1. A company has a difficult time communicating between the security engineers, application developers, and vendors. The sales staff tends to the application to deliver on promise. The security engineers and application developers are behind. Which of the following should be done to fix this?

A) None
B) Let the sales staff to application programming and security technology to learn, so that they understand the life cycle.
C) Let the vendors to the developers and engineers shade to see how their sales impact on deliverables.
D) Let the application developers to attend a sales conference, so they understand how business is done.
E) Allow to do security engineering team for application development, so that they understand why it takes so long.


2. An organization uses the IP address block 203.0.113.0/24 on the internal network. At the border router, the network administrator rules can be set to deny packets with a source address in this subnet from entering the network and to reject packets with a destination address in this subnet from leaving the network. Which of the following is the administrator tries to avoid?

A) BGP route hijacking attacks
B) None
C) Man-in-the-middle attacks
D) IP spoofing attacks
E) Bogon IP network traffic


3. A security administrator is assessing a new application. The application uses an API which is believed to encode text strings stored in the memory. How can the administrator test the strings actually encoded in memory?

A) Run nmap attachment to the application memory
B) Use a packet analyzer to inspect the strings
C) Use an HTTP interceptor to capture the text strings
D) Start a core dump of the application
E) Use fuzzing techniques to apply inputs to investigate


4. A critical system audit shows that the payroll system security policy does not meet due to lack of OS security patches. Upon further investigation, it seems that the system is not fully recovered. The vendor claims that the system is only supported on the current operating system patch level. Which of the following compensating controls should be used to reduce the vulnerability of the missing OS patches to limit this system?

A) Monitor system security log for unauthorized access to the payroll application
B) Isolate limit system on a secure network to have contact with other systems
C) Perform reconciliation of all payroll transactions on a daily basis
D) None
E) Deploy an application layer firewall to protect the payroll system interface


5. The telecommunications manager wants the process to assign ownership of the company's mobile devices and improve ensuring data is properly removed when no longer needed. In addition, the manager wants onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following must be done to ensure that these processes can be automated? (Choose three.)(Select 3answers)

A) SIM PIN
B) identity certificate
C) chargeback system
D) Remote wipe
E) MDM software