A large organization that builds and configures every data center against distinct requirements
loses efficiency, which results in slow response time to resolve issues. However, total uniformity
presents other problems. Which of the following presents the GREATEST risk when consolidating
to a single vendor or design solution?

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the
Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO
argues that the company cannot protect its employees at home, so the risk at work is no different.
Which of the following BEST explains why this company should proceed with protecting its
corporate network boundary?

An industry organization has implemented a system to allow trusted authentication between all of
its partners. The system consists of a web of trusted RADIUS servers communicating over the
Internet. An attacker was able to set up a malicious server and conduct a successful man-in-themiddle attack. Which of the following controls should be implemented to mitigate the attack in the
future?

An organization would like to allow employees to use their network username and password to
access a third-party service. The company is using Active Directory Federated Services for their
directory service. Which of the following should the company ensure is supported by the thirdparty? (Select TWO).

An extensible commercial software system was upgraded to the next minor release version to
patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was
detected. The software vendor is called in to troubleshoot the issue and reports that all core
components were updated properly. Which of the following has been overlooked in securing the
system? (Select TWO).

A security officer is leading a lessons learned meeting. Which of the following should be
components of that meeting? (Select TWO).

A network administrator with a company’s NSP has received a CERT alert for targeted adversarial
behavior at the company. In addition to the company’s physical security, which of the following can
the network administrator use to scan and detect the presence of a malicious actor physically
accessing the company’s network or information systems from within? (Select TWO).

An administrator’s company has recently had to reduce the number of Tier 3 help desk technicians
available to support enterprise service requests. As a result, configuration standards have
declined as administrators develop scripts to troubleshoot and fix customer issues. The
administrator has observed that several default configurations have not been fixed through applied
group policy or configured in the baseline. Which of the following are controls the administrator
should recommend to the organization’s security manager to prevent an authorized user from
conducting internal reconnaissance on the organization’s network? (Select THREE).

A mature organization with legacy information systems has incorporated numerous new processes
and dependencies to manage security as its networks and infrastructure are modernized. The
Chief Information Office has become increasingly frustrated with frequent releases, stating that the
organization needs everything to work completely, and the vendor should already have those
desires built into the software product. The vendor has been in constant communication with
personnel and groups within the organization to understand its business process and capture new

software requirements from users. Which of the following methods of software development is this
organization’s configuration management process using?

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject
Matter Expert for over 20 years. He has designed a network defense method which he says is
significantly better than prominent international standards. He has recommended that the
company use his cryptographic method. Which of the following methodologies should be adopted?