1. An information security assessor for an organization is prepared an assessment that identified critical problems with the new employee human resource management software application. The evaluator presented the report to senior management, but nothing happened. Which of the following would be a logical next step?(Select 2answers)

A) Include specific case studies from other organizations in an updated report.
B) Include specific case studies from other organizations in an updated report.
C) Meet the two main VPs and ask for a signature on the original assessment.
D) Craft an RFP to start finding a new human resource application.
E) None


2. Log all traffic from public IP addresses of competitors.

A) Implement geo-fencing to track products.
B) Install GSM tracking each product end-to-end supply visibility.
C) None
D) Commit to geo-tag documentation for each delivery location.
E) Provide each truck with an RFID tag for location services.


3. A security services company is scoping a proposal to a client. They want a general security audit of their surroundings make for a period of two weeks and have therefore the following requirements: Requirement 1 'make sure their server infrastructure operating systems on their latest patch levels Requirement 2 Test behavior between the application and database Requirement 3 ensure that the customer data can not be exfiltrated which of the following is to provide the best solution for these requirements?

A) Conduct network analysis, dynamic code analysis, code analysis and static
B) Enter dynamic code analysis, penetration testing and implementation of a vulnerability scanner
C) Penetration Testing, performs social engineering and run a vulnerability scanner
D) Conduct network analysis, dynamic code analysis, code analysis and static
E) None


4. A project manager working for a large city government needed to plan and build a WAN, which will be required to organize official business and public access. It is also expected that the city's BHV response communications systems will be required to operate on the same network. The project manager has experience with enterprise IT projects, but feel this project has increased complexity due to the mixed business / public use and will provide the critical infrastructure. Which of the following should give the project manager free to the public, academia and the private sector to ensure the city provides the necessary care in considering all factors project prior to construction of the new WAN?

A) NDA
B) None
C) RFQ
D) RFP
E) RFI


5. An organization has a number of production-critical SCADA supervisory systems that can not follow the normal 30-day patching policy. Which of the following BEST maximizes protect these systems from malicious software?

A) Configuring the system to ensure only essential applications are running able to
B) Configure the host firewall to make sure only the necessary applications listening ports
C) Configuring a firewall with deep packet inspection which restricts the traffic systems
D) Configures a separate zone for the systems and restrict access to well-known ports
E) None