Free Practice Exam 3

Using a VPN over the internet (D) is the best approach for allowing secure access to internal resources from any location. The VPN creates a secure tunnel through the public internet, ensuring data integrity and confidentiality. The internet (A) alone does not provide the necessary security. An intranet (B) is an internal network and does not support remote access. An extranet (C) is for secure, controlled access by external partners, not for internal employees accessing the network remotely.

Code signing (B) is a technique used to ensure the integrity and authenticity of software applications by digitally signing them. This helps verify that the code has not been altered since it was signed by the trusted author, providing a layer of security against tampering. Antivirus software (A) is primarily used to detect and remove malicious software but does not verify the authenticity of software. An Intrusion Detection System (IDS) (C) monitors network traffic for suspicious activity but does not directly relate to verifying software integrity. A firewall (D) controls incoming and outgoing network traffic based on security rules, and it does not authenticate software applications.

Reviewing and tuning HIPS rule sets (D) helps to refine the system's detection capabilities, reducing false positives while maintaining security. Disabling features (A) compromises security by potentially allowing threats. Adjusting sensitivity levels (B) can be part of tuning but alone might reduce overall effectiveness. Removing HIPS (C) entirely in favor of antivirus reduces layered security and is not advisable.

The correct answer is B, Roles can be quickly updated to reflect changes in job functions, because Role-Based Access Control (RBAC) allows for rapid adjustment of access rights by simply changing the permissions associated with roles, which is beneficial in dynamic organizational environments. Option A, Users can individually set permissions for their resources, is incorrect as it describes Discretionary Access Control (DAC). Option C, Access is based on the security classification of data, is incorrect because it describes Mandatory Access Control (MAC). Option D, Access permissions are defined by multiple user attributes, is incorrect as it pertains to Attribute-Based Access Control (ABAC), not the role-based system.

A data loss prevention (DLP) system functions as a preventive control (B) by blocking the transfer of sensitive information outside the organization, thus preventing data leakage. A deterrent control (A) would discourage data transfer attempts but not block them. A detective control (C) would monitor and identify potential data leaks, but a DLP system actively prevents them. A compensating control (D) offers alternative methods to achieve security objectives when other measures are lacking, but a DLP system directly prevents data leaks by enforcing policies that block unauthorized transfers.

Hashing each log entry individually ensures that any change to a single entry can be detected (D). Hashing the concatenated entries periodically provides an additional layer of integrity checking, helping to identify if any entries have been tampered with after the fact. Using the same hash algorithm with a static salt for all logs (A) does not provide individual entry integrity and a static salt can be vulnerable. Using different hash algorithms for each log file (B) is not necessary and does not add significant security benefits. Appending a timestamp to each log and hashing periodically (C) ensures integrity over time but does not provide granular detection of changes at the individual entry level.

The correct answer is C, Mandatory Access Control (MAC), because MAC enforces access control policies based on security classifications that cannot be altered by individual users. This ensures that only users with the appropriate clearance can access classified documents, and users do not have the ability to change these access permissions. Option A, Discretionary Access Control (DAC), is incorrect as it allows users to control access to their own data, which could lead to security policy violations. Option B, Role-Based Access Control (RBAC), is incorrect because it assigns access based on user roles, which is not as rigid or secure as MAC for handling classified information. Option D, Rule-Based Access Control, is incorrect as it is more flexible and can be used to implement various policies but does not inherently provide the strict classification control required by MAC.

The correct answer is C, Rule-Based Access Control, because Rule-Based Access Control allows the university to set rules that restrict access to online library resources based on conditions such as user status (student or staff), specific hours, and authorized IP addresses, ensuring controlled and secure access. Option A, Attribute-Based Access Control (ABAC), is incorrect as it involves a broader use of attributes and is more complex than necessary for this specific requirement. Option B, Role-Based Access Control (RBAC), is incorrect because it grants access based on roles, which does not provide the required control over access conditions like time and IP address. Option D, Discretionary Access Control (DAC), is incorrect because it allows users to control access permissions, which does not allow for automated, rule-based restrictions.

Using a public key infrastructure (PKI) for digital signatures ensures non-repudiation of a contract signed electronically by providing a reliable method to verify the signer’s identity and the authenticity of the document. Storing the contract on a secure server (A) ensures its security but does not provide proof of signing. Sending a copy of the contract via secure email (C) ensures secure transmission but not non-repudiation. Requiring a witness (D) adds a layer of verification but is not as reliable or practical as digital signatures for electronic documents.

A transitive trust (C) is the correct option because it automatically extends the trust relationship between domains. In this scenario, if Domain A trusts Domain B and Domain B trusts Domain C, a transitive trust would mean that Domain A automatically trusts Domain C. One-way trust (A) and two-way trust (B) do not inherently extend trust relationships to other domains and would require manual configuration for each trust relationship. Zero trust (D) is irrelevant here as it refers to a security principle that does not rely on trust relationships between domains.

Validating the integrity of all system components (B) is crucial to ensure that no malicious code or vulnerabilities remain before systems are brought back into operation. Reinstalling operating systems (A) is an extreme measure and typically unnecessary unless the systems are heavily compromised. Notifying regulatory bodies (C) is part of incident response and compliance but not directly related to system recovery. Reconnecting network segments (D) should only be done after ensuring system integrity.

Temporarily disabling the user account and investigating further (A) is the best course of action to prevent potential unauthorized access while determining the cause of the failed login attempts. This prevents the attacker from succeeding if they obtain the correct credentials. Resetting the user's password and notifying the user (B) might be necessary eventually but doesn't immediately stop the potential threat. Logging the event and continuing to monitor for further activity (C) might delay immediate action needed to secure the account. Blocking the IP addresses associated with the failed attempts (D) might help, but if the attempts come from multiple sources, it is not a comprehensive solution.

Enforcing file integrity monitoring (FIM) is the most effective control for preventing unauthorized modifications to critical configuration files. FIM solutions monitor files for changes and alert administrators when modifications occur, helping to ensure the integrity of important files. While multifactor authentication (A) enhances security by requiring additional verification for access, it does not directly prevent unauthorized modifications to files. Regular security awareness training (C) is important but does not provide a technical solution to monitor file changes. Firewalls (D) help to block unauthorized access but do not protect against changes made by authorized users or intruders who bypass the firewall.

Implementing secure boot and firmware integrity checks (B) ensures that IoT devices boot with verified software and are protected from tampering and unauthorized access. Using default administrative credentials (A) is a significant security risk as they are commonly known and easily exploited. Connecting devices to public Wi-Fi networks (C) exposes them to potential attacks and unauthorized access. Disabling security features (D) compromises the security of the devices and increases vulnerability.

