A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time.
A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00
pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The
company-issued device has a managed middleware client that restricts the applications allowed on company
devices and provides those that are approved. The middleware client provides configuration standardization for
both company owned and BYOD to secure data and communication to the device according to industry best
practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permita connection.” The company also issues a memorandum separate from the policy, which provides instructions
for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being
described?

A member of the software development team has requested advice from the security team to implement a new
secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

A company sales manager received a memo from the company’s financial department which stated that the
company would not be putting its software products through the same security testing as previous years to
reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the
marketing material and service level agreement for each product would remain unchanged. The sales manager
has reviewed the sales goals for the upcoming year and identified an increased target across the software
products that will be affected by the financial department’s change. All software products will continue to go
through new development in the coming year. Which of the following should the sales manager do to ensure
the company stays out of trouble?

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all
common web-based development frameworks are susceptible to attack. Proof-of-concept details have
emerged on the Internet. A security advisor within a company has been asked to provide recommendations on
how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor
should respond?

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder
circumvented numerous layers of physical and electronic security measures. Company leadership has asked
for a thorough review of physical security controls to prevent this from happening again. Which of the following
departments are the MOST heavily invested in rectifying the problem? (Select THREE).

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company
employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective
troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is
located within the company headquarters and 90% of the callers are telecommuters, which of the following
tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same
time reducing company costs? (Select TWO).

Executive management is asking for a new manufacturing control and workflow automation solution. This
application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following
notes:
-Human resources would like complete access to employee data stored in the application. They would like
automated data interchange with the employee management application, a cloud-based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership
questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with
additional steps or overhead. System interaction needs to be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall performance of the
product being produced. They would like read-only access to the entire workflow process for monitoring and
baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL
functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation,
custom fields, and data encryption.
Which of the following departments’ request is in contrast to the favored solution?

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the
POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. Anadditional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice
connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless.
Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times
when accessing the POS application from store computers as well as degraded voice quality when making
phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to review the
configuration and suggest changes to prevent this from happening again. Which of the following denotes the
BEST way to mitigate future malware risk?

During a recent audit of servers, a company discovered that a network administrator, who required remote
access, had deployed an unauthorized remote access application that communicated over common ports
already allowed through the firewall. A network scan showed that this remote access application had already
been installed on one third of the servers in the company. Which of the following is the MOST appropriate
action that the company should take to provide a more appropriate solution?