A company’s security team is planning regular vulnerability assessments of its production systems. Management insists that business operations must not be disrupted during these tests. Which of the following approaches BEST meets this requirement? A. Run authenticated vulnerability scans against production systems during business hours. B. Conduct penetration tests against production systems once per quarter. C. Perform vulnerability scans in a staging environment that mirrors production. D. Schedule uncredentialed vulnerability scans of production systems during off-peak hours.

An organization is classifying its data to ensure proper handling. A security manager notices that some employees are sending sensitive financial reports through unsecured email because the classification label is not clearly understood. What is the BEST action the organization should take to address this issue? A. Enforce encryption on all outbound email by default. B. Provide mandatory training on data classification and handling requirements. C. Revise the classification scheme to use simpler and clearer labels. D. Implement a data loss prevention (DLP) solution to block unencrypted sensitive emails.

An organization wants to implement digital signatures to ensure integrity and non-repudiation of sensitive documents exchanged between business partners. Which of the following BEST describes how a digital signature is created? A. The sender encrypts the message with their private key, and the recipient decrypts it with the sender’s public key. B. The sender hashes the message and encrypts the hash with their private key; the recipient verifies it with the sender’s public key. C. The sender encrypts the message with the recipient’s public key, and the recipient decrypts it with their private key. D. The sender hashes the message and encrypts the hash with the recipient’s public key; the recipient decrypts it with their private key.

A big thank you to May Brooks-Kempler for sharing her expertise in today’s Masterclass, and to everyone in our community who joined and made it a success. We’re glad we could bring you this opportunity to learn directly from one of the best. Stay tuned for more exciting collaborations with May! 🙏 Please join us in thanking May in the comments. Let us know your biggest takeaway from the session.

A security analyst receives an alert that several internal hosts are communicating with a known command-and-control server. The intrusion detection system (IDS) flagged the activity, but business-critical processes are running on the affected systems. What should the incident response team do FIRST? A. Disconnect the affected systems from the network immediately. B. Validate the IDS alert to confirm whether the activity is a true positive. C. Notify senior management of a confirmed breach. D. Begin forensic imaging of the affected systems.