A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server
access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data
confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A
and the two are not competitors. Which of the following has MOST likely occurred?

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being
internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The
CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability,
and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the
BEST description of why this is true?

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but
also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following implementations would BEST meet
the needs?

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for
compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the
noncompliance?

Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected
PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which
of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).

The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application
servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection
software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/
JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following
controls MUST be implemented to enable stateless communication?

After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup
image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of
the following is the MOST likely cause of the problem?

A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be
introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has
decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and
arrangement and is not legally enforceable?