An organization is selecting a system that must provide strong assurance that all access control decisions are enforced correctly and cannot be bypassed. The evaluation team is considering systems certified under the Common Criteria (ISO/IEC 15408) framework. Which of the following Common Criteria assurance levels BEST meets this requirement? A. EAL2 – Structurally Tested B. EAL4 – Methodically Designed, Tested, and Reviewed C. EAL5 – Semiformally Designed and Tested D. EAL7 – Formally Verified, Designed, and Tested

A company’s security team is planning regular vulnerability assessments of its production systems. Management insists that business operations must not be disrupted during these tests. Which of the following approaches BEST meets this requirement? A. Run authenticated vulnerability scans against production systems during business hours. B. Conduct penetration tests against production systems once per quarter. C. Perform vulnerability scans in a staging environment that mirrors production. D. Schedule uncredentialed vulnerability scans of production systems during off-peak hours.

While performing a security assessment for a client, you discover confidential information that suggests the client’s employees are engaging in activity that may be illegal but is unrelated to the scope of your engagement. According to the ISC2 Code of Ethics, what is the BEST action for you to take? A. Report the activity directly to law enforcement. B. Inform your client’s senior management about the findings. C. Document the evidence and keep it in case it’s needed later. D. Ignore the activity since it is outside the scope of your contract.

A development team is adopting a secure software development lifecycle (SDLC). The security manager wants to ensure that vulnerabilities are identified before code is executed, but also wants to minimize cost and disruption to developers. Which of the following activities BEST meets this requirement? A. Static application security testing (SAST) B. Dynamic application security testing (DAST) C. Fuzz testing D. Penetration testing

During a security investigation, the incident response team discovers that an attacker has gained persistent access to a critical application server. The attacker appears to be moving laterally inside the network, but the system also supports customer transactions in real time. What is the MOST important action for the incident response team to take FIRST? A. Contain the compromised server to prevent further lateral movement while maintaining business continuity. B. Notify senior management and legal counsel to prepare for potential disclosure obligations. C. Shut down the compromised server immediately to stop the attacker from exfiltrating additional data. D. Begin collecting forensic images of the server for evidence preservation.