ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst?

A. Accept the risk in order to keep the system within the company's standard security configuration.

B. Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution.

C. Secure the data despite the need to use a security control or solution that is not within company standards.

D. Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration.

A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

A. Survey threat feeds from analysts inside the same industry.

B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.

C. Conduct an internal audit against industry best practices to perform a gap analysis.

D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values?

A. MOU

B. BPA

C. RA

D. SLA

E. BIA

A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?

A. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

B. The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

C. The system administrator should build a virtual machine on the administrator's desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

D. The system administrator should upload the password file to cloud storage and use on- demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

A. Loss of physical control of the servers

B. Distribution of the job to multiple data centers

C. Network transmission of cryptographic keys

D. Data scraped from the hardware platforms