Company XYZ provides cable television service to several regional areas. They are currently installing fiber-tothe-home in many areas with hopes of also providing telephone and Internet services. The telephone and
Internet services portions of the company will each be separate subsidiaries of the parent company. The board
of directors wishes to keep the subsidiaries separate from the parent company. However all three companies
must share customer data for the purposes of accounting, billing, and customer authentication. The solution
must use open standards, and be simple and seamless for customers, while only sharing minimal data between
the companies. Which of the following solutions is BEST suited for this scenario?

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate
networks while keeping one consistent wireless client configuration. Each company wants to maintain its own
authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is
authenticated by the home office when connecting to the other companies’ wireless network. All three
companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the
following should the three companies implement?

A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had
a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance
targets. As things currently stand, we do not allow employees to work from home but this is something I am
willing to allow so we can get back on track. What should we do first to securely enable this capability for my
group?” Based on the information provided, which of the following would be the MOST appropriate response to
the CFO?

A software development manager is taking over an existing software development project. The team currently
suffers from poor communication due to a long delay between requirements documentation and feature
delivery. This gap is resulting in an above average number of security-related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?

The helpdesk department desires to roll out a remote support application for internal use on all company
computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging,
inventory management, and remote registry access. The risk management team has been asked to review
vendor responses to the RFQ. Which of the following questions is the MOST important?

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to
flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to
thwart such an attack?

A company has received the contract to begin developing a new suite of software tools to replace an aging
collaboration solution. The original collaboration solution has been in place for nine years, contains over a
million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight
primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which
of the following software development methods is MOST applicable?

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications
to a provider located in another country. Data sovereignty and privacy concerns raised by the security team
resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To
facilitate communications and improve productivity, staff at the third party has been provided with corporate
email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff
at the third party can only communicate with staff within the organization. Which of the following additional
controls should be implemented to prevent data loss? (Select THREE).

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time.
A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00
pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The
company-issued device has a managed middleware client that restricts the applications allowed on company
devices and provides those that are approved. The middleware client provides configuration standardization for
both company owned and BYOD to secure data and communication to the device according to industry best
practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permit
a connection.” The company also issues a memorandum separate from the policy, which provides instructions
for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being
described?