A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

1. The pharmaceutical company
2. The cloud software provider
3. The web portal software vendor
4. The database software vendor

A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A 0.5
B 8
C 50
D 36,500 

please help to share the math so that i can understand 

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

SELECT *

from ACCOUNTS

Where regexp '^ [0-9] {4} [- ] + [0-9] {4} [-] + [0-9] {4} $’

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A. Personal health information: Inform the human resources department of the breach and review the DLP logs.

В. Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C. Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D. PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

URGENT support required : 

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A The company will have access to the latest version to continue development.
B The company will be able to force the third-party developer to continue support.
C The company will be able to manage the third-party developer's development process.
D The company will be paid by the third-party developer to hire a new development team.