Using a configuration management tool to automate deployment (B) ensures that the application is deployed consistently and securely across all servers. This approach minimizes human error and ensures compliance with security policies. Randomly checking servers (A) and manually configuring each server (C) can lead to inconsistencies. Installing on a test server and replicating manually (D) does not guarantee uniformity across all servers.

Using specialized rootkit removal tools (A) is critical for detecting and eliminating rootkits, as they are often designed to hide from standard security measures. Disconnecting systems (B) is part of containment but does not eradicate the rootkit. Reformatting systems (C) is a more drastic measure and can be disruptive, although it may be necessary in severe cases. Notifying users (D) is part of communication but does not address eradication.

Implementing storage encryption with individual keys for each virtual machine (A) ensures that only authorized virtual machines can decrypt and access their specific data, thereby enforcing data confidentiality and preventing data leaks. Regularly defragmenting the shared storage (B) is related to performance, not confidentiality. Disabling shared storage access for non-administrative users (C) can prevent general access but does not specifically address the confidentiality of stored data. Keeping snapshots on shared storage (D) without additional security measures does not prevent data leaks.

Sealing the evidence in a tamper-evident bag and documenting the transfer (D) ensures that any tampering attempts are immediately noticeable, and the chain of custody is maintained. Using a standard courier service (A) may not provide sufficient security for sensitive evidence. Hand-carrying the evidence (B) can be secure but does not provide documentation or tamper evidence. Encrypting and sending electronically (C) is not suitable for physical evidence and does not maintain physical chain of custody. Therefore, sealing and documenting (D) is the most appropriate method.

The most appropriate solution for a frequently traveling sales team requiring secure and full access to internal applications is a client-to-site VPN. This allows individual remote users to securely connect to the corporate network and access internal resources as if they were on-site. Option A, a site-to-site VPN, connects different office networks and is not suitable for individual remote users. Option B, thin client access, would require a persistent connection to a server, which may not be feasible for traveling employees who need access to a wide range of applications. Option D, Secure Shell (SSH), is primarily used for secure command-line access to servers and does not provide comprehensive access to internal applications. Therefore, a client-to-site VPN is the ideal solution.

TPM enhances system integrity by securely storing and managing cryptographic keys (B) that are used for integrity checks, ensuring that the system has not been tampered with. Enforcing password policies (A), controlling access to external devices (C), and monitoring system files (D) are related to broader security policies and tools, not specifically to the role of TPM.

Data analytics contributes to identifying unusual activities by using historical data to identify patterns and anomalies (B). By analyzing past network traffic, the system can establish what is considered normal and detect deviations such as large file transfers outside the organization. Data encryption (A) secures data but does not analyze network traffic for anomalies. Blocking all external connections (C) would prevent data loss but is not a method of analyzing activities. Installing security patches (D) addresses vulnerabilities but does not involve analyzing network traffic.

Identifying and isolating infected systems (C) is critical for containment as it prevents the ransomware from spreading to other parts of the network. Disabling external connections (A) can help but may disrupt legitimate operations. Informing stakeholders (B) and initiating data recovery (D) are important steps but follow containment to ensure the threat is controlled.

During the initiation phase of hardware asset management, defining asset classification criteria (B) is essential to categorize assets based on their importance, sensitivity, and usage. This foundational step informs subsequent processes, such as audits (A), which are typically part of the maintenance phase. Asset retirement procedures (C) come into play much later in the asset lifecycle, during the disposal phase. Implementing access control mechanisms (D) is also critical but is more relevant during the deployment or maintenance phases.

The correct answer is B. Verifying Sarah's key fingerprint in person or through a secure channel ensures that John can trust the key's authenticity. Directly signing Sarah's key (A) without verification is not advisable, as it skips the necessary step of ensuring the key's authenticity. The key's metadata (C) does not provide sufficient information to determine trustworthiness. Assuming the key is trustworthy if signed by at least three colleagues (D) is risky, as John should personally verify the key to prevent potential security issues. Verifying the fingerprint directly with Sarah or through a trusted method ensures that the key truly belongs to her.

HTTP traffic operates at the Application layer (D), so configuring the firewall to inspect and block traffic at this layer would be the most effective. The Physical layer (A) deals with the actual hardware transmission and cannot block specific types of traffic. The Data link layer (B) handles node-to-node data transfers and is not specific to types of application traffic. The Transport layer (C) manages the transmission of data packets between hosts but does not handle specific application protocols like HTTP.

Rolling back the updates (A) allows the analyst to determine if the updates are causing the issues. Continuing to monitor (B) without action could prolong the problem. Notifying the vendor (C) is important but secondary to mitigating the immediate impact. Updating to the latest version (D) might introduce new issues without resolving the current ones.

The best practice is to provide a detailed timeline of events and suggest immediate countermeasures (A) to offer a clear, actionable report for the security manager. Summarizing with general observations (B) might be too vague for effective action. Including speculative causes (C) without evidence could mislead decision-making. A high-level overview (D) should be clear but also include necessary technical details for a comprehensive understanding.

The correct answer is A. Single sign-on (SSO) allows users to authenticate once and gain access to multiple applications without needing to log in separately for each, simplifying the user experience while maintaining security (A). Privileged access management (B) focuses on controlling and monitoring access to critical resources but does not simplify user authentication across applications. Access control lists (C) specify permissions for individual users or groups but do not streamline the authentication process. Biometric authentication (D) enhances security by verifying identity using unique physical characteristics but does not address single sign-on functionality.

A Hybrid network (C) is most appropriate for a medium-sized company looking to balance centralized resource management with direct peer-to-peer file sharing. This model combines the centralized control of client-server networks with the flexibility of peer-to-peer communication. A Peer-to-peer (P2P) (A) network alone lacks centralized management. The Client-server (B) model does not support direct peer-to-peer file sharing. A Distributed network (D) emphasizes resource distribution across multiple locations but does not specifically address the combination of centralized control and peer-to-peer sharing.

The private key in asymmetric encryption is primarily used for generating digital signatures, which are used to verify the authenticity and integrity of a document (B). Encrypting a large file (A) is typically done using symmetric encryption for efficiency. While asymmetric encryption can be used to encrypt session keys (C), the private key’s role in this context is decryption. Creating a backup of encrypted data (D) does not specifically involve the private key’s function for generating digital signatures.

By stopping the use of outdated software and switching to a more secure version, the company is employing risk avoidance (C), as they are eliminating the risk entirely. Risk transfer (A) would involve shifting the risk to another entity, and risk acceptance (B) would mean acknowledging the risk without taking action. Risk mitigation (D) involves reducing the risk’s impact rather than eliminating it.

