A company’s security policy states that its own internally developed proprietary Internet facing
software must be resistant to web application attacks. Which of the following methods provides the
MOST protection against unauthorized access to stored database information?

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the
vendor choices down to two platforms. The integrator chosen to assist the organization with the
deployment has many clients running a mixture of the possible combinations of environments.
Which of the following is the MOST comprehensive method for evaluating the two platforms?

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL
servers, one is a corporate mail server, and one is a testing web server for a small group of
developers. The administrator is experiencing difficulty connecting to the host server during peak
network usage times. Which of the following would allow the administrator to securely connect to
and manage the host server during peak usage times?

An administrator receives a notification from legal that an investigation is being performed on
members of the finance department. As a precaution, legal has advised a legal hold on all
documents for an unspecified period of time. Which of the following policies will MOST likely be
violated? (Select TWO).

Which of the following BEST explains SAML?

The organization has an IT driver on cloud computing to improve delivery times for IT solution
provisioning. Separate to this initiative, a business case has been approved for replacing the
existing banking platform for credit card processing with a newer offering. It is the security
practitioner’s responsibility to evaluate whether the new credit card processing platform can be
hosted within a cloud environment. Which of the following BEST balances the security risk and IT
drivers for cloud computing?

The Universal Research Association has just been acquired by the Association of Medical
Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part
of the acquisition, but cannot fund labor for major software projects. Which of the following will
MOST likely result in some IT resources not being integrated?

A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All
Internet traffic passes through this appliance. Four hours after implementation the network
engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is
recommending that the new firewall be taken offline. At what point in the implementation process

should this problem have been discovered?

A company has implemented data retention policies and storage quotas in response to their legal
department’s requests and the SAN administrator’s recommendation. The retention policy states
all email data older than 90 days should be eliminated. As there are no technical controls in place,
users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of
email storage. After being presented with an e-discovery request from an opposing legal council,
the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email
spanning over two years. Which of the following should the security administrator provide to
opposing council?

A security administrator is tasked with securing a company’s headquarters and branch offices
move to unified communications. The Chief Information Officer (CIO) wants to integrate the
corporate users’ email, voice mail, telephony, presence and corporate messaging to internal
computers, mobile users, and devices. Which of the following actions would BEST meet the CIO’s
goals while providing maximum unified communications security?