A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The actor then provisions user accounts in the companies for use post-acquisition. Before an upcoming acquisition, a security officer conducts threat modeling with this attack vector. Which of the following practices is the best way to investigate this threat?
A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved to the repository. The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment. Which of the following should a security engineer recommend to reduce the deployment failures? (Choose two.)
An organization has several systems deployed in a public cloud and wants to confirm that when data retention periods are reached, the data is properly disposed of. Which of the following best meets the organization's needs?
A company is preparing to move a new version of a web application to production. No major issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?
A security researcher tells a company that one of its solutions is vulnerable to buffer overflow, leading to a malicious coding execution. Which of the following is the best way to avoid this vulnerability in future versions?
A pharmaceutical company acquired a growing startup. The pharmaceutical company has a comprehensive OT stack, while the startup allows employees to install IoT devices without oversight. Both companies will continue to operate independently with some systems shared and others separated. Which of the following considerations are the most important when designing the new combined systems? (Choose two.)
