The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

1. A. MOU
2. B. OLA
3. C. NDA
4. D. SLA

Correct Answer: A

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:
Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials
Sensitive information in emails being exfiltrated
Which of the following solutions should the security team implement to mitigate the risk of data loss?

1. A. Mobile device management, remote wipe, and data loss detection
2. B. Conditional access, DoH, and full disk encryption
3. C. Mobile application management, MFA, and DRM
4. D. Certificates, DLP, and geofencing

Correct Answer: C
Mobile application management (MAM) is a solution that allows the organization to control and secure the approved collaboration applications and the data within them on personal devices. MAM can prevent unstructured data from being exfiltrated by restricting the ability to move, copy, or share data between applications. Multi-factor authentication (MFA) is a solution that requires the user to provide more than one piece of evidence to prove their identity when accessing corporate data. MFA can prevent data from being exfiltrated as a result of compromised credentials by adding an extra layer of security. Digital rights management (DRM) is a solution that protects the intellectual property rights of digital content by enforcing policies and permissions on how the content can be used, accessed, or distributed. DRM can prevent sensitive information in emails from being exfiltrated by encrypting the content and limiting the actions that can be performed on it, such as forwarding, printing, or copying. Verified References:
✑ https://www.manageengine.com/data-security/what-is/byod.html
✑ https://www.cimcor.com/blog/7-scariest-byod-security-risks-how-to-mitigate

A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

1. A. NAC to control authorized endpoints
2. B. FIM on the servers storing the data
3. C. A jump box in the screened subnet
4. D. A general VPN solution to the primary network

Correct Answer: A
Network Access Control (NAC) is used to bolster the network security by
restricting the availability of network resources to managed endpoints that don't satisfy the compliance requirements of the Organization.

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business’s needs?

1. A. Performing deep-packet inspection of all digital audio files
2. B. Adding identifying filesystem metadata to the digital audio files
3. C. Implementing steganography
4. D. Purchasing and installing a DRM suite

Correct Answer: C
Steganography is a technique that can hide data within other files or media, such as images, audio, or video. This can provide a low-cost approach to theft detection for the audio recordings produced and sold by the small business, as it can embed identifying information or watermarks in the audio files that can reveal their origin or ownership. Performing deep-packet inspection of all digital audio files may not be feasible or effective for theft detection, as it could consume a lot of bandwidth and resources, and it may not detect hidden data within encrypted packets. Adding identifying filesystem metadata to the digital audio files may not provide enough protection for theft detection, as filesystem metadata can be easily modified or removed by unauthorized parties. Purchasing and installing a DRM (digital rights management) suite may not be a low-cost approach for theft detection, as it could involve licensing fees and hardware requirements. Verified References: https://www.comptia.org/blog/what-is-steganography https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Which of the following BEST sets expectation between the security team and business units within an organization?

1. A. Risk assessment
2. B. Memorandum of understanding
3. C. Business impact analysis
4. D. Business partnership agreement
5. E. Services level agreement

Correct Answer: E
A service level agreement (SLA) is the best option to set expectations between the security team and business units within an organization. An SLA is a document that defines the scope, quality, roles, responsibilities, and metrics of a service provided by one party to another. An SLA can help align the security team’s objectives and activities with the business units’ needs and expectations, as well as establish accountability and communication channels. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://searchitchannel.techtarget.com/definition/service-level-agreement