ViciousAkira

Highly Voted 8 months, 3 weeks ago

B. SOC 2 Type 2 report SOC 2 stands for System and Organization Controls 2. A SOC 2 Type 2 report provides an audit of the effectiveness of security controls over a period of time (typically 6-12 months), specifically focusing on the operating effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy. This report would demonstrate that the controls were not only in place but also effectively protecting customer data over the required period.

C. DRP Disaster recovery (DR) plans define the processes and procedures that an organization will take when a disaster occurs. Unlike a BC plan, a DR plan focuses on natural and human-made disasters that may destroy facilities or infrastructure, or otherwise prevent an organization from functioning normally. A DR plan focuses on restoration or continuation of services despite a disaster.

Segregation of duties is going to PREVENT users from having the ability to potentially manipulate processes within the business by splitting duties amongst others. Somewhat of a "checks and balances" kind of system.

A Denial of Service. This is clearly indicative of DoS attack where the two Test hosts are being overwhelmed with excessive traffic received causing them to become unresponsive and crash.

Block the URL shortener domain in the web proxy: Blocking the URL shortener domain in the web proxy is a good idea if you suspect that the malicious URLs lead to a harmful site, but in this case, the links are redirecting to a dead domain. The malicious domain itself is no longer active, so blocking the URL shortener might not address the immediate threat. Additionally, this step doesn't prevent other similar attacks with different shorteners or domains in the future.

C. Retention policy. Reasoning: Security policy: While a security policy is important for protecting sensitive information, it doesn't specifically address the retention and destruction of records. Classification policy: A classification policy helps categorize information based on its sensitivity and value, but it doesn't provide guidelines for how long records should be retained or when they should be destroyed. Retention policy: A retention policy establishes rules for how long different types of records should be kept and when they can be destroyed. This is exactly what the company needs to meet compliance requirements and minimize the number of records it needs to store. Access control policy: An access control policy governs who can access different types of information. While it's important for data protection, it doesn't directly address the retention and destruction of records. Therefore, a retention policy is the best option for the company to meet its requirements of keeping the fewest records possible, meeting compliance needs, and ensuring destruction of records that are no longer needed.