1. A security engineer at a large enterprise network needs maintenance schedule within a fixed window of time. A total interruption period four hours allowed for servers. Workstations can undergo maintenance daily 20: 00-06: 00. Which of the following can be parameters for maintenance work to identify? (Choose two)(Select 2answers)

A) Managed security service
B) Network service provider
C) Memorandum of Understanding
D) Quality of service
E) Operational Level Agreement


2. A company has the contract to begin developing a new suite of software tools provided replacing the aging collaboration solution. The original collaboration solution is in place for nine years, contains more than one million lines of code, and lasted more than initially develop two years. SDLC is divided into eight primary stages, each stage providing a thorough risk analysis prior to the next stage. Which of the following software development is most appropriate?

A) incremental model
B) waterfall model
C) spiral model
D) Agile model
E) None


3. The Information Security Officer (ISO) is reviewing a summary of the findings of the latest COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine what additional controls should be implemented to reduce the risk of a wide customer base to reduce due to the VoIP system unavailable. Which of the following best describes the scenario presented and document the ISO is the revision?

A) The ISO should be adjusted audio / video system to ensure redundancy in the RFQ calculating the budget.
B) The ISO is the effect of a simulated downtime in which the telecommunications system within the AAR.
C) None
D) The ISO has the effect of any downtime of the messaging system within the RA.
E) The ISO is the evaluation of the business implications of a recent telephone system failure within the BIA.


4. A new web-based application was developed and deployed in production. A security engineer decides to use an HTTP interceptor to the testing of the application. Which of these problems would most likely be detected by this tool?

A) The instrument can determine the application where down memory leaks
B) The tool can show that input validation was not enabled on the client side
C) The tool can enumerate backend SQL database table and column names
D) The tool can force HTTP methods such as DELETE, which has denied the server
E) None


5. A company is facing sanctions for failing effectively comply with eDiscovery requests. Which of the following could reduce the overall risk to the company from this issue?

A) Establish a policy that only allows file encryption and prohibits the use of individual file encryption.
B) Allow encryption only tools that public keys using existing escrowed Corporate PKI.
C) Require each user to passwords used to encrypt files to a decentralized repository log.
D) Allow users to encrypt only individual files using their domain password and archive all the old passwords of users.
E) None