internal DNS server, all DNS queries to that server coming from the company network should be
blocked. An IT administrator has placed the following ACL on the company firewall:
Testing shows that the DNS server in the DMZ is not working. Which of the following should the
administrator do to resolve the problem?
Which of the following processes would BEST allow for availability and access control?
An administrator would like to connect a server to a SAN. Which of the following processes would
BEST allow for availability and access control?
which of the following would provide the MOST appropriate placement of security solutions while minimizing the
A company data center provides Internet based access to email and web services.
The firewall is separated into four zones:
RED ZONE is an Internet zone
ORANGE ZONE a Web DMZ
YELLOW ZONE an email DMZ
GREEN ZONE is a management interface
There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into
the management interface to make firewall changes. The administrator would like to secure this
environment but has a limited budget. Assuming each addition is an appliance, which of the
following would provide the MOST appropriate placement of security solutions while minimizing
the expenses?