A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks
with independent control of their security boundaries to support department objectives. The corporation’s
Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does
not want to increase the hardware footprint within the datacenter. Which of the following should the ISO
consider to provide the independent functionality required by each department’s IT teams?

A network administrator notices a security intrusion on the web server. Which of the following is noticed by
http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file?

A health service provider is considering the impact of allowing doctors and nurses access to the internal email
system from their personal smartphones. The Information Security Officer (ISO) has received a technical
document from the security administrator explaining that the current email system is capable of enforcing
security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the
system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information
Security Officer be MOST concerned with based on this scenario? (Select THREE).

A business wants to start using social media to promote the corporation and to ensure that customers have a
good experience with their products. Which of the following security items should the company have in place
before implementation? (Select TWO).

Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to
reduce costs. All of the servers are running unpatched, outdated versions of Apache. Furthermore, the
corporate financial data is also hosted by the cloud services provider, but it is encrypted when not in use. Only
the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual
machines. Given this scenario, which of the following is the MOST significant risk to the system?

As part of the ongoing information security plan in a large software development company, the Chief
Information officer (CIO) has decided to review and update the company’s privacy policies and procedures to
reflect the changing business environment and business requirements. Training and awareness of the new
policies and procedures has been incorporated into the security awareness program which should be:

A University uses a card transaction system that allows students to purchase goods using their student ID.
Students can put money on their ID at terminals throughout the campus. The security administrator was notified
that computer science students have been using the network to illegally put money on their cards. The
administrator would like to attempt to reproduce what the students are doing. Which of the following is the
BEST course of action?

DRAG DROP
Drag and Drop the following information types on to the appropriate CIA category

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode
with AH enabled and ESP disabled throughout the internal network. The company has hired a security
consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the
following recommendations should the consultant provide to the security administrator?

Staff from the sales department have administrator rights to their corporate standard operating environment,
and often connect their work laptop to customer networks when onsite during
meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff
reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?