1. A security administrator is prompted to select a cryptographic algorithm to meet the criteria of a new application. The application uses streaming video, both of which can be viewed on computers and mobile devices. The application designers have asked that the algorithm supporting transport encryption with the lowest performance overhead. Which of the following recommendations would best meet the needs of application developers? (Choose two).(Select 2answers)

A) Use the RC4 cipher block chaining mode
B) Use AES in electronic code book mode,
C) Use AES in Counter mode
D) With AES cipher text padding
E) Use RC4 fixed IV generation
F) Use RC4 with a nonce generated IV

2. A company decides to purchase software packages available on the market. This may introduce new security risks to the network. Which of the following is the best description of why this is true?

A) Commercially available software packages are known and widely available. Information regarding vulnerabilities and viable attack patterns are always shared within the IT community.
B) Commercially available software packages are not widespread and are only available in limited areas. Information about vulnerabilities is often ignored by business managers.
C) Commercially available software packages are often widely available. Information about vulnerabilities is often held internally in the company that developed the software.
D) None
E) Commercially available software packages are usually well known and widely available. Information regarding vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits.


3. An organization has an Agile development process for front end web application development implemented. A new security architect has just joined the company and wants to integrate security into the SDLC. Which of the following activities should be empowered to ensure code quality from a security point of view? (Choose two).(Select 2answers)

A) testing for each iteration significant penetration is carried out
B) Security aboard his story and make it into the building
C) Safety standards and training is conducted as part of the project
D) Daily held stand-up meetings to be understood to ensure safety demand
E) Static and dynamic analysis is carried out as part of the integration


4. Company policy requires that all business laptops meet the following basic requirements: Software requirements: Antivirus Anti-Malware Anti-spyware Log Monitoring Full-disk encryption Terminal Services enabled RDP Administrative access for local users hardware limitations: Bluetooth disabled FireWire WiFi disabled disabled adapter Ann, a web developer, reported performance problems with her laptop and is unable to gain access to network resources. After further investigation, a bootkit was discovered and tried to access external websites. Which of the following hardening techniques should be applied to reduce this particular issue from recurring? (Choose two).(Select 2answers)

A) Remove administrative access to local users
B) Group policy to limit web access
C) Restrict VPN access for mobile users
D) Remove full-disk encryption
E) Restrict / disable USB access


5. new IT company has a security consultant with a remote system, which will enable employees to telecommute from home using both company issued and personal computing devices, including mobile hired to perform devices. The company wants a flexible system for the confidentiality and integrity of data in transit to the companyà ¬ Ys internally developed application GUI. Company policy prohibits employees from units issued with administrative privileges for company. Which of the following solutions for remote access has the lowest technical complexity?

A) Client-based VPN
B) None
C) Jump box
D) IPSec
E) RDP server