A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following
could reduce the overall risk to the company from this issue?

The technology steering committee is struggling with increased requirements stemming from an increase in
telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new
SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets.
Which of the following steps must the committee take FIRST to outline senior management’s directives?

A software project manager has been provided with a requirement from the customer to place limits on the
types of transactions a given user can initiate without external interaction from another user with elevated
privileges. This requirement is BEST described as an implementation of:

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the
date/time stamp of the image source appears to have changed. The desktop support director has asked the
Information Security department to determine if any changes were made to the source image. Which of the
following methods would BEST help with this process? (Select TWO).

An assessor identifies automated methods for identifying security control compliance through validating sensors
at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized
information systems?

A security officer is leading a lessons learned meeting. Which of the following should be components of that
meeting? (Select TWO).

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security
Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company
cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains
why this company should proceed with protecting its corporate network boundary?

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After
creating an image and determining the directory location of the malware file, which of the following helps to
determine when the system became infected?

The Chief Information Security Officer (CISO) at a company knows that many users store business documents
on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a
mandatory training course in which all employees are instructed on the proper use of cloud-based storage.
Which of the following risk strategies did the CISO implement?

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical
records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi
network which is isolated from the internal network with appropriate security controls. The patient records
management system can be accessed from the guest network and requires two factor authentication. Using a
remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste
and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are
of MOST concern? (Select TWO).