the answer is A or C ???? please guide with the correct answer 

A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

 

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options: A TPM
B Local secure password file
C MFA
D Key vault

URGENT support required : 

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A The company will have access to the latest version to continue development.
B The company will be able to force the third-party developer to continue support.
C The company will be able to manage the third-party developer's development process.
D The company will be paid by the third-party developer to hire a new development team.

A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

A Implement strict three-factor authentication.

B Implement least privilege policies

C Switch to one-time or all user authorizations.

D Strengthen identify-proofing procedures

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

Which of the following scan types will provide the systems administrator with the MOST accurate information?

A. A passive, credentialed scan
B. A passive, non-credentialed scan
C. An active, non-credentialed scan
D. An active, credentialed scan