A company’s security team is planning regular vulnerability assessments of its production systems. Management insists that business operations must not be disrupted during these tests. Which of the following approaches BEST meets this requirement? A. Run authenticated vulnerability scans against production systems during business hours. B. Conduct penetration tests against production systems once per quarter. C. Perform vulnerability scans in a staging environment that mirrors production. D. Schedule uncredentialed vulnerability scans of production systems during off-peak hours.

Which of the following controls BEST prevents unauthorized individuals from tailgating into a secure facility? A. Closed-circuit television (CCTV) monitoring B. Security guard patrols at building entrances C. Installation of a mantrap with biometric authentication D. Posting security awareness signs reminding employees not to hold doors open

During normal monitoring, the SOC identifies unusual outbound traffic from a critical database server. Initial analysis suggests the data may be exfiltrating to an external IP address. What should the incident response team do FIRST? A. Shut down the database server immediately to stop the data leak. B. Escalate to senior management and legal counsel for notification decisions. C. Collect volatile system memory and network session data from the affected server. D. Contact law enforcement to report the potential breach.