1. A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric?

A) Mandatory
B) Time-based
C) Discretionary
D) Rule-based



2. A Chief Information Officer (CIO) asks the company's security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment,the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the malware protection?

A) $2,000
B) $500
C) $2,500
D) $1,000



3. A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it. The customer application's data is encrypted at rest,and the application's connection to the back office system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls. Which of the following will be the MOST efficient security control to implement to lower this risk?

A) Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.
B) Require complex passwords for authentication when accessing the contact information.
C) Restrict screen capture features on the devices when using the custom application and the contact information.
D) Restrict contact information storage dataflow so it is only shared with the customer application.



4. A corporation is concerned that,if a mobile device is lost,any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening?

A) Require biometric logins on all mobile devices
B) Initiate remote wiping on lost mobile devices
C) Use FDE and require PINs on all mobile devices
D) Use geolocation to track lost devices



5. A company has a data classification system with definitions for - Private and - Public. The company - s security policy outlines how data should be protected based on type. The company recently added the data type - Proprietary. Which of the following is the MOST likely reason the company added this data type?

A) Reduced cost
B) More searchable data
C) Better data classification
D) Expanded authority of the privacy officer