The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The
helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is
located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the
staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary
information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with
the following notes:
-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee
management application, a cloud-based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to
be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only
access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for
extensibility. It supports read- only access, kiosk automation, custom fields, and data encryption.
Which of the following departments’ request is in contrast to the favored solution?

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail
stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides
voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to
the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality
when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After
malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the
following denotes the BEST way to mitigate future malware risk?

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access
application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already
been installed on one third of the servers in the company. Which of

the following is the MOST appropriate action that the company should take to provide a more appropriate solution?

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed
to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following
security concerns does the analyst present to management?

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and
wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and
authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend
subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system
authorization has the security engineer omitted?

A security engineer is working on a large software development project. As part of the design of

the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also
documented. Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in transit and data at rest.
Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme.
Requirement 4: The system shall provide integrity for all data at rest.
Requirement 5: The system shall perform CRC checks on all files.

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and
infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs
everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication

with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following
methods of software development is this organization’s configuration management process using?

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture quickly with regard to
targeted attacks. Which of the following should the CSO conduct FIRST?

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could
compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?