An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory
Federated Services for their directory service. Which of the following should the company ensure is supported by the third- party? (Select TWO).

The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy

system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is
documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of
this system?

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the
domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the
following controls has likely been implemented by the developers?

A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
– Customers to upload their log files to the “big data” platform
– Customers to perform remote log search
– Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or
discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).

Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s
policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s
financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption,
while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing
telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board
of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of
accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal
data between the companies. Which of the following solutions is BEST suited for this scenario?

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate networks while keeping one consistent wireless client
configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies
is authenticated by the home office when connecting to the other companies’ wireless network. All three companies have agreed to standardize on 802.1x EAPPEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am
having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?”
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay
between requirements documentation and feature delivery. This gap is resulting in an above average number of security- related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?