Digital signatures with a certificate authority provide the best assurance for non-repudiation by allowing the verification of the signer's identity and the integrity of the contract through a trusted third party (B). Using HMAC with a shared key (A) provides authentication and integrity but not non-repudiation, as shared keys can be exchanged. Encrypting contracts with a symmetric key (C) secures the data but does not link the action to a specific individual. Storing contracts in a blockchain ledger (D) can provide an immutable record, but it does not inherently provide non-repudiation of the individual action without additional authentication mechanisms.

Reviewing the details of the recent phishing attack and identifying red flags (A) provides a concrete example that employees can relate to, helping them understand specific signs of phishing. A general meeting on best practices (B) may cover too broad a range of topics to be effective. Distributing a checklist (C) is helpful but may not engage employees as effectively as discussing a real incident. Reminding employees to change passwords (D) is good practice but does not address the specific need to identify phishing emails.

The scenario describes a situation where the attacker leaves a tempting item, like a USB drive labeled "Employee Salary Data," to lure the victim into taking action that leads to system compromise. This is known as baiting (B), where the attacker offers something enticing to tempt the victim into a trap. Phishing (A) involves sending fraudulent emails to trick users into revealing personal information, which is not applicable here. Impersonation (C) involves pretending to be someone else to deceive the victim, which is not the case in this scenario. Spear phishing (D) is a targeted form of phishing and does not involve physical bait like a USB drive.

Digital signatures (D) are the appropriate cryptographic tool for verifying that a received financial report is from a trusted source (authenticity) and has not been altered (integrity). They provide a means to confirm both the origin and the unchanged nature of the report. Symmetric key encryption (A) focuses on data confidentiality and does not provide integrity or authenticity. Data masking (B) hides data content but does not verify authenticity or integrity. Hash functions (C) can ensure data integrity by generating a hash value but do not verify the authenticity of the source.

Archiving data on a cloud platform with multi-region replication (C) is the most secure and reliable approach for ensuring long-term data integrity, as it provides redundancy, geographic diversity, and protection against data loss due to regional failures. Using tape backups stored offsite (A) provides a secure long-term solution but may have limitations in data accessibility and reliability over time. Storing data on a high-reliability NAS with RAID (B) offers local protection but lacks geographic redundancy. Keeping data on encrypted external SSDs (D) ensures security but is less reliable for long-term data integrity compared to cloud-based solutions with built-in redundancy.

Inline placement at the perimeter gateway (A) ensures that all incoming and outgoing traffic is inspected in real-time, providing immediate threat response. Passive placement (B) only detects threats without prevention. Virtual deployment (C) might not cover all physical traffic. Inline placement between web and database servers (D) could introduce latency in critical internal communications.

The provider’s data encryption standards (C) are critical to ensure that sensitive data is protected during transit and at rest, which is essential for maintaining data security. The provider’s geographical location (A) may affect legal and compliance considerations but is not directly related to security. The cost of the service (B) is important for budget considerations but does not guarantee security. The speed of data access (D) affects performance but does not ensure the security of the data.

The healthcare organization should require a Business Associate Agreement (BAA) (B) from the cloud provider to ensure compliance with healthcare regulations, such as HIPAA in the United States. The BAA outlines the provider’s responsibilities for safeguarding patient data and ensuring regulatory compliance. Data Encryption Policy (A) is important for protecting data but does not address regulatory compliance directly. The Service Level Agreement (SLA) (C) covers performance and service standards but may not include specific regulatory requirements. Data Backup Policy (D) details backup procedures but does not ensure regulatory compliance for patient data.

ISO/IEC 27005 (B) is a globally recognized framework that provides comprehensive guidelines for information security risk management within the context of an organization's overall information security management system (ISMS). COBIT (A) focuses on IT governance rather than risk management specifically. PCI DSS (C) is a standard for securing cardholder data, not a general risk management framework. FISMA (D) applies to federal agencies in the United States and does not offer a global approach.

Assessing compatibility with existing security policies (B) should be prioritized in the security impact analysis to ensure that the upgrade does not introduce new vulnerabilities. This step helps confirm that the new operating system's security features align with the organization's security standards and policies. Evaluating the cost (A) and reviewing user interface changes (C) are important but not directly related to security impact. Analyzing potential performance degradation (D) is relevant but secondary to security policy compatibility.

Under the IaaS model, the company’s primary responsibility is Managing Data Encryption and Access Policies (B), ensuring that their data is encrypted, access policies are properly implemented, and compliance with data protection regulations is maintained. The cloud provider secures the network (A), ensures physical security of data centers (C), and maintains the virtualization platform (D). The company must focus on securing their data and managing how it is accessed and protected within the cloud environment.

Blocking the IP address (B) helps to immediately stop the brute-force attempts from continuing. Initiating an account lockout (A) might disrupt legitimate users. Notifying affected users (C) is important but secondary to stopping the attack. Increasing password complexity (D) is a long-term measure that does not address the immediate threat.

The correct answer is B. Assigning the employee to a financial analyst role with specific access rights ensures they are granted appropriate entitlements, providing them with access to the necessary financial systems and data based on their job role (B). Provisioning the employee’s email account (A) is part of the onboarding process but does not involve entitlements related to job roles. Requiring the employee to sign a non-disclosure agreement (C) is important for confidentiality but not for granting access rights. Setting up a regular password expiration policy (D) enhances security but does not address entitlements based on roles.

Implementing real-time tracking of asset movements (B) is the most effective way to ensure all assets are accounted for during the implementation of a hardware asset tracking system. It provides up-to-date information on asset locations and status, reducing the risk of loss or misplacement. Conducting initial data entry using historical records (A) helps establish a baseline but may not be accurate or current. Assigning asset management responsibilities (C) improves accountability but does not ensure real-time tracking. Performing periodic manual reconciliation (D) is necessary for verification but is labor-intensive and less efficient than real-time tracking.

Regulatory requirements (A) are crucial in setting risk tolerance for a healthcare organization, as compliance with laws and regulations regarding patient data is mandatory. Competitors’ strategies (B) do not directly influence risk tolerance. Current security technologies (C) and historical security incidents (D) are factors in assessing risk but not primary considerations in defining risk tolerance.

Patching (D) is the process of updating software to fix known vulnerabilities. By keeping software up-to-date, the company can prevent exploitation of these vulnerabilities, thereby protecting against future attacks. User awareness training (A) is important but does not directly address software vulnerabilities. Data Loss Prevention (DLP) (B) focuses on preventing data leaks rather than securing software. System hardening (C) involves securing systems by reducing their vulnerability surface, but patching specifically addresses known vulnerabilities and is the most relevant countermeasure for this scenario.

