Several critical servers are unresponsive after an update was installed. Other computers that have
not yet received the same update are operational, but are vulnerable to certain buffer overflow
attacks. The security administrator is required to ensure all systems have the latest updates while
minimizing any downtime.
Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly
updated and operational?

A business is currently in the process of upgrading its network infrastructure to accommodate a
personnel growth of over fifty percent within the next six months. All preliminary planning has been
completed and a risk assessment plan is being adopted to decide which security controls to put in
place throughout each phase.
Which of the following risk responses is MOST likely being considered if the business is creating
an SLA with a third party?

Which of the following must be taken into consideration for e-discovery purposes when a legal
case is first presented to a company?

A company has purchased a new system, but security personnel are spending a great deal of time
on system maintenance. A new third party vendor has been selected to maintain and manage the
company’s system. Which of the following document types would need to be created before any
work is performed?

The security administrator of a small private firm is researching and putting together a proposal to
purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but
the security administrator needs to gather various cost information for that product. Which of the
following documents would perform a cost analysis report and include information such as
payment terms?

A security administrator of a large private firm is researching and putting together a proposal to
purchase an IPS. The specific IPS type has not been selected, and the security administrator
needs to gather information from several vendors to determine a specific product. Which of the
following documents would assist in choosing a specific brand and model?

Wireless users are reporting issues with the company’s video conferencing and VoIP systems.
The security administrator notices DOS attacks on the network that are affecting the company’s
VoIP system (i.e. premature call drops and garbled call signals). The security administrator also
notices that the SIP servers are unavailable during these attacks. Which of the following security
controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).

A company has decided to use the SDLC for the creation and production of a new information
system. The security administrator is training all users on how to protect company information
while using the new system, along with being able to recognize social engineering attacks. Senior
Management must also formally approve of the system prior to it going live. In which of the
following phases would these security controls take place?

A company contracts with a third party to develop a new web application to process credit cards.
Which of the following assessments will give the company the GREATEST level of assurance for
the web application?

As part of the testing phase in the SDLC, a software developer wants to verify that an application
is properly handling user error exceptions. Which of the following is the BEST tool or process for
the developer use?