Which of the following will satisfy the CISO requirements?
The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing
regiment into the security management plan specifically for the development area. The CISO’s
requirements are that testing must have a low risk of impacting system stability, can be scripted,
and is very thorough. The development team claims that this will lead to a higher degree of test
script maintenance and that it would be preferable if the testing was outsourced to a third party.
The CISO still maintains that third-party testing would not be as thorough as the third party lacks
the introspection of the development team. Which of the following will satisfy the CISO
requirements?
Which of the following are the MOST likely risk implications of the CFO’s business decision?
A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and
needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO)
has mandated that all IT and architectural functions will be outsourced and a mixture of providers
will be selected. One provider will manage the desktops for five years, another provider will
manage the network for ten years, another provider will be responsible for security for four years,
and an offshore provider will perform day to day business processing functions for two years. At
the end of each contract the incumbent may be renewed or a new provider may be selected.
Which of the following are the MOST likely risk implications of the CFO’s business decision?
Which of the following BEST addresses the security and risk team’s concerns?
A small customer focused bank with implemented least privilege principles, is concerned about the
possibility of branch staff unintentionally aiding fraud in their day to day interactions with
customers. Bank staff has been encouraged to build friendships with customers to make the
banking experience feel more personal. The security and risk team have decided that a policy
needs to be implemented across all branches to address the risk. Which of the following BEST
addresses the security and risk team’s concerns?
Which of the following BEST meets these requirements?
A hosting company provides inexpensive guest virtual machines to low-margin customers.
Customers manage their own guest virtual machines. Some customers want basic guarantees of
logical separation from other customers and it has been indicated that some customers would like
to have configuration control of this separation; whereas others want this provided as a valueadded service by the hosting company. Which of the following BEST meets these requirements?
Which of the following recommendations should the consultant provide to the security administrator?
A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in
transport mode with AH enabled and ESP disabled throughout the internal network. The company
has hired a security consultant to analyze the network infrastructure and provide a solution for
intrusion prevention. Which of the following recommendations should the consultant provide to the
security administrator?
Which of the following lines of code will result in the STRONGEST seed when combined?
A developer is coding the crypto routine of an application that will be installed on a standard
headless and diskless server connected to a NAS housed in the datacenter. The developer has
written the following six lines of code to add entropy to the routine:
1 – If VIDEO input exists, use video data for entropy
2 – If AUDIO input exists, use audio data for entropy
3 – If MOUSE input exists, use mouse data for entropy
4 – IF KEYBOARD input exists, use keyboard data for entropy
5 – IF IDE input exists, use IDE data for entropy
6 – IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
which of the following to the three submitting firms?
After three vendors submit their requested documentation, the CPO and the SPM can better
understand what each vendor does and what solutions that they can provide. But now they want to
see the intricacies of how these solutions can adequately match the requirements needed by the
firm. Upon the directive of the CPO, the CISO should submit which of the following to the three
submitting firms?
which of the following predefined formats?
The <nameID> element in SAML can be provided in which of the following predefined formats?
(Select TWO).
Which of the following are the FIRST tasks that the security team should undertake?
A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select
TWO).
Which of the following best practices should a security manager do to manage the risks of these attack vectors
New zero-day attacks are announced on a regular basis against a broad range of technology
systems. Which of the following best practices should a security manager do to manage the risks
of these attack vectors? (Select TWO).