A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

• A.Baseline the risk.
• B.Remove the risk
• C.Accept the risk
• D.Transfer the risk

Comment: *

Name: *

Email: *

Verification: *

A user asks a security practitioner for recommendations on securing a home network. The user recently
purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some
of the IoT devices are wearables, and other are installed in the user's automobiles. The current home
network is configured as a single flat network behind an ISP-supplied router. The router has a single IP
address, and the router performs NAT on incoming traffic to route it to individual devices.
Which of the following security controls would address the user's privacy concerns and provide the BEST
level of security for the home network?

• A.Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the
  home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec
  protections on all network traffic.
• B.Segment the home network to separate network traffic from users and the IoT devices, ensure security
  settings on the home assistant support no or limited recording capability, and install firewall rules on the
  router to restrict traffic to the home assistant as much as possible.
• C.Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed
  from the home network. Disable the home assistant unless actively using it, and segment the network
  so each IoT device has its own segment.
• D.Install a firewall capable of cryptographically separating network traffic require strong authentication to
  access all IoT devices, and restrict network access for the home assistant based on time-of-day
  restrictions.

Comment: *

Name: *

Email: *

Verification: *

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:
* USB ports
* FTP connections
* Access to cloud-based storage sites
* Outgoing email attachments
* Saving data on the local C: drive
Despite these restrictions, highly confidential data was from a secure fileshare in the research department.
Which of the following should the security team implement FIRST?

• A.Bluetooth restriction on all laptops
• B.NIDS/NIPS on the network segment used by the research department
• C.Application whitelisting for all company-owned devices
• D.A secure VDI environment for research department employees

Comment: *

Name: *

Email: *

Verification: *

Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following:
* Secure messaging between internal users using digital signatures
* Secure sites for video-conferencing sessions
* Presence information for all office employees
* Restriction of certain types of messages to be allowed into the network.
Which of the following applications must be configured to meet the new requirements? (Choose two.)

• A.Remote desktop
• B.VoIP
• C.Remote assistance
• D.Email
• E.Instant messaging
• F.Social media websites

Comment: *

Name: *

Email: *

Verification: *

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future files?

• A.Implement a system that will tokenize patient numbers.
• B.Write a policy requiring this information to be given over the phone only.
• C.Provide a courier service to deliver sealed documents containing public health informatics.
• D.Implement a secure text-messaging application for mobile devices and workstations.
• E.Implement FTP services between clinics to transmit text documents with the information.

Comment: *

Name: *

Email: *

Verification: *