High availability (HA) clustering for critical virtual machines (A) ensures that if one node fails, another can immediately take over, maintaining the availability of critical applications. This solution minimizes downtime and provides continuous service. Manual failover procedures (B) are slower and prone to error. Regular manual backups (C) are important for data recovery but do not ensure continuous application availability. Low-cost cloud storage (D) is useful for backup but does not address real-time availability needs.

The correct answer is C. The priority during a disaster that affects critical systems is to ensure the continuity of essential business functions, which involves activating the alternative data center and rerouting processes to maintain operations. Initiating data restoration (A) is crucial but follows the activation of an alternative site to minimize downtime. Contacting emergency services (B) is part of crisis management but not directly related to continuity of operations. Informing customers (D) is important for communication but does not directly address business continuity and should follow the activation of backup systems.

Using a log retention policy that specifies the retention duration (C) is essential for ensuring compliance with regulatory requirements as it clearly defines how long logs should be retained and facilitates future log reviews by maintaining logs for the necessary period. Archiving old logs on removable media and storing them off-site (A) can aid in disaster recovery but does not inherently ensure compliance with retention requirements. Implementing a log rotation policy to manage log file size (B) helps in log management but does not address retention requirements directly. Encrypting all logs and storing them in a secure location (D) protects log confidentiality but is not directly related to retention compliance.

Implementing data minimization principles is crucial for ensuring user privacy by collecting only the necessary data needed for specific purposes, thereby reducing the risk of data breaches and misuse. Collecting as much data as possible for future use (A) increases privacy risks and may violate regulations. Storing all collected data in plain text (C) compromises data security and privacy. Disabling user consent options (D) violates privacy regulations that require informed consent for data collection and processing.

The company should assess Data Sovereignty (C), which refers to the concept that data is subject to the laws and regulations of the country in which it is located. This helps determine which country's laws apply to cloud-stored data, thereby addressing potential legal disputes. Data Ownership (A) pertains to the rights and responsibilities of data controllers and processors. Data Residency Requirements (B) specify where data must be stored but do not determine the applicable legal framework. Data Privacy Policies (D) are internal policies designed to protect user privacy but do not dictate legal jurisdiction.

The immediate next step after identifying a critical vulnerability is scheduling downtime to apply necessary patches (B). This addresses the vulnerability directly. Informing users to avoid the email server (A) does not resolve the issue. Rebooting the server (C) might clear some threats but does not fix the vulnerability. Disabling email services (D) may be necessary temporarily, but it should be done as part of a coordinated plan that includes patching.

The correct answer is B. Upgrading to faster, more efficient storage solutions will directly reduce restoration time by improving the speed of data retrieval and restoration. Increasing backup test frequency (A) helps in identifying issues but does not address the root cause of slow restoration. Simplifying the data structure (C) may help but is not a direct solution to hardware limitations. Improving staff training (D) is beneficial for efficiency but will not significantly impact the technical speed of data restoration.

WEP (B) should be avoided as it has numerous well-known security vulnerabilities that can be easily exploited. WPA3 (A) is actually a good choice for secure transactions but might not be supported on older devices. EAP-TTLS (C) is secure and provides strong encryption but requires a more complex setup, which can be managed by an IT department. WPA2-Enterprise (D) is suitable for large networks and provides strong security, contrary to the incorrect assertion that it is only suitable for small networks.

The correct answer is A. Identity proofing is the process of confirming an individual’s identity using multiple forms of identification and possibly biometric scans, ensuring they are legitimate before access to sensitive information is granted (A). Access provisioning (B) is about setting up user access. User authentication (C) verifies identity through credentials after identity proofing. Security compliance (D) ensures adherence to security policies but is not directly about identity verification.

Incorrect token lifetime settings (A) could be causing users to experience frequent login prompts in an SSO implementation. If tokens expire too quickly, users will need to re-authenticate more often, disrupting the seamless access that SSO is meant to provide. Misconfigured password policies (B) do not typically cause frequent login prompts if SSO is set up correctly. Lack of multi-factor authentication (C) may affect security but does not directly relate to the frequency of login prompts in SSO. Insufficient network bandwidth (D) might cause performance issues but is not likely to be the primary reason for frequent login prompts.

Restricting outbound traffic to only essential services (A) is the best approach to enhance security while maintaining necessary functionality. This limits potential attack vectors and reduces the risk of data exfiltration. Blocking all outbound traffic (B) is impractical and can disrupt legitimate business operations. Configuring the firewall to allow all outbound traffic from known sources (C) does not address the need to filter outbound traffic by service type, potentially allowing malicious traffic from compromised sources. Leaving the current configuration as it is (D) fails to address the security risk.

A developer having access to source code repositories only demonstrates the principle of least privilege by limiting access to only the resources necessary to perform the developer's job functions. A receptionist having access to financial records (A) violates the PoLP. An IT administrator having access to all network resources (B) provides more access than necessary. A manager having access to all employee records (D) grants excessive access.

Micro-segmentation (B) provides granular control over traffic interactions, allowing security policies to be applied at a very detailed level, ensuring that segments only interact as necessary for security reasons. Physical segmentation (A) is less flexible and more complex to manage. Firewall zones (C) offer broad control but lack the granularity of micro-segmentation. Access control lists (D) control access but do not provide detailed interaction management between segments.

The primary benefit of regularly performing vulnerability assessments is identifying and addressing security gaps before they are exploited (B). This proactive approach helps prevent security incidents. Ensuring compliance with regulatory requirements (A) is a benefit but not the primary purpose. Improving the efficiency of IT operations (C) and enhancing employee awareness of security practices (D) are secondary benefits but do not address the core purpose of vulnerability assessments.

Increasing password complexity and enforcing frequent password changes serves as a compensating control (D) because it provides an alternative security measure to two-factor authentication, which the company cannot implement due to system limitations. Preventive control (A) would involve measures to stop unauthorized access, such as implementing two-factor authentication directly. Detective control (B) refers to identifying and reporting security incidents, and corrective control (C) involves actions to fix issues after they have occurred. The company uses password policies as a substitute to compensate for the lack of two-factor authentication.

A log management system functions as a detective control (B) by collecting logs from various systems and analyzing them to identify suspicious activities and potential security incidents. Preventive control (A) would involve measures like access controls or firewalls that block activities before they occur. Deterrent control (C) would discourage actions through visible warnings or policies. Compensating control (D) provides alternative measures when primary controls are insufficient, but the log management system’s main role is to detect and analyze activities to identify potential threats.

