While performing a security assessment for a client, you discover confidential information that suggests the client’s employees are engaging in activity that may be illegal but is unrelated to the scope of your engagement. According to the ISC2 Code of Ethics, what is the BEST action for you to take? A. Report the activity directly to law enforcement. B. Inform your client’s senior management about the findings. C. Document the evidence and keep it in case it’s needed later. D. Ignore the activity since it is outside the scope of your contract.

You are designing a system for a law firm that represents multiple competing corporations. The system must: - Prevent lawyers from accessing case files of competing clients - Ensure paralegals can enter data but only senior attorneys can approve filings - Maintain confidentiality of client records Which combination of models is most relevant here? A. Bell–LaPadula and Biba B. Clark–Wilson and Brewer–Nash C. Bell–LaPadula and Clark–Wilson D. Brewer–Nash and Biba

An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future? A. Ensure the security information and event management (SIEM) is set to alert. B. Inform users only one user should be using the account at a time. C. Ensure each user has their own unique account. D. Allow several users to share a generic account.

A development team is adopting a secure software development lifecycle (SDLC). The security manager wants to ensure that vulnerabilities are identified before code is executed, but also wants to minimize cost and disruption to developers. Which of the following activities BEST meets this requirement? A. Static application security testing (SAST) B. Dynamic application security testing (DAST) C. Fuzz testing D. Penetration testing

During a security investigation, the incident response team discovers that an attacker has gained persistent access to a critical application server. The attacker appears to be moving laterally inside the network, but the system also supports customer transactions in real time. What is the MOST important action for the incident response team to take FIRST? A. Contain the compromised server to prevent further lateral movement while maintaining business continuity. B. Notify senior management and legal counsel to prepare for potential disclosure obligations. C. Shut down the compromised server immediately to stop the attacker from exfiltrating additional data. D. Begin collecting forensic images of the server for evidence preservation.