An internal committee comprised of the facilities manager, the physical security manager, the
network administrator, and a member of the executive team has been formed to address a recent
breach at a company’s data center. It was discovered that during the breach, an HVAC specialist
had gained entry to an area that contained server farms holding sensitive financial data. Although
the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be
provided for the two entry and exit points for the server farm. Which of the following should be
implemented to accomplish the recommendations of the investigation?

During a recent audit of servers, a company discovered that a network administrator, who required
remote access, had deployed an unauthorized remote access application that communicated over
common ports already allowed through the firewall. A network scan showed that this remote
access application had already been installed on one third of the servers in the company. Which of
the following is the MOST appropriate action that the company should take to provide a more
appropriate solution?

A company wishes to purchase a new security appliance. A security administrator has extensively
researched the appliances, and after presenting security choices to the company’s management
team, they approve of the proposed solution. Which of the following documents should be
constructed to acquire the security appliance?

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The
core of the POS is an extranet site, accessible only from retail stores and the corporate office over
a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the
main office, which provides voice connectivity for store VoIP phones. Each store offers guest
wireless functionality, as well as employee wireless. Only the staff wireless network has access to
the POS VPN. Recently, stores are reporting poor response times when accessing the POS
application from store computers as well as degraded voice quality when making phone calls.
Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to

review the configuration and suggest changes to prevent this from happening again. Which of the
following denotes the BEST way to mitigate future malware risk?

Executive management is asking for a new manufacturing control and workflow automation
solution. This application will facilitate management of proprietary information and closely guarded
corporate trade secrets.
The information security team has been a part of the department meetings and come away with
the following notes:
-Human resources would like complete access to employee data stored in the application. They
would like automated data interchange with the employee management application, a cloud-based
SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with
data ownership questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be
bothered with additional steps or overhead. System interaction needs to be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall
performance of the product being produced. They would like read-only access to the entire
workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has
extensive ACL functionality, but also has readily available APIs for extensibility. It supports readonly access, kiosk automation, custom fields, and data encryption.
Which of the following departments’ request is in contrast to the favored solution?

News outlets are beginning to report on a number of retail establishments that are experiencing
payment card data breaches. The data exfiltration is enabled by malware on a compromised
computer. After the initial exploit network mapping and fingerprinting occurs in preparation for
further exploitation. Which of the following is the MOST effective solution to protect against
unrecognized malware infections, reduce detection time, and minimize any damage that might be
done?

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day
exploits. The CISO is concerned that an unrecognized threat could compromise corporate data
and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with
split staff/guest wireless functionality. Which of the following equipment MUST be deployed to
guard against unknown threats?

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to
improve the company’s security posture with regard to targeted attacks. Which of the following
should the CSO conduct FIRST?

The sales team is considering the deployment of a new CRM solution within the enterprise. The IT
and Security teams are members of the project; however, neither team has expertise or
experience with the proposed system. Which of the following activities should be performed
FIRST?

A security administrator notices a recent increase in workstations becoming compromised by
malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites,
and is not being detected by the corporate antivirus. Which of the following solutions would
provide the BEST protection for the company?