Performing regular data redundancy checks (B) is the most effective practice for maintaining data integrity and availability, as it ensures that multiple copies of data are maintained and can be quickly restored if the primary copy is compromised. Encrypting data (A) protects data confidentiality but does not ensure availability or integrity. Limiting access to critical data (C) enhances security but does not directly address integrity or availability. Conducting bi-annual data recovery drills (D) is useful for testing recovery procedures but is less frequent than needed to ensure continuous data integrity and availability.

TLS (A) encrypts data exchanged between applications, ensuring secure communication and protecting data from interception. Full-device encryption (B) protects data at rest but not data in transit. Biometric authentication (C) secures access to the device or applications but does not encrypt data. Application sandboxing (D) isolates applications but does not specifically provide encryption for data exchange between applications.

Analyzing and tuning the detection rules (D) allows the IDS to better differentiate between legitimate and malicious traffic, reducing the number of false positives while maintaining security. Increasing the threshold for alert generation (A) may reduce false positives but could also allow real threats to go undetected. Turning off the IDS (B) leaves the network without crucial monitoring capabilities. Ignoring the alerts (C) can lead to missing actual security incidents, which is not a responsible approach.

PCI-DSS mandates the use of strong encryption, such as SSL/TLS (C), to protect cardholder data during transmission over public networks. SSL/TLS provides encryption that ensures confidentiality and integrity of the transmitted data. Hashing with SHA-256 (A) provides integrity checks but does not encrypt data for secure transmission. Symmetric key encryption (B) could protect data but requires a secure method for key exchange and is typically used for data at rest. Digital signatures (D) are used for verifying authenticity and integrity but are not specifically required for encrypting data in transit under PCI-DSS.

Containerization (B) separates corporate and personal data, which is crucial in a BYOD environment to protect corporate data without infringing on personal data. Option A focuses on app installation policies, which are less relevant to the concept of data separation. Option C limits application use, which is not related to data separation. Option D suggests a data backup strategy that might not respect personal data privacy.

The company should choose a Hot Site (C) for disaster recovery to ensure their critical applications remain available in the event of a primary data center failure. A hot site is a fully operational, redundant setup that can take over immediately in case of a disaster, ensuring minimal downtime and business continuity. A Cold Site (A) has basic infrastructure but lacks immediate operational capability, resulting in longer recovery times. A Warm Site (B) is partially equipped and requires some setup, leading to moderate recovery times. Data Archiving (D) focuses on long-term storage of data and is not suitable for disaster recovery of critical applications.

Installing a biometric access control system (B) should be implemented as it provides a higher level of security by ensuring that only individuals with pre-approved biometric credentials can access restricted areas, effectively preventing unauthorized access. Increasing the frequency of security patrols (A) can help monitor the area but may not always prevent unauthorized access. Enhancing the lighting around the perimeter (C) improves visibility but does not directly control access. Conducting background checks on all visitors (D) is important but does not address the immediate issue of controlling physical access to restricted areas.

The system requires the use of a smart card (something you have) and a PIN (something you know), aligning with possession and knowledge (A). Possession and biometric (B) would involve a smart card and a biometric trait like a fingerprint, which is not applicable here. Knowledge and biometric (C) would combine a PIN or password with biometric verification. Biometric and location (D) involve factors that are not used in this scenario.

Virtual Machine Introspection (VMI) (A) is a security measure that allows monitoring and analysis of the internal state of VMs from outside the VM, providing a way to detect and respond to threats without compromising the isolation between VMs. This helps in identifying malicious activity within a VM and taking action to prevent it from affecting other VMs. Network Segmentation (B) helps in controlling and limiting network traffic but does not directly address the issue of a compromised VM. Virtual Machine Snapshots (C) are used for backup and recovery, not for security isolation. Hypervisor Hardening (D) involves securing the hypervisor itself, which is important but does not directly mitigate the risk of a compromised VM affecting other VMs.

Regularly updating container images to the latest versions (A) is essential to ensure that containers run with the latest security patches and mitigations against known vulnerabilities. Storing container images in a publicly accessible registry (B) increases the risk of tampering and should be avoided. Using only official images from trusted sources (C) is good practice but may not address the need for ongoing updates. Frequently restarting containers (D) does not guarantee that updates are applied unless the underlying image is also updated.

The most likely cause is that the encryption key has been corrupted due to the power failure (A), which can happen if the power is lost during a critical operation involving the key. This corruption can prevent the system from booting as the encrypted data cannot be decrypted without a valid key. While a hard drive replacement (B) or forgotten password (D) could cause access issues, they are less likely given the context. The encrypted operating system files (C) are normally accessible as part of the boot process if the key is intact.

Option (B) is correct as GDPR mandates notification of affected individuals and the relevant Data Protection Authority within 72 hours of discovering a data breach involving personal data. Option (A) is incorrect as GDPR applies to all personal data breaches, not just financial information. Option (C) is a violation of GDPR, which emphasizes transparency. Option (D) is incorrect because proactive reporting is required by law, regardless of a formal request.

The organizational code of ethics requires adherence to stated commitments and values. Halting the update and reviewing alternatives (B) ensures compliance with the organization’s ethical guidelines regarding open-source software. Proceeding with the update (A) or ignoring the commitment (C) compromises the organization’s values. Applying the update and addressing concerns later (D) fails to uphold the immediate ethical commitment and could lead to longer-term issues.

Implementing strong, unique passwords and limiting access to authorized personnel (B) is the best practice for securing access to routers and switches. Using default usernames and passwords (A) is insecure as they are commonly known and can be exploited by attackers. Enabling Telnet (C) is not secure due to its lack of encryption; SSH should be used instead. Opening all ports (D) increases the attack surface and is not recommended for security.

The correct answer is C, Discretionary Access Control (DAC), because DAC allows the content creators to set access permissions for their content, giving them the flexibility to decide who can read or edit their work. Option A, Mandatory Access Control (MAC), is incorrect because it uses a strict policy-based system that would not allow individual discretion. Option B, Role-Based Access Control (RBAC), is incorrect because it manages access based on user roles, which might not provide the granularity needed for individual content control. Option D, Rule-Based Access Control, is incorrect because it enforces access based on rules rather than user discretion.

Blocking the IP address in the firewall (A) is the best immediate action to prevent potential unauthorized access or attacks from the unknown source. Disabling logging (B) would prevent further monitoring. Increasing the logging level (C) captures more detail but doesn't stop the attempts. Allowing the IP address temporarily (D) poses a security risk without providing immediate benefits.

