[Governance, Risk, and Compliance (GRC)] A company recentlyexperienced aransomware attack. Although the company performssystems and data backupon a schedule that aligns with itsRPO (Recovery Point Objective) requirements, thebackup administratorcould not recovercritical systems and datafrom its ofline backups to meet the RPO. Eventually, the systems and data were restored with information that wassix months outside of RPO requirements. Which of the following actions should the company take to reduce the risk of a similar attack?
[Governance, Risk, and Compliance (GRC)] A compliance officer isfacilitating abusiness impact analysis (BIA)and wantsbusiness unit leadersto collect meaningful dat a. Several business unit leaders want more information about the types of data the officer needs. Which of the following data types would be the most beneficial for the compliance officer?(Select two)
[Security Operations] A company’sSIEMis designed to associate the company’sasset inventorywith user events. Given the following report: Which of thefollowing should asecurity engineer investigate firstas part of alog audit?
[Security Operations] During a recentsecurity event, access from thenon -production environment to the production environmentenabledunauthorized usersto: Installunapproved software Makeunplanned configuration changes During theinvestigation, the following findings were identified: Several new users were added in bulkby theIAM team Additionalfirewalls and routerswere recently added Vulnerability assessmentshave been disabled formore than 30 days Theapplication allow listhas not been modified intwo weeks Logs were unavailablefor various types of traffic Endpoints have not been patchedinover ten days Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)
[Security Architecture] An organization hires a security consultant to establish a SOC that includes athreat -modeling function. During initial activities, the consultant works with system engineers to identify antipatterns within the environment. Which of the following is most critical for the engineers to disclose to the consultant during this phase?
[Identity and Access Management (IAM)] A security analyst is reviewing the following authentication logs: Which of thefollowing should the analyst do first?
