Roger's organisation suffered a breach of customer credit card records, under there terms of PCI DSS, what organisation may choose to purse an investigation of this matter? A: FBI B: Local law enforcement. C: Bank D: PCI SSC. Provide detailed rationale

Question: A multinational corporation is migrating its most critical applications to a hybrid cloud environment. The CIO is concerned about the following risks: - Data exfiltration by malicious insiders at the cloud provider - Inconsistent enforcement of data classification policies across jurisdictions - Difficulty proving compliance during external audits The company already uses encryption, strict IAM controls, and third-party risk assessments. Which of the following security approaches would BEST address the CIO’s concerns? A. Implement tokenization of sensitive data before it enters the cloud environment B. Require the cloud provider to sign a detailed SLA with strong penalties for non-compliance C. Adopt a cloud access security broker (CASB) for centralized visibility and policy enforcement D. Use homomorphic encryption to allow computations on encrypted data without exposing raw data

A financial institution is designing its disaster recovery strategy. Management states that after a disruption, customer-facing services must be restored within four hours, and no more than 30 minutes of customer transaction data can be lost. Which of the following BEST describes these requirements? A. RTO = 30 minutes, RPO = 4 hours B. RTO = 4 hours, RPO = 30 minutes C. RTO = 4 hours, RPO = 4 hours D. RTO = 30 minutes, RPO = 30 minutes

Which of the following are all elements of a disaster recovery plan (DRP)? A. Document the actual location of the Offsite Recovery Point (ORP), developing an incident notification procedure, evaluating costs of critical components B. Document the actual location of the Offsite Recovery Point (ORP), developing an incident notification procedure, establishing recovery locations C. Maintain proper documentation of all server logs, developing an incident notification procedure, establishing recovery locations D. Document the actual location of the Offsite Recovery Point (ORP), recording minutes at all Offsite Recovery Point (ORP) planning sessions, establishing recovery locations

An organization is selecting a system that must provide strong assurance that all access control decisions are enforced correctly and cannot be bypassed. The evaluation team is considering systems certified under the Common Criteria (ISO/IEC 15408) framework. Which of the following Common Criteria assurance levels BEST meets this requirement? A. EAL2 – Structurally Tested B. EAL4 – Methodically Designed, Tested, and Reviewed C. EAL5 – Semiformally Designed and Tested D. EAL7 – Formally Verified, Designed, and Tested