An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the
following BEST represents the remaining order of volatility that the investigator should follow?

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the
outsourced systems on their own premises and will continue to directly interface with the bank’s other systems through dedicated encrypted links. Which of the
following is critical to ensure the successful management of system security concerns between the two organizations?

The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any
payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A
specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a
negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?

A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security
technologies would BEST meet their requirements? (Select TWO).

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified
by having reduced the number of incidents and therefore saving on the amount spent investigating incidents.
Proposal:
External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after
three years?

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC
counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?

Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing
IPv6 addresses, even when the devices are centrally managed.
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether f8:1e:af:ab:10:a3
inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf
inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses
in the future? (Select TWO).

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed
by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of
the following cases should the helpdesk staff use the new procedure? (Select THREE).

A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both
company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for
data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued
devices. Which of the following remote access solutions has the lowest technical complexity?

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based
tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to
help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).