Which of the following risk strategies should be used?
A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for
several months. These risks are not high profile but still exist. Furthermore, many of these risks
have been mitigated with innovative solutions. However, at this point in time, the budget is
insufficient to deal with the risks. Which of the following risk strategies should be used?
Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procur
The firm’s CISO has been working with the Chief Procurement Officer (CPO) and the Senior
Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major
installation in the firm’s new Hong Kong office. After reviewing RFQs received from three vendors,
the CPO and the SPM have not gained any real data regarding the specifications about any of the
solutions and want that data before the procurement continues. Which of the following will the
CPO and SPM have the CISO do at this point to get back on track in this procurement process?
which of the following?
To prevent a third party from identifying a specific user as having previously accessed a service
provider through an SSO operation, SAML uses which of the following?
which of the following?
SAML entities can operate in a variety of different roles. Valid SAML roles include which of the
following?
Which of the following should the Chief Information Security Officer (CISO) recommend to BEST limit exposure?
A financial institution has decided to purchase a very expensive resource management system
and has selected the product and vendor. The vendor is experiencing some minor, but public,
legal issues. Senior management has some concerns on maintaining this system should the
vendor go out of business. Which of the following should the Chief Information Security Officer
(CISO) recommend to BEST limit exposure?
Which of the following is the BEST description of why this is true?
A company decides to purchase COTS software. This can introduce new security risks to the
network. Which of the following is the BEST description of why this is true?
Which of the following is a security concern with deploying COTS products within the network?
Which of the following is a security concern with deploying COTS products within the network?
Which of the following are concerns that the security manager should present to the CIO concerning the SOA sys
The database team has suggested deploying a SOA based system across the enterprise. The
Chief Information Officer (CIO) has decided to consult the security manager about the risk
implications for adopting this architecture. Which of the following are concerns that the security
manager should present to the CIO concerning the SOA system? (Select TWO).
How would the security manager address this problem?
The security team for Company XYZ has determined that someone from outside the organization
has obtained sensitive information about the internal organization by querying the external DNS
server of the company. The security manager is tasked with making sure this problem does not
occur in the future. How would the security manager address this problem?
which of the following phases of the Secure Software Development Lifecycle?
Unit testing for security functionality and resiliency to attack, as well as developing secure code
and exploit mitigation, occur in which of the following phases of the Secure Software Development
Lifecycle?