1. Which of the following is a graphical desktop sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer?

A) RCP
B) NAC
C) RDP
D) VNC



2. Your organization has recently undergone major restructuring. During this time, a new chief security officer (CSO) was hired. He has asked you to make recommendations for the implementation of organizational security policies. Which of the following should you not recommend?

A) All personnel are required to use their vacation time.
B) All high-level transactions should require a minimum of twopersonnel to complete.
C) All personnel should be cross-trained and should rotate tomultiple positions throughout the year.
D) The principle of least privilege should be implemented onlyfor all high-level positions.



3. Which of the following is not a part of hardening an OS?

A) Unrequired ports should be opene
B) Unnecessary applications should be remove
C) Unnecessary services should be disable
D) External storage devices and media should be tightlycontrolle



4. Which document requires that a vendor reply with a formal bid proposal?

A) agreement
B) RFQ
C) RFP
D) RFI



5. Your organization wants to deploy a new security control on its network. However, management has requested that you provide information on whether the security control will add value to the organization after its deployment. What should you do to provide this information to management?

A) Deploy the security control and collect the appropriatemetrics for reporting to management.
B) Perform a cost/benefit analysis for the new security control.
C) Deploy the security control and create baselines for reportingto management.
D) Prototype the new solution in a lab environment and providethe prototype results to management.