A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:
A Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.
B Create an SLA for each application that states when the application will come back online and distribute this information to the business units.
C Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.
D Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Black-box testing
B Gray-box testing
C Red-team hunting
D White-box testing
E Blue-learn exercises

NEED URGENT support

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
B Change privileged usernames, review the OS logs, and deploy hardware tokens.
C Implement MFA, review the application logs, and deploy a WAF.
D Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options: A Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
B Change privileged usernames, review the OS logs, and deploy hardware tokens.
C Implement MFA, review the application logs, and deploy a WAF.
D Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.