A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

 

Options:

A Require more than one approver for all change management requests.
B Implement file integrity monitoring with automated alerts on the servers.
C Disable automatic patch update capabilities on the servers
D Enhanced audit logging on the jump servers and ship the logs to the SIEM.

A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

A Implement strict three-factor authentication.

B Implement least privilege policies

C Switch to one-time or all user authorizations.

D Strengthen identify-proofing procedures

During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options: A Monitor camera footage corresponding to a valid access request.
B Require both security and management to open the door.
C Require department managers to review denied-access requests.
D Issue new entry badges on a weekly basis.

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

• A. Pay the ransom within 48 hours.
• B. Isolate the servers to prevent the spread.
• C. Notify law enforcement.
• D. Request that the affected servers be restored immediately.

Note : one source is saying B and other source is saying C ... i am confused . Please help to guide with the correct information