1. A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and requiredall administrators of this system to attend mandatory training.Which of the following BEST describes the control being implemented?

A) Multifactor authentication
B) Defense in depth
C) Access control
D) Audit remediation



2. A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?

A) Put an ACL on the gateway router
B) Contact the Office of Civil Rights (OCR) to report the breach
C) Notify the Chief Privacy Officer (CPO)
D) Activate the incident response plan



3. An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Managementdirected the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome isunchanged. Which of the following is the BEST logical control to address the failure?

A) Test vulnerability remediation in a sandbox before deploying.
B) Configure a script to automatically update the scanning tool.
C) Manually validate that the existing update is being performed.
D) Configure vulnerability scans to run in credentialed mode.



4. After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve auser navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowinginappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?

A) Automated reporting
B) Separation of duties
C) Succession planning
D) Cross training



5. A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showingsusceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which ofthe following vulnerability management processes should be implemented?

A) Automated report generation
B) Regular patch application
C) Group policy modification
D) Frequent server scanning