A company is starting to allow employees to use their own personal without centralized
management. Employees must contract IT to have their devices configured to use corporate
email; access is also available to the corporate cloud-based services. Which of the following is the
BEST policy to implement under these circumstances?

Which of the following BEST explains Platform as a Service?

One of the senior managers at a company called the help desk to report to report a problem. The
manager could no longer access data on a laptop equipped with FDE. The manager requested
that the FDE be removed and the laptop restored from a backup. The help desk informed the
manager that the recommended solution was to decrypt the hard drive prior to reinstallation and
recovery. The senior manager did not have a copy of the private key associated with the FDE on
the laptop. Which of the following tools or techniques did the help desk use to avoid losing the
data on the laptop?

An employee in the accounting department recently received a phishing email that instructed them
to click a link in the email to view an important message from the IRS which threatened penalties if
a response was not received by the end of the business day. The employee clicked on the link and
the machine was infected with malware. Which of the following principles BEST describes why this
social engineering ploy was successful?

A security technician received notification of a remotely exploitable vulnerability affecting all
multifunction printers firmware installed throughout the organization. The vulnerability allows a
malicious user to review all the documents processed by the affected printers. Which of the
following compensating controls can the security technician to mitigate the security risk of a
sensitive document leak?

A systems administrator has made several unauthorized changes to the server cluster that
resulted in a major outage. This event has been brought to the attention of the Chief Information
Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this
type of event from reoccurring. Which of the following would be the BEST risk mitigation strategy
to implement in order to meet this request?

An incident occurred when an outside attacker was able to gain access to network resources.
During the incident response, investigation security logs indicated multiple failed login attempts for
a network administrator. Which of the following controls, if in place could have BEST prevented
this successful attack?

Joe needs to track employees who log into a confidential database and edit files. In the past,
critical files have been edited, and no one admits to making the edits. Which of the following does
Joe need to implement in order to enforce accountability?

A new mobile banking application is being developed and uses SSL / TLS certificates but
penetration tests show that it is still vulnerable to man-in-the-middle attacks, such as DNS
hijacking. Which of the following would mitigate this attack?

One month after a software developer was terminated the helpdesk started receiving calls that
several employees’ computers were being infected with malware. Upon further research, it was
determined that these employees had downloaded a shopping toolbar. It was this toolbar that
downloaded and installed the errant code. Which of the following attacks has taken place?