Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

1. A. Remote provider BCDR
2. B. Cloud provider BCDR
3. C. Alternative provider BCDR
4. D. Primary provider BCDR

Correct Answer: B

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.
Which of the following processes would BEST satisfy this requirement?

1. A. Monitor camera footage corresponding to a valid access request.
2. B. Require both security and management to open the door.
3. C. Require department managers to review denied-access requests.
4. D. Issue new entry badges on a weekly basis.

Correct Answer: B
Reference: https://www.getkisi.com/access-control
This solution would implement a two-factor authentication (2FA) process that would prevent unauthorized individuals from entering the storage room by following an authorized employee. The two factors would be the card reader issued by the security team and the presence of a department manager.

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an and IT environment?

1. A. In the environment, use a VPN from the IT environment into the environment.
2. B. In the environment, allow IT traffic into the environment.
3. C. In the IT environment, allow PLCs to send data from the environment to the IT environment.
4. D. Use a screened subnet between the and IT environments.

Correct Answer: D
A screened subnet is a network segment that separates two different environments, such as (operational technology) and IT (information technology), and provides security controls to limit and monitor the traffic between them. This would allow the business to get the required reports from the historian server without exposing the environment to unnecessary risks. Using a VPN, allowing IT traffic, or allowing PLCs to send data are less secure options that could compromise the environment. Verified References: https://www.comptia.org/blog/what-is-operational-technology https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

1. A. when it is passed across a local network.
2. B. in memory during processing
3. C. when it is written to a system’s solid-state drive.
4. D. by an enterprise hardware security module.

Correct Answer: B

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

1. A. Software-backed keystore
2. B. Embedded cryptoprocessor
3. C. Hardware-backed public key storage
4. D. Support for stream ciphers
5. E. Decentralized key management
6. F. TPM 2.0 attestation services

Correct Answer: BC