A network engineer wants to deploy user-based authentication across the company’s wired and wireless
infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and
authenticated and that each user’s network access be controlled based on the user’s role within the company.
Additionally, the central authentication system must support hierarchical trust and the ability to natively
authenticate mobile devices and workstations. Which of the following are needed to implement these
requirements? (Select TWO).

Company XYZ finds itself using more cloud-based business tools, and password management is becoming
onerous. Security is important to the company; as a result, password replication and shared accounts are not
acceptable. Which of the following implementations addresses the distributed login with centralized
authentication and has wide compatibility among SaaS vendors?

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related
incidents at the organization and comparing them to current industry trends. The desktop security engineer
feels that the use of USB storage devices on office computers has contributed to the frequency of security
incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user
receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations
on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST
effectively mitigate the logical risks associated with the use of USB storage devices?

The IT Security Analyst for a small organization is working on a customer’s system and identifies a possible
intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as
soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of
the potential intrusion?

An IT manager is working with a project manager from another subsidiary of the same multinational
organization. The project manager is responsible for a new software development effort that is being
outsourced overseas, while customer acceptance testing will be performed in house. Which of the following
capabilities is MOST likely to cause issues with network availability?

A finance manager says that the company needs to ensure that the new system can “replay” data, up to the
minute, for every exchange being tracked by the investment departments. The finance manager also states that
the company’s transactions need to be tracked against this data for a period of five years for compliance. How
would a security engineer BEST interpret the finance manager’s needs?

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a
BYOD and social media policy to integrate presence technology into global collaboration tools by individuals
and teams. As a result of the dispersed employees and frequent international travel, the company is concerned
about the safety of employees and their families when moving in and out of certain countries. Which of the
following could the company view as a downside of using presence technology?

A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The
company desires to provide the same level of performance and functionality to the branch office as it provides
to the main campus. The company uses Active Directory for its directory service and host configuration
management. The branch location does not have a datacenter, and the physical security posture of the building
is weak. Which of the following designs is MOST appropriate for this scenario?

A small company is developing a new Internet-facing web application. The security requirements are:
1. Users of the web application must be uniquely identified and authenticated.
2. Users of the web application will not be added to the company’s directory services.
3. Passwords must not be stored in the code.
Which of the following meets these requirements?

An educational institution would like to make computer labs available to remote students. The labs are used for
various IT networking, security, and programming courses. The requirements are:
1. Each lab must be on a separate network segment.
2. Labs must have access to the Internet, but not other lab networks.
3. Student devices must have network access, not simple access to hosts on the lab networks.
4. Students must have a private certificate installed before gaining access.
5. Servers must have a private certificate installed locally to provide assurance to the students.
6. All students must use the same VPN connection profile.
Which of the following components should be used to achieve the design in conjunction with directory services?