Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

A large company is preparing to merge with a smaller company. The smaller company has been very profitable,
but the smaller company’s main applications were created in-house. Which of the following actions should the
large company’s security administrator take in preparation for the merger?

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The
legacy product generates $10,000 in revenue a month. The new software product has an initial cost of
$180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue
per month and be more secure. How many years until there is a return on investment for this new package?

An administrator is tasked with securing several website domains on a web server. The administrator elects to
secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same
certificate. Which of the following would allow the administrator to secure those domains with a single issued
certificate?

A business unit of a large enterprise has outsourced the hosting and development of a new external website
which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the
following is the MOST appropriate?

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has
been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the
following would be the MOST effective at preventing the “post your comment” field from being exploited?

A company has decided to change its current business direction and refocus on core business. Consequently,
several company sub-businesses are in the process of being sold-off. A security consultant has been engaged
to advise on residual information security concerns with a de- merger. From a high-level perspective, which of
the following BEST provides the procedure that the consultant should follow?

A web developer is responsible for a simple web application that books holiday accommodations. The frontfacing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed
integer variable and is then checked to ensure that the user is in the adult age range.
Users have reported that the website is not functioning correctly. The web developer has inspected log files and
sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of
the following is the MOST likely situation that has occurred?

Customers are receiving emails containing a link to malicious software. These emails are subverting spam
filters. The email reads as follows:
Delivered-To: customer@example.com
Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)Return-Path: <IT@company.com>
Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from
<IT@company.com>)
Received: by smtpex.example.com (SMTP READY)
with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500 From: Company
<IT@Company.com>
To: “customer@example.com” <customer@example.com>
Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application
Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
www.examplesite.com
________________________________
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.
The network’s subnet is 192.168.2.0/25.
Which of the following are the MOST appropriate courses of action a security administrator could take to
eliminate this risk? (Select TWO).

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system
compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years
responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three
quotes from different companies that provide HIPS. The first quote requires a $10,000 one-time fee, annual
cost of $6 per workstation, and a 10% annual support fee based on the number of workstations. The second
quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on
the number of workstations. The third quote has no one-time fee, an annual cost of $8 per workstation, and a
15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?