Which of the following business documents would MOST likely contain the required values?
The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business
applications be identified and documented. Which of the following business documents would
MOST likely contain the required values?
Which of the following ensures the organization mitigates the risk of managing separate user credentials?
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource
Management (CRM) application. Which of the following ensures the organization mitigates the risk
of managing separate user credentials?
which of the following helps to determine when the system became infected?
A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware file,
which of the following helps to determine when the system became infected?
Which of the following would help meet these goals by having co-workers occasionally audit another worker̵
After a security incident, an administrator would like to implement policies that would help reduce
fraud and the potential for collusion between employees. Which of the following would help meet
these goals by having co-workers occasionally audit another worker’s position?
Which of the following should the administrator do to prevent these issues from occurring in the future?
A security engineer at a software development company has identified several vulnerabilities in a
product late in the development cycle. This causes a huge delay for the release of the product.
Which of the following should the administrator do to prevent these issues from occurring in the
future?
Which of the following locations will BEST secure both the intranet and the customer facing website?
Company XYZ is building a new customer facing website which must access some corporate
resources. The company already has an internal facing web server and a separate server
supporting an extranet to which suppliers have access. The extranet web server is located in a
network DMZ. The internal website is hosted on a laptop on the internal corporate network. The
internal network does not restrict traffic between any internal hosts. Which of the following
locations will BEST secure both the intranet and the customer facing website?
Which of the following is the security architect trying to increase in the design?
A security architect is locked into a given cryptographic design based on the allowable software at
the company. The key length for applications is already fixed as is the cipher and algorithm in use.
The security architect advocates for the use of well-randomized keys as a mitigation to brute force
and rainbow attacks. Which of the following is the security architect trying to increase in the
design?
Which of the following mitigates this activity with the LEAST impact to existing operations?
Noticing latency issues at its connection to the Internet, a company suspects that it is being
targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound
monlist requests coming to the company’s NTP servers. Which of the following mitigates this
activity with the LEAST impact to existing operations?
Which of the following should the ISP implement?
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the
company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the
following should the ISP implement? (Select TWO).
which of the following ways?
For companies seeking to move to cloud services, variances in regulation between jurisdictions
can be addressed in which of the following ways?