The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design
must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST
supports the given requirements?

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network
that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the
following processes should be followed?

Which of the following provides the BEST risk calculation methodology?

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus
platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the
following tools can BEST meet the CISO’s requirement?

A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication
services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following
business agreements is MOST relevant to the vendors and service provider’s relationship?

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for
whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of
the following would help meet these goals by having co-workers occasionally audit another worker’s position?

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures
the organization mitigates the risk of managing separate user credentials?

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer
database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be
performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical
business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a
high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a

catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance
director to minimize financial loss?