A system administrator has a responsibility to maintain the security of the video teleconferencing
system. During a self-audit of the video teleconferencing room, the administrator notices that
speakers and microphones are hard-wired and wireless enabled. Which of the following security
concerns should the system administrator have about the existing technology in the room?

A security engineer is a new member to a configuration board at the request of management. The
company has two new major IT projects starting this year and wants to plan security into the
application deployment. The board is primarily concerned with the applications’ compliance with
federal assessment and authorization standards. The security engineer asks for a timeline to
determine when a security assessment of both applications should occur and does not attend
subsequent configuration board meetings. If the security engineer is only going to perform a
security assessment, which of the following steps in system authorization has the security
engineer omitted? (Select TWO).

A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology
trends which a government will be moving towards in the future. This information is available to the
public. By consolidating the information, the security manager will be able to combine several
perspectives into a broader view of technology trends. This is an example of which of the
following? (Select TWO).

As a cost saving measure, a company has instructed the security engineering team to allow all
consumer devices to be able to access the network. They have asked for recommendations on
what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling
applications, and stolen devices. Which of the following is BEST suited for the requirements?

A company uses a custom Line of Business (LOB) application to facilitate all back-end
manufacturing control. Upon investigation, it has been determined that the database used by the
LOB application uses a proprietary data format. The risk management group has flagged this as a
potential weakness in the company’s operational robustness. Which of the following would be the
GREATEST concern when analyzing the manufacturing control application?

An asset manager is struggling with the best way to reduce the time required to perform asset
location activities in a large warehouse. A project manager indicated that RFID might be a valid
solution if the asset manager’s requirements were supported by current RFID capabilities. Which
of the following requirements would be MOST difficult for the asset manager to implement?

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To
begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap –O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following
ports are open on the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the

unknown node?

A security analyst is tasked to create an executive briefing, which explains the activity and
motivation of a cyber adversary. Which of the following is the MOST important content for the brief
for management personnel to understand?

A security engineer has inherited an authentication project which integrates 1024-bit PKI
certificates into the company infrastructure and now has a new requirement to integrate 2048-bit
PKI certificates so that the entire company will be interoperable with its vendors when the project
is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-
bit certificates. The provisioning of network based accounts has not occurred yet due to other
project delays. The project is now expected to be over budget and behind its original schedule.
Termination of the existing project and beginning a new project is a consideration because of the
change in scope. Which of the following is the security engineer’s MOST serious concern with
implementing this solution?

A company has migrated its data and application hosting to a cloud service provider (CSP). To
meet its future needs, the company considers an IdP. Why might the company want to select an
IdP that is separate from its CSP? (Select TWO).