A security analyst has received the following requirements for the implementation of enterprise credential management software.
* The software must have traceability back to an individual
* Credentials must remain unknown to the vendor at all times
* There must be forced credential changes upon ID checkout
* Complexity requirements must be enforced.
* The software must be quickly and easily scalable with max mum availability Which of the following vendor configurations would BEST meet these requirements?

• A.Credentials encrypted in transit and then stored, hashed and salted in a vendor's cloud, where the vendor handles key management
• B.Credentials encrypted in transit and stored on an internal network server with backups that are taken on a weekly basis
• C.Credentials encrypted in transit and stored in a vendor's cloud, where the enterprise retains the keys
• D.Credentials stored, hashed, and salted on each local machine

Comment: *

Name: *

Email: *

Verification: *

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application's sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?

• A.Forcing higher-complexity passwords and frequent changes
• B.Using an SSO application that supports mutlifactor authentication
• C.Deploying Shibboleth to all web-based applications in the enterprise
• D.Enabling the web application to support LDAP integration

Comment: *

Name: *

Email: *

Verification: *

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

• A.The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
• B.The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
• C.The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
• D.The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

Comment: *

Name: *

Email: *

Verification: *

An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.

Based on the data classification table above, which of the following BEST describes the overall classification?

• A.High confidentiality, medium availability
• B.High integrity, low availability
• C.High confidentiality, high availability
• D.Low availability, low confidentiality

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO's budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls.
Which of the following should the CIO recommend to the finance director to minimize financial loss?

• A.The company should mitigate the risk.
• B.The company should transfer the risk.
• C.The company should avoid the risk.
• D.The company should accept the risk.

Comment: *

Name: *

Email: *

Verification: *