A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select TWO)

A. SCP

B. TFTP

C. SNMP

D. FTP

E. SMTP

F. FTPS

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)

A. Geofencing

B. Remote wipe

C. Near-field communication

D. Push notification services

E. Containerization

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted

B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance

C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files

D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again?

A. Credential management

B. Group policy management

C. Acceptable use policy

D. Account expiration policy

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually explogted?

A. Peer review

B. Component testing

C. Penetration testing

D. Vulnerability testing

Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?

A. Sustainability

B. Homogeneity

C. Resiliency

D. Configurability

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?

A. False negative

B. True negative

C. False positive

D. True positive

An organization's internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organization's ERP

system to determine how the accounts payable module has been used to make these vendor payments.

The IT security department finds the following security configuration for the accounts payable module:

New Vendor Entry ?Required Role: Accounts Payable Clerk

New Vendor Approval ?Required Role: Accounts Payable Clerk

Vendor Payment Entry ?Required Role: Accounts Payable Clerk

Vendor Payment Approval ?Required Role: Accounts Payable Manager

Which of the following changes to the security configuration of the accounts payable module would BEST mitigate the risk?

A. Option A

B. Option B

C. Option C

D. Option D

Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

A. Self-signed certificates

B. Missing patches

C. Auditing parameters

D. Inactive local accounts

An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server?

A. Snapshot

B. Full

C. Incremental

D. Differential