A systems administrator wants to introduce a newly released feature for an internal application. The administrator does not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?
A Chief Information Security Officer (CISO) is developing a third-party risk management program and wants to establish an order of preference for solicitation and acceptance of audit and assessment results from business partners. The CISO prefers a formal certification against an established framework, which should be considered more reliable than self-attestations. Which of the following is most likely the reason for this perspective?
Within a SCADA environment, a business needs access to the historian server in order to gather metrics about the functionality of the environment. Which of the following actions should be taken to address this requirement?
A security engineer is reviewing the results of an annual penetration test. The report lists one of the results as "critical severity" on several domain-joined workstations:SSL/TLS Weak Protocols Supported TLS 1.0, TLS 1.1Which of the following should the security engineer implement to remediate this finding in the most centralized manner?
An organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?
A company needs to increase the maturity level for the cybersecurity department's governance structure. To achieve this goal, the company wants to implement a set of controls that can be used as part of the standard operational procedures and policies within the department and the company. Which of the following frameworks best aligns with this goal?
