A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution
has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight
primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is
MOST applicable?

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data

sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop
sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible
via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the
following additional controls should be implemented to prevent data loss? (Select THREE).

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for
servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select
TWO).

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client

that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for
both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must
meet the company’s infrastructure requirements to permit a connection.” The company also issues a memorandum separate from the policy, which provides
instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the
following is the NEXT step that the security team should take?

A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products
through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that
the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming
year and identified an increased target across the software products that will be affected by the financial department’s change. All software products will continue to
go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are
susceptible to attack. Proof-of- concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on
how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and
electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the
following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The
helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is
located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the
staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary
information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with
the following notes:
-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee
management application, a cloud-based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to
be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only
access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for
extensibility. It supports read- only access, kiosk automation, custom fields, and data encryption.
Which of the following departments’ request is in contrast to the favored solution?