A mantrap is a physical control that consists of two doors with a small space between them, allowing only one person to enter at a time. This mechanism is effective in controlling access and preventing tailgating, where unauthorized individuals might try to follow an authorized person into a secure area. CCTV cameras (A) monitor activity but do not control physical entry, security guards (C) can oversee entry points but are not a mechanical barrier, and biometric access (D) verifies identity but does not restrict the physical flow of individuals like a mantrap does.

Regularly reviewing and auditing privileged account activities ensures accountability by monitoring the actions performed by users with elevated permissions. This practice helps detect any misuse or unauthorized actions and provides a record for investigating incidents. Allowing shared use of privileged accounts (A) undermines accountability by making it difficult to attribute actions to specific users. Disabling logging for privileged accounts (C) removes the ability to monitor their activities, reducing accountability. Limiting access to business hours only (D) may improve security but does not directly enhance accountability.

The correct answer is C. A hot site ensures continuity with minimal disruption and no loss of transaction data because it maintains an up-to-date mirror of the primary data center. A cold site (A) lacks immediate resources for operation and would cause significant delays. A reciprocal agreement (B) relies on mutual arrangements which may not guarantee the immediate availability of resources. Cloud-based services (D) can also be an effective solution but might involve complexities related to data synchronization and security.

Conducting a risk assessment and planning a rollback strategy (B) is the most critical step because it helps identify the potential impact of the patch on existing systems and ensures that there is a plan in place to revert the changes if something goes wrong. Skipping the patch (A) is not advisable as it leaves the vulnerability unaddressed. Applying the patch immediately (C) without assessing risks may lead to system issues. Informing end-users (D) is important but not the most critical immediate step.

Gathering and reviewing relevant logs (C) is critical to analyze the extent and nature of the incident, which is essential for an effective response. Isolating the affected system (A) is important but should be based on initial analysis. Notifying senior management (B) and informing all employees (D) are part of the escalation and communication plan but should occur after preliminary analysis to provide accurate information.

The correct answer is A. Role-based access control (RBAC) is the most effective mechanism for restricting access to the code repository to only the development team. By assigning access permissions based on the role (e.g., developer), RBAC ensures that only authorized team members can access the repository (A). Implementing a firewall rule (B) controls network traffic but does not address user authorization for specific resources. Enforcing a complex password policy (C) strengthens authentication but does not control access to the code repository. Data encryption (D) protects data in transit or storage but does not manage access rights to the repository.

An incident reporting procedure is an administrative control that formalizes the process employees must follow to report security incidents. This procedure ensures that incidents are reported consistently and managed effectively. A data encryption standard (B) outlines how data should be encrypted but does not cover reporting processes, a network security policy (C) addresses overall network security but not incident reporting specifically, and a password management guideline (D) provides instructions for creating and maintaining secure passwords, which is not relevant to incident reporting.

TACACS+ is preferred over RADIUS for authenticating administrative access to network devices because it separates authentication, authorization, and accounting (AAA) functions. This allows for more granular control and management of access policies. Option A, while TACACS+ is an open standard, it is not the primary reason for its preference in this context. Option B, RADIUS only encrypts the password, which is less secure for administrative access compared to the full packet encryption provided by TACACS+. Option D, the use of a shared secret for encryption, is also a feature of RADIUS, but TACACS+'s ability to separately handle AAA functions offers more flexibility and security, making it ideal for managing access to network devices.

The correct answer is B. Immediately updating the disaster recovery plan and conducting follow-up drills ensures that weaknesses are addressed promptly and the plan is improved continuously. Documenting weaknesses (A) without action may delay necessary improvements. Conducting a formal audit (C) may be part of a thorough response but should not delay immediate updates and follow-up testing. Replacing team members (D) does not address the plan’s shortcomings and may not resolve the identified issues.

Software-Defined Wide Area Network (SD-WAN) (B) enables centralized control and management of network infrastructure across multiple sites, providing enhanced flexibility, automation, and cost savings. Traditional WAN (A) does not provide the centralized control and flexibility offered by SD-WAN. A Virtual Private Network (VPN) (C) provides secure connections over the internet but does not offer centralized network management or automation capabilities. A Local Area Network (LAN) (D) is limited to a single location and does not address the needs of managing multiple sites.

Regularly updating the appliance's software and definitions (A) ensures that the virtual appliance is protected against known vulnerabilities and can effectively filter web traffic. While isolating the appliance on a separate VLAN (B) enhances network security, it does not directly maintain the appliance's functionality and security posture. Using a complex password (C) is good practice but insufficient on its own to secure the appliance. Monitoring network traffic (D) is important for detecting issues but does not prevent vulnerabilities from being exploited.

Pattern recognition (A) in an event correlation system helps in identifying if seemingly unrelated security incidents are actually connected by detecting recurring sequences or similarities in events across different sources. This allows for the identification of broader attack campaigns or multi-stage intrusions that might not be apparent from individual events alone. Real-time monitoring (B) provides immediate visibility into events but does not necessarily identify patterns or relationships. Data retention policies (C) ensure that logs are stored for a required duration, which is important for historical analysis but does not directly help in correlating current incidents. Compliance reporting (D) focuses on regulatory adherence and is not related to identifying connections between incidents.

Unusual ARP traffic indicating interception of communication between hosts suggests a Man-in-the-Middle (MITM) attack, where an attacker secretly relays and possibly alters the communication (B). ARP spoofing detection can help identify and block such malicious activities on the local network (B). DNS poisoning (A) involves altering DNS records, which does not align with ARP-related traffic. DDoS (C) attacks overwhelm network resources, unrelated to ARP traffic. Phishing (D) is an attack through social engineering, not network-level interception.

Generating a new random salt for each password update ensures that even if a password remains the same, the resulting hash changes, thus enhancing security (C). Using a globally unique salt for each user (A) is not sufficient because it does not change with password updates. Using a short, fixed-length salt (B) can reduce security as longer, more random salts provide better protection against attacks. Using the same salt for each user (D) does not prevent attackers from using precomputed hash tables and significantly reduces the effectiveness of the salt.

A risk register is specifically designed to document risks, including vulnerabilities, their potential impact, and mitigation strategies, and to track their status over time. An incident response plan (A) is focused on handling security incidents rather than tracking vulnerabilities. A security policy (B) sets out the rules and guidelines for securing an organization but does not track specific risks. A threat intelligence report (D) provides information on potential threats but does not track the management of vulnerabilities.

