As a security practitioner, you must ensure that the appropriate security controls are deployed in the correct locations on the network. You have been asked to create both a physical network diagram and a logical network diagram for future reference. You will also need to give a copy of these diagrams to other members of the IT department, including the network administrator. Which of the following is part of the logical network diagram ONLY?

When developing a security management program, which development will be the result of following a life cycle structure?

Your company wants to implement a cloud storage solution for files. Management has requested that you research cloud storage. All of the following are security risks associated with cloud computing, EXCEPT:

Which statements regarding system security policy are correct? (Choose all that apply.)

Your company has decided to deploy security templates to ensure that all computers on your network are secure. Which areas should be covered by the security templates? (Choose all that apply.)

You are implementing enterprise access management for your company. You need to ensure that the system you implement allows you to configure a trust with another company such that your users can access the other company's network without logging in again. What should you implement to ensure that this trust can be configured?

You have recently implemented several new security policies. As part of these policies, two-man controls were implemented to provide added security. Which statement best describes a two-man control?

As part of a new security initiative, your organization has decided that all employees must undergo security awareness training. What is the aim of this training?

For security reasons, management has decided that all e-mail communication must use digital signatures. You must implement a solution that provides digital signatures for e-mail. What should you do?

Your organization has purchased a new security device. You have determined that the MTBF is six months and the tv1TTR is one day. The cost for each failure is estimated to be $5.000. The vendor has offered your organization a three-year maintenance plan for $7,500 per year. You could also purchase another identical device to act as backup for $20.000. Another option is to hire a security practitioner that will be tasked with maintaining the security devices on the network for an annual salary of $45,000. You must protect your organization against the risk of failure in the most cost-efficient manner as possible. What should you do?

As the security administrator for your organization, you are responsible for ensuring that the organization's enterprise is protected. Recently, your organization has adopted a new mobile device policy. As part of this policy, all employees will be issued mobile phones and tablets. Employees will be able to use these devices from any location. However, you are concerned that these devices can be lost or stolen. You need to deploy an appropriate security control for this problem. What should you deploy?

Your organization needs to deploy a new Gigabit network segment for the research department. Senior management has requested that network collisions on the new segment be prevented. The research department manager has requested that the full network bandwidth be available for each connection. When a device on the segment fails, you need to ensure that the other devices are able to operate normally. What should you do?

Recently, your organization's network was attacked when a hacker used promiscuous mode for data analysis. Which type of attacked occurred?

Management has notified you that the mean time to repair (MTTR) for a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?

You have discovered that 25% of your organization's computers have been attacked. As a result, these computers were used as part of a distributed denial of service (DDoS) attack. To what classification or area do the compromised computers belong?

Your company has recently acquired a competitor. As part of the acquisition, management has asked you to develop a plan to merge the two networks. Management wants you to ensure that confidential information is protected during the merge. You need to ensure that the company has taken reasonable measures to protect its confidential information and employees. What are you providing?

Your organization has implemented Web Services Security (WS-Security) in all its Web applications. What is NOT provided with this Simple Object Access Protocol (SOAP) extension?

You need to identify authorized users involved in unauthorized activities. Which control is best used?

You are creating a document that solicitis information about a product that your company may need to buy. Which document are you creating?

The CEO of a large organization wants to streamline security operations by limiting the number of security devices on the network. The CEO heard about endpoint detection and response software and thinks that it can replace a number of existing security products. He tells the CISO what he wants to do. What should the CISO tell the CEO?

Your company is considering using IPv6 instead of IPv4. Which improvements does IPv6 provide over IPv4? (Choose two.)

You have been hired as a security practitioner. The company specifically wants you to develop the enterprisea:Tms security architecture (ESA). What are the three components that make up ESA? (Choose three.)

You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)

Your company network has been breached. During the breach, the attacker removes incriminating data from your company's audit logs to prevent prosecution. What is this process called?

You have been hired as a security consultant for a large organization. During a physical examination of the 10-floor building, you discover several possible security issues. Which conditions are security concerns? (Choose all that apply.)

You have recently been hired by a new company to help design their network infrastructure. As part of your job duties, you need to create administrative, physical, and technical controls for the company. Which controls are you currently creating?

Which of the following would require an organization to complete the risk management process prior to its deployment?

You are researching the emerging threat sources that threaten today's organizations. As part of this research. you have been reading about ethical hackers that are hired by organizations to help increase the security of the organization's network. Which term is used for this type of hackers?

29. Your organization wants to implement a directory services solution that uses the same data format as the X.500 directory services. What should you implement?

While developing a new system, the IT department considers the system's security requirements, such as encryption. Which phase of the system development life cycle is occurring?