Multiple Choice
An organization has established the following controls matrix: 
The following control sets have been defined by the organization and are applied in aggregate fashion: Systems containing PII are protected with the minimum control set. Systems containing medical data are protected at the moderate level. Systems containing cardholder data are protected at the high level. The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
A) Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
B) Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
C) Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
D) Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
Correct Answer:
Verified
Correct Answer:
Verified
Q432: A security analyst who is concerned about
Q433: During the decommissioning phase of a hardware
Q434: A product owner is reviewing the output
Q435: A company is moving all of its
Q436: Which of the following is an external
Q437: An infrastructure team is at the end
Q439: The marketing department has developed a new
Q440: Given the following information about a company's
Q441: A security architect has designated that a
Q442: Which of the following BEST represents a