A bank is in the process of developing a new mobile application. The mobile client renders content and
communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the
communication is stateless between the mobile application and the web services gateway. Which of the
following controls MUST be implemented to enable stateless communication?

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention
is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore
saving on the amount spent investigating incidents. Proposal: External cloud-based software as a service
subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which
of the following is the ROI for this proposal after three years?

A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the “big data” platform Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be used
for the purpose of trending, insights, and/or discovery Which of the following are the BEST security
considerations to protect data from one customer being disclosed to other customers? (Select THREE).

A company has received the contract to begin developing a new suite of software tools to replace an aging
collaboration solution. The original collaboration solution has been in place for nine years, contains over a
million lines of code, and took over two years to developoriginally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk
analysis before moving on to the next phase. Which of the following software development methods is MOST
applicable?

A company is deploying a new iSCSI-based SAN. The requirements are as follows:
SAN nodes must authenticate each other.
Shared keys must NOT be used.
Do NOT use encryption in order to gain performance. Which of the following design specifications meet all the
requirements? (Select TWO).

Two universities are making their 802.11n wireless networks available to the other university’s students. The
infrastructure will pass the student’s credentials back to the home school for authentication via the Internet. The
requirements are:
Mutual authentication of clients and authentication server The design should not limit connection speeds
Authentication must be delegated to the home school No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be
used to forward authentication requests to the home school The RADIUS servers will have certificates from a
common public certificate authority A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

A human resources manager at a software development company has been tasked with recruiting personnel
for a new cyber defense division in the company. This division will require personnel to have high technologyskills and industry certifications. Which of the following is the BEST method for this manager to gain insight into
this industry to execute the task?

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s
contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which
of the following should the ISP implement? (Select TWO).

A web services company is planning a one-time high-profile event to be hosted on the corporate website. Anoutage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has
requested that his security engineers put temporary preventive controls in place. Which of the following would
MOST appropriately address Joe’s concerns?

Which of the following describes a risk and mitigation associated with cloud data storage?