A systems engineer has been presented with storage performance and redundancy requirements for a
new system to be built for the company. The storage solution must be designed to support the highest
performance and must also be able to support more than one drive failure. Which of the following should
the engineer choose to meet these requirements?

In order to secure additional budget, a security manager wants to quantify the financial impact of a onetime compromise. Which of the following is MOST important to the security manager?

A company has just deployed a centralized event log storage system. Which of the following can be used
to ensure the integrity of the logs after they are collected?

Several departments in a corporation have a critical need for routinely moving data from one system to
another using removable storage devices. Senior management is concerned with data loss and the
introduction of malware on the network. Which of the following choices BEST mitigates the range of risks
associated with the continued use of removable storage devices?

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into
storage by a junior system administrator and was subsequently wiped and re-imaged. When it was
determined that the authorities would need to be involved, there was little evidence to present to the
investigators. Which of the following procedures could have been implemented to aid the authorities in
their investigation?

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the
corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his
personal laptop. When confronted, Joe indicated that he was never told that he could not view that typeof material on his personal laptop. Which of the following should the company have employees
acknowledge before allowing them to access the corporate WLAN with their personal devices?

A company has two server administrators that work overnight to apply patches to minimize disruption to
the company. With the limited working staff, a security engineer performs a risk assessment to ensure
the protection controls are in place to monitor all assets including the administrators in case of an
emergency. Which of the following should be in place?

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster.
Which of the following describes the disaster?

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in
order to leverage mobile technology without providing every user with a company owned device. She is
concerned that users may not understand the company’s rules, and she wants to limit potential legal
concerns. Which of the following is the CTO concerned with?

A security administrator discovers that an attack has been completed against a node on the corporate
network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that
have been compromised and drag and drop the appropriate actions to complete the incident response on
the network. The environment is a critical production environment; perform the LEAST disruptive actions
on the network, while still performing the appropriate incident responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the
node(s) that have been compromised and drag and drop the appropriate actions to complete the incident
response on the network. Not all actions may be used, and order is not important. If at anytime you
would like to bring back the initial state of the simulation, please select the Reset button. When you have
completed the simulation, please select the Done button to submit. Once the simulation is submitted,
please select the Next button to continue.