A critical system audit shows that the payroll system is not meeting security policy due to missing
OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current
OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as
not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to
unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.
Which of the following is the solutions architect MOST likely trying to implement?

A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation
of this approach to risk

management?

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk
manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value
calculated by the accountant?

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during
the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires
is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?

The telecommunications manager wants to improve the process for assigning company-owned mobile devices and ensuring data is properly removed when no
longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the
following should be implemented to ensure these processes can be automated? (Select THREE).

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with
international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be
implemented to help the company increase the security posture of its operations?

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might
the administrator test that the strings are indeed encrypted in memory?

Using SSL, an administrator wishes to secure public facing server farms in three subdomains:
dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the number of wildcard SSL certificates that should be
purchased?

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a
source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the
following is the administrator attempting to prevent?