Security Assertion Markup Language (SAML) (B) is a standard for exchanging authentication and authorization data between an identity provider and a service provider. It allows users to authenticate once with their corporate credentials and access third-party services without needing to log in again, ensuring secure and seamless access. Simple Mail Transfer Protocol (SMTP) (A) is used for sending emails and is not related to federated authentication. File Transfer Protocol (FTP) (C) is used for transferring files over a network and does not handle authentication. Internet Protocol Security (IPsec) (D) is a protocol suite for securing Internet Protocol (IP) communications, not specifically for federated authentication.

Implementing a data loss prevention (DLP) solution (A) directly addresses the issue of data leakage by monitoring and controlling data transfers to ensure sensitive information is not improperly accessed or shared. Increasing policy reviews (B) and conducting awareness campaigns (C) are important but do not specifically prevent data leakage. Enforcing a stricter password policy (D) is beneficial but not directly related to access control deficiencies.

A VPN with SSL encryption (B) ensures data integrity and confidentiality by creating a secure tunnel for data transfer and encrypting the data end-to-end. This prevents unauthorized access and ensures that data is not tampered with during transit. Unencrypted FTP (A) does not provide encryption, exposing data to interception. An open internet connection with a shared password (C) is insecure and prone to unauthorized access. Cloud storage with public access (D) lacks the necessary security controls to protect sensitive inventory data.

Implementing a RADIUS server (B) provides robust authentication mechanisms, ensuring only authorized users can access the network. Using a single SSID for both staff and guests (A) is a security risk as it can lead to unauthorized access to sensitive network areas. Regularly changing the Wi-Fi channel (C) is aimed at avoiding interference, not improving security. Lowering the signal strength (D) can help minimize the Wi-Fi range but does not contribute significantly to overall security.

The (ISC)² Code of Ethics requires maintaining confidentiality and acting honorably. Declining the job offer (B) avoids potential ethical conflicts and protects the current employer's proprietary information. Accepting the job and sharing information (A) is unethical and illegal. Accepting the job but refusing to share information (C) might not be feasible if the position inherently requires such knowledge. Negotiating with the new employer (D) could still pose risks of accidental disclosure or unethical pressure.

Implementing an automated software asset management tool (B) is the most effective approach to ensure that all installed software is properly licensed, as it provides continuous monitoring and can automatically detect non-compliance issues. Conducting a manual software inventory (A) is labor-intensive and prone to errors. Restricting software installation (C) can help, but it is not a comprehensive solution. Regularly purchasing new software licenses (D) is not efficient and does not address the need for accurate tracking and compliance.

The Mesh topology (B) would be the best choice to minimize the impact of device failure and reduce network downtime due to its redundant paths between all nodes. The Star topology (A) has a central point of failure at the hub, which can cause downtime if the hub fails. The Bus topology (C) is vulnerable to a single point of failure in the main communication line. The Ring topology (D) can also suffer from a single point of failure that affects the whole network.

The Hybrid Cloud model (C) combines both on-premises infrastructure (private cloud) and public cloud resources, allowing organizations to maintain control over their data while still leveraging the scalability and cost benefits of public cloud services. This model is ideal for organizations with concerns about data privacy and security, as it allows sensitive data to be kept in a private environment while using public cloud for less sensitive applications. The Public Cloud (A) is not suitable for organizations that want to maintain control over their data because it involves sharing resources with other users, which can increase security risks. The Private Cloud (B) offers full control over data but may not provide the same cost savings or flexibility as hybrid models. The Community Cloud (D) involves sharing infrastructure with other organizations with similar requirements, which may not meet the specific needs for control and privacy of a single organization.

The correct answer is B. IPsec (Internet Protocol Security) is ideal for securely transmitting data over the internet as it encrypts the data and provides integrity checks, ensuring that the data cannot be intercepted or tampered with during transmission. This makes it suitable for establishing a secure communication channel between two branches over the internet. SSH (A) is primarily used for secure remote access and command execution rather than for encrypting data transmission between networks. HTTP (C) is used for web communication and does not provide security features needed for encrypting sensitive data. POP3 (D) is used for email retrieval and does not address secure data transmission requirements.

Implementing load balancing is the most effective measure to maintain the availability of a web application during periods of high traffic. Load balancers distribute incoming traffic across multiple servers, preventing any single server from becoming overwhelmed and ensuring continuous availability. Enabling caching mechanisms (A) can improve performance but does not address load distribution. Conducting regular vulnerability scans (C) enhances security but does not directly impact availability. Using strong encryption protocols (D) protects data in transit but does not influence traffic handling and server load.

HMAC provides a way to verify both the integrity and authenticity of a message by combining a cryptographic hash function with a secret key, making it possible to detect any tampering with the data in transit (B). RSA encryption (A) primarily ensures confidentiality and secure key exchange but does not inherently provide integrity checks. Elliptic curve cryptography (C) is used for secure key exchange and digital signatures but is not directly aimed at verifying message integrity like HMAC. Symmetric key encryption (D) ensures confidentiality but does not provide a mechanism for detecting message tampering without additional integrity checks.

The "No Trespassing" sign serves as a deterrent control (B), aiming to discourage unauthorized individuals from entering the restricted area by clearly indicating that entry is forbidden and that there may be consequences for trespassing. Detective control (A) would involve systems to identify and report unauthorized access, which the sign does not do. Preventive control (C) physically restricts access, such as through barriers or locks, which is not the function of a sign. Compensating control (D) offers alternative measures when primary controls are lacking, but the sign’s primary purpose is to deter, not to compensate for other controls.

The immediate next step should be to disconnect the affected endpoints from the network (A) to prevent potential spread of malware or further damage. This isolation helps contain the threat while further investigation is conducted. Performing a system reboot (B) may not resolve the issue and could disrupt evidence. Increasing the alert threshold (C) could overlook serious threats. Conducting an antivirus scan (D) is important but should follow containment measures.

This scenario violates the principle of segregation of duties (SoD) because the employee has control over both approving expenses and reconciling bank statements, which could lead to fraud or errors going undetected. The other scenarios (B, C, D) do not necessarily violate SoD as long as there are appropriate controls and oversight in place to mitigate risks.

Creating a compliance checklist is crucial for ensuring that an internal audit thoroughly assesses compliance with regulatory standards. This checklist helps auditors systematically review all relevant aspects of compliance and ensures that no critical areas are overlooked. Updating firewall configurations (B), implementing a new backup policy (C), and installing the latest antivirus software (D) are important security measures but do not directly ensure a comprehensive audit of compliance requirements.

AES-256 is the most suitable key length for maximizing security, as it offers the highest level of protection against brute force attacks and is commonly used in environments requiring stringent security policies (C). AES-128 (A) and AES-192 (B) provide strong security but are less robust than AES-256. A 512-bit key (D) is not a standard option for AES encryption, which supports only 128, 192, and 256-bit key lengths.

