How should the employees request access to shared resou…
Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an
AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to
ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?
Which of the following should Ann implement to stop mod…
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third
party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on
mobile devices?
Which of the following should the security administrato…
A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users
against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the
second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and
ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).
Which of the following security measures would be MOST …
In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to
the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in
securing the enterprise under the new policy? (Select TWO).
Which of the following solutions minimizes the performa…
Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speaking with the network administrator, the security
administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Which of the following solutions minimizes
the performance impact on the router?
Which of the following is the MOST cost effective way f…
A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers
remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration?
Which of the following BEST describes the core concerns…
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security
architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of
virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative
complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?
Which of the following design specifications meet all t…
A company is deploying a new iSCSI-based SAN. The requirements are as follows:
– SAN nodes must authenticate each other.
– Shared keys must NOT be used.
– Do NOT use encryption in order to gain performance.
Which of the following design specifications meet all the requirements? (Select TWO).
which of the following scenarios should they consider?
A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the
resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios
should they consider?
Which of the following has been overlooked in securing …
An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized
intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly.
Which of the following has been overlooked in securing the system? (Select TWO).