Which of the following would BEST help to achieve these objectives?
A large financial company has a team of security-focused architects and designers that contribute
into broader IT architecture and design solutions. Concerns have been raised due to the security
contributions having varying levels of quality and consistency. It has been agreed that a more
formalized methodology is needed that can take business drivers, capabilities, baselines, and reusable patterns into account. Which of the following would BEST help to achieve these objectives?
Which of the following is the BEST course of action?
A University uses a card transaction system that allows students to purchase goods using their
student ID. Students can put money on their ID at terminals throughout the campus. The security
administrator was notified that computer science students have been using the network to illegally
put money on their cards. The administrator would like to attempt to reproduce what the students
are doing. Which of the following is the BEST course of action?
Which of the following is MOST likely the cause of the alerts?
At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed
read/write access to the backend database of a financial company. At 10:45 a.m. the security
administrator received multiple alerts from the company’s statistical anomaly-based IDS about a
company database administrator performing unusual transactions. At 10:55 a.m. the security
administrator resets the database administrator’s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual
transactions from the same user. Which of the following is MOST likely the cause of the alerts?
Which of the following NEXT steps should be implemented to address the security impacts this product may cause
Company A is purchasing Company B. Company A uses a change management system for all IT
processes while Company B does not have one in place. Company B’s IT staff needs to purchase
a third party product to enhance production. Which of the following NEXT steps should be
implemented to address the security impacts this product may cause?
which the marketing department sent?
The marketing department at Company A regularly sends out emails signed by the company’s
Chief Executive Officer (CEO) with announcements about the company. The CEO sends company
and personal emails from a different email account. During legal proceedings against the
company, the Chief Information Officer (CIO) must prove which emails came from the CEO and
which came from the marketing department. The email server allows emails to be digitally signed
and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their
password with anyone. Which of the following will allow the CIO to state which emails the CEO
sent and which the marketing department sent?
Which of the following BEST describes the rationale behind this architecture?
A security administrator must implement a SCADA style network overlay to ensure secure remote
management of all network management and infrastructure devices. Which of the following BEST
describes the rationale behind this architecture?
Which of the following should be done to address this issue for the future?
A helpdesk manager at a financial company has received multiple reports from employees and
customers that their phone calls sound metallic on the voice system. The helpdesk has been using
VoIP lines encrypted from the handset to the PBX for several years. Which of the following should
be done to address this issue for the future?
Which of the following provides the HIGHEST level of security for an integrated network providing services to
Which of the following provides the HIGHEST level of security for an integrated network providing
services to authenticated corporate users?
Which of the following should the director require from the developers before agreeing to deploy the system?
A newly-appointed risk management director for the IT department at Company XYZ, a major
pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the
developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and
well-written report from the independent contractor who performed a security assessment of the
system. The report details what seem to be a manageable volume of infrequently exploited
security vulnerabilities. The director decides to implement continuous monitoring and other
security controls to mitigate the impact of the vulnerabilities. Which of the following should the
director require from the developers before agreeing to deploy the system?
which of the following is the MOST significant risk to the system?
Company XYZ has transferred all of the corporate servers, including web servers, to a cloud
hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of
Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider,
but it is encrypted when not in use. Only the DNS server is configured to audit user and
administrator actions and logging is disabled on the other virtual machines. Given this scenario,
which of the following is the MOST significant risk to the system?