Using a dedicated browser for online transactions (A) reduces the risk of cross-site tracking and minimizes exposure to potential threats from other activities. Disabling browser extensions (B) can improve security but is not specifically focused on online transactions. Clearing the browser cache (C) is good practice but does not specifically protect transactions. Blocking social media websites (D) does not directly enhance the security of online transactions.

Benchmarking against industry standards is the most critical activity during periodic reviews of security policies and procedures to maintain compliance with regulatory requirements. This process involves comparing the organization's policies and procedures to accepted industry standards and best practices to identify areas for improvement and ensure compliance. Updating software applications (A), installing new firewall rules (C), and reassigning security responsibilities (D) are important activities for security management but are not specifically focused on reviewing and comparing policies and procedures for compliance.

A QoS-enabled router (C) is the appropriate device to implement because it can prioritize video conferencing traffic over other types of traffic, reducing latency and jitter and ensuring a better quality of service. A firewall with content filtering (A) is used for security and does not prioritize traffic types. A load balancer with session persistence (B) ensures that sessions are consistently directed to the same server but does not prioritize traffic. An Intrusion Prevention System (IPS) (D) focuses on detecting and preventing network intrusions and is not designed for traffic prioritization.

The most effective action to address the risk of a supplier having access to sensitive customer data without adequate encryption is to implement strong encryption protocols for data in transit and at rest (B). This ensures that the data is protected regardless of the supplier's practices. Requesting the supplier to stop using customer data (A) may not be feasible or effective. Monitoring the supplier's data access more closely (C) is important but does not mitigate the risk of unencrypted data. A confidentiality agreement (D) is a legal measure but does not address the technical risk of unencrypted data.

Device compliance checks (C) ensure that BYOD devices adhere to corporate security standards, such as up-to-date software and security patches, which is crucial for maintaining security. Restricting personal features (A) is impractical for BYOD and can reduce user acceptance. While regular security training (B) is important, it does not directly enforce compliance. Device encryption limited to corporate apps (D) is insufficient as it may leave other areas of the device vulnerable.

The immediate action should be to encrypt the sensitive data (A) to comply with the baseline policy and protect it from unauthorized access. Notifying the storage system administrator (B) is necessary but secondary to securing the data. Updating the baseline policy (C) does not address the current non-compliance. Conducting a risk assessment (D) is important but does not mitigate the immediate risk of unprotected data.

The correct answer is C. Deactivating user accounts and revoking access is essential in the de-provisioning process to ensure former employees cannot access sensitive data after leaving the company (C). Updating security policies (A) is important for governance but does not directly remove access. Performing a network assessment (B) helps identify vulnerabilities but does not de-provision users. Reviewing access logs regularly (D) is good for monitoring but does not actively remove access.

The correct answer is B. IPsec can be vulnerable to replay attacks if anti-replay services are not enabled. Replay attacks involve intercepting and retransmitting valid data packets to create a malicious effect. Option A is incorrect as IPsec supports encryption. Option C is not directly related to IPsec; DNS spoofing attacks target domain name resolution rather than the IPsec protocol itself. Option D is incorrect because IPsec does provide data integrity through authentication headers and encapsulating security payloads.

Encrypting data at rest with a secure algorithm (B) is crucial for ensuring the confidentiality of stored medical records, as it protects sensitive data from unauthorized access if the storage medium is compromised. Using a hash function with salt (A) helps prevent hash collisions and protect against dictionary attacks but does not encrypt data for confidentiality. Implementing SSL/TLS (C) is essential for protecting data in transit but does not address the confidentiality of stored data. Access control lists (ACLs) (D) help manage who can access data but do not provide encryption to protect the data itself from unauthorized access.

Infrastructure as a Service (IaaS) (A) provides the most control over the underlying hardware, including servers, storage, and networking. This model is ideal for a large enterprise that needs to migrate legacy applications to the cloud and requires the ability to configure and manage the infrastructure. Platform as a Service (PaaS) (B) offers a higher level of abstraction, focusing on application development rather than infrastructure management, which is not suitable for running legacy applications that need full control. Software as a Service (SaaS) (C) provides fully managed applications, which would not be appropriate for legacy systems that require specific configurations. Function as a Service (FaaS) (D) is a serverless computing model for running small pieces of code, which is not suitable for the full-scale migration of a data center.

A Mutual Legal Assistance Treaty (MLAT) (C) provides a formal mechanism for obtaining evidence from another country, ensuring legal compliance and admissibility in court. Sending an informal request (A) does not guarantee legal compliance or evidence admissibility. Using a hacking tool (B) is illegal and unethical. Requesting assistance from a local law enforcement agency (D) is helpful but may not have jurisdiction over international matters. Thus, applying for an MLAT (C) is the appropriate action.

Remote Desktop Protocol (RDP) uses port 3389 (C) for remote desktop connectivity. Ensuring this port is open on the firewall will allow remote desktop services to function properly. Port 22 (A) is used for SSH, which provides secure shell access, not remote desktop. Port 443 (B) is used for HTTPS, which secures web traffic. Port 3306 (D) is used by MySQL databases for database connections, not remote desktop.

The correct answer is B. Overwriting the keys with random data multiple times ensures secure destruction by making it extremely difficult to recover the original data. Deleting the keys from the filesystem (A) does not guarantee that the keys are irrecoverable, as they can often be restored using forensic techniques. Encrypting the keys before deletion (C) does not eliminate the need for proper destruction, as the encrypted keys themselves can be a target for decryption. Moving the keys to an archive location (D) is not a destruction method but rather a way to store the keys, which does not address the need for secure deletion.

The correct answer is B. Data deduplication minimizes the storage space required for backups by eliminating duplicate copies of repeating data, thus optimizing the use of storage resources. Reducing backup time (A) can be a secondary benefit but is not the primary purpose. Ensuring data encryption (C) is not related to deduplication but to data security practices. Improving recovery speed (D) can be a benefit of having more efficient storage, but the primary advantage of deduplication is storage optimization.

The scenario describes an employee accessing and copying sensitive data without authorization, which is indicative of an insider threat (C). Insider threats involve malicious activities performed by individuals within the organization who have access to sensitive data and systems. A zero-day exploit (A) takes advantage of vulnerabilities that are not yet known to the software vendor, but it does not typically involve authorized access by employees. A web-based attack (B) targets web applications and services from outside the organization. Distributed Denial of Service (DDoS) (D) attacks aim to disrupt services by overwhelming them with traffic but do not involve unauthorized access to sensitive data.