A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

• A.Consult the legal department to determine the legal requirements.
• B.Delete all PHI from the network until the legal department is consulted.
• C.Take an MD5 hash of the server.
• D.Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

Comment: *

Name: *

Email: *

Verification: *

A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

• A.Perform additional SAST/DAST on the open-source libraries.
• B.Perform unit testing of the open-source libraries.
• C.Track the library versions and monitor the CVE website for related vulnerabilities.
• D.Implement the SDLC security guidelines.

Comment: *

Name: *

Email: *

Verification: *

A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?

• A.Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
• B.Ensue the password being shared is sufficiently and not written down anywhere.
• C.Configure MFA for all users to decrease their reliance on other authentication.
• D.Create multiple social media accounts for all marketing user to separate their actions.

Comment: *

Name: *

Email: *

Verification: *

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

• A.Key sharing
• B.Key distribution
• C.Key escrow
• D.Key recovery

Comment: *

Name: *

Email: *

Verification: *

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.
Which of the following should the organization consider FIRST to address this requirement?

• A.Design an appropriate warm site for business continuity.
• B.Implement a change management plan to ensure systems are using the appropriate versions.
• C.Identify critical business processes and determine associated software and hardware requirements.
• D.Hire additional on-call staff to be deployed if an event occurs.

Comment: *

Name: *

Email: *

Verification: *