An external audit of your organization’s disaster recovery plan reveals that backups are not encrypted, exposing sensitive data to potential breaches during transit or storage. Which of the following should be implemented immediately to address this finding? A. Implement full disk encryption on all backup storage devices. B. Transition to incremental backups to minimize data exposure. C. Configure end-to-end encryption for all backup processes. D. Move backups to a private cloud infrastructure with built-in security.

During a forensic investigation, you discover a file named "passwords.txt" on a compromised workstation. It appears to contain a list of usernames and passwords. What is the MOST important step to take regarding this file? a) Open the file to verify the contents and determine the scope of the potential breach. b) Immediately delete the file to prevent further unauthorized access. c) Securely copy the file to a separate forensic workstation for analysis, ensuring chain of custody. d) Encrypt the file in place and notify the system administrator to change all listed passwords.

You are collecting evidence from a mobile device during a forensic investigation. The device is encrypted and the user is unavailable to provide the password. What is the BEST approach? a) Attempt to crack the encryption using readily available tools. b) Consult with a legal professional to obtain a warrant or other legal authorization to compel the user to provide the password or explore other legal options for accessing the data. c) Erase the device and restore it to factory settings to prevent further access to the encrypted data. d) Return the device to the user, as there is no legal way to access the encrypted data without the password.

What is the approximate percentage distribution of single-choice, multiple-choice, and advanced innovative questions in the CISSP exam?