The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?

A. A corporate policy to prevent sensitive information from residing on a mobile device and anti-virus software.

B. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device.

C. Encryption of the non-volatile memory and a password or PIN to access the device.

D. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.

Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

A. Data ownership on all files

B. Data size on physical disks

C. Data retention policies on only file servers

D. Data recovery and storage

There have been some failures of the company's internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month's performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A. 92.24 percent

B. 98.06 percent

C. 98.34 percent

D. 99.72 percent

A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?

A. The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.

B. The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.

C. The SOAP protocol can be easily tampered with, even though the header is encrypted.

D. The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

A. Configure a firewall with deep packet inspection that restricts traffic to the systems

B. Configure a separate zone for the systems and restrict access to known ports

C. Configure the systems to ensure only necessary applications are able to run

D. Configure the host firewall to ensure only the necessary applications have listening ports