Roger's organisation suffered a breach of customer credit card records, under there terms of PCI DSS, what organisation may choose to purse an investigation of this matter? A: FBI B: Local law enforcement. C: Bank D: PCI SSC. Provide detailed rationale

Question: A multinational corporation is migrating its most critical applications to a hybrid cloud environment. The CIO is concerned about the following risks: - Data exfiltration by malicious insiders at the cloud provider - Inconsistent enforcement of data classification policies across jurisdictions - Difficulty proving compliance during external audits The company already uses encryption, strict IAM controls, and third-party risk assessments. Which of the following security approaches would BEST address the CIO’s concerns? A. Implement tokenization of sensitive data before it enters the cloud environment B. Require the cloud provider to sign a detailed SLA with strong penalties for non-compliance C. Adopt a cloud access security broker (CASB) for centralized visibility and policy enforcement D. Use homomorphic encryption to allow computations on encrypted data without exposing raw data

A financial institution is designing its disaster recovery strategy. Management states that after a disruption, customer-facing services must be restored within four hours, and no more than 30 minutes of customer transaction data can be lost. Which of the following BEST describes these requirements? A. RTO = 30 minutes, RPO = 4 hours B. RTO = 4 hours, RPO = 30 minutes C. RTO = 4 hours, RPO = 4 hours D. RTO = 30 minutes, RPO = 30 minutes

An organization is selecting a system that must provide strong assurance that all access control decisions are enforced correctly and cannot be bypassed. The evaluation team is considering systems certified under the Common Criteria (ISO/IEC 15408) framework. Which of the following Common Criteria assurance levels BEST meets this requirement? A. EAL2 – Structurally Tested B. EAL4 – Methodically Designed, Tested, and Reviewed C. EAL5 – Semiformally Designed and Tested D. EAL7 – Formally Verified, Designed, and Tested

An organization is classifying its data to ensure proper handling. A security manager notices that some employees are sending sensitive financial reports through unsecured email because the classification label is not clearly understood. What is the BEST action the organization should take to address this issue? A. Enforce encryption on all outbound email by default. B. Provide mandatory training on data classification and handling requirements. C. Revise the classification scheme to use simpler and clearer labels. D. Implement a data loss prevention (DLP) solution to block unencrypted sensitive emails.