Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

A. Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B. Resource leak; recover the device for analysis and clean up the local storage.

C. Impossible travel; disable the device's account and access while investigating.

D. Falsified status reporting; remotely wipe the device.

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate is undefined

Which of the following is the root cause of this issue?

A. iOS devices have an empty root certificate chain by default.

B. OpenSSL is not configured to support PKCS#12 certificate files.

C. The VPN client configuration is missing the CA private key.

D. The iOS keychain imported only the client public and private keys.

A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller, a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information: Which of the following should the security analyst do FIRST?

A. Disable Administrator on abc-usa-fs1; the local account is compromised.

B. Shut down the abc-usa-fs1 server; a plaintext credential is being used.

C. Disable the jdoe account; it is likely compromised.

D. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited.

Over the last 90 days, many private storage services have been exposed in the cloud services environments, and the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the email security team can keep up with them. The Chief Information Security Officer (CISO) has asked the security lead architect to recommend solutions to this problem.

Which of the following BEST addresses the problem with the least amount of administrative effort?

A. Compile a list of firewall requests and compare them against interesting cloud services

B. Implement a CASB solution and track cloud service use cases for greater visibility

C. Implement a user-behavior analytics system to associate user events with cloud service creation events

D. Capture all logs and feed them to a SIEM. and then analyze for cloud service events.

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

A. Log all access to the data and correlate with the researcher.

B. Anonymize identifiable information using keyed strings

C. Ensure all data is encrypted in transit to the researcher.

D. Ensure all researchers sign and abide by non-disclosure agreements.

E. Sanitize date and time stamp information in the records.