1. Customers recently reported incomplete purchase history and other irregularities access to their account history on the web server farm. After investigation established that a version mismatches of the major e-commerce applications on production servers. The development has direct access to the production servers and is probably the cause of the different versions release. Which of the following process level solutions to this problem would address?

A) Set the firewall ACL to develop direct access to the production server farm ban.
B) None
C) development methodology change from strict waterfall to agile
D) Update vulnerability management plan to address discrepancy issues.
E) Implement change control practices at the organizational level.


2. ODBC access to a database on a network requires connected host. The host does not have a security mechanism to verify the incoming ODBC connection, and the application requires that you read the link / write permissions. In order to be carried out to further secure the data, a non-standard configuration would. The information is not sensitive in the database, but was not easily accessible to the implementation of the ODBC connection. Which of the following measures should be taken by the security analyst?

A) Do not allow the connection is made to unnecessary risk and avoid deviating from the default security configuration to prevent.
B) None
C) Explain the risks to the owner of the data and help in deciding the risk versus choosing a non-standard solution to accept.
D) Put the data, despite the need for a security or a solution that is not in use of standards for the company.
E) Accept the risk of holding the system's default security configuration within the company.


3. A small business is developing a new Internet-facing web application. The safety requirements are: Users of the web application must be uniquely identified and verified. Users of the web application will not be added to the company's directory services. Passwords should not be stored in the code. Which of the following meets these requirements?

A) Using SAML federated directory services.
B) None
C) Using Kerberos and browsers that support SAML.
D) Using OpenID and allow a third party to verify users.
E) TLS with a shared client certificate for all users.


4. An educational institution might want computer labs available for remote students. The labs are used for different computer networks, security, and programming courses. The requirements are: Each laboratory should be on a separate network segment. Labs must have access to the Internet, but no other lab networks. Student devices to access the network, do not have easy access to hosts on the lab network. Students have installed its own certificate for accessing. Servers have installed its own certificate locally to provide assurance to the students. All students must use the same VPN connection profile. Which should be used for the following components to achieve the design combined with directory services?

A) PSEC VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on the network equipment,
B) None
C) Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment
D) SSL VPN for remote connectivity, directory services groups for each lab group ACLs routing equipment
E) L2TP VPN over TLS for remote connections, SAML for federated authentication, firewalls between each segment lab


5. A facility manager has seen alternating electric usage at the company measured service lines. The facility management rarely interacts with the IT department, unless new equipment is delivered. However, the facility manager thinks there is a relationship between the peak electrical usage and IT activity. Which of the following business processes and / or practices would provide better management of organizational resources with the needs of the IT department? (Choose two).(Select 2answers)

A) Facility management participation in a change control board
B) Designing a business resource monitoring
C) Purchasing software asset management software
D) Implementation of change management best practices
E) Renting a house keeper
F) The use of a radio frequency identification tagging asset management system