A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used.

Which of the following would be the CISO's MOST immediate concern?

• A.Network engineers have ignored defacto standards.
• B.There are open standards in use on the network.
• C.Network engineers are not following SOPs.
• D.The network has competing standards in use.

Comment: *

Name: *

Email: *

Verification: *

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

• A.Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES-
  256.
• B.Federate with an existing PKI provider, and reject all non-signed emails
• C.Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
• D.Implement two-factor email authentication, and require users to hash all email messages upon receipt

Comment: *

Name: *

Email: *

Verification: *

During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredder, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system drives once they are disposed of?

• A.Demagnetizing the hard drive using a degausser.
• B.Deleting the UEFI boot loaders from each HDD.
• C.Overwriting all HDD blocks with an alternating series of data.
• D.Physically disabling the HDDs by removing the dive head.

Comment: *

Name: *

Email: *

Verification: *

A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year?

• A.-45 percent
• B.5.5 percent
• C.45 percent
• D.82 percent

Comment: *

Name: *

Email: *

Verification: *

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?

• A.$0
• B.$7,500
• C.$10,000
• D.$12,500
• E.$15,000

Comment: *

Name: *

Email: *

Verification: *