Which of the following is the BEST way to protect an organization's data assets? - A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. - B. Monitor and enforce adherence to security policies. - C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD). - D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

You’re consulting for a healthcare organization that stores patient records in a hybrid cloud environment. The data is classified as "Highly Confidential." A developer in the team has requested access to production data to troubleshoot issues. The organization lacks a robust data classification enforcement policy. What is the BEST course of action? A. Allow the developer read-only access under supervision. B. Mask or anonymize the data before granting limited access. C. Grant access after requiring the developer to sign a confidentiality agreement. D. Deny access and escalate the request to the compliance team.

Which of the following would BEST describe the role directly responsible for data within an organization? A. Data Custodian B. Information Owner C. Database Administrator D. Quality Control

Which of the following access control models is most commonly associated with mandatory access control (MAC) and is used in environments where classification labels are applied?

Your organization has recently undergone a merger, and as the CISO, you are tasked with aligning security policies and risk management practices across both companies. You discover that one company uses a risk tolerance model based on quantitative assessments, while the other relies on qualitative risk matrices. You must produce a combined risk register and recommend a unified risk strategy. Senior leadership is pressing for a decision that allows consistent prioritization of risks across business units. What should you do first? A. Adopt the qualitative risk model from the second company for simplicity and faster implementation. B. Implement the quantitative model to maintain accuracy and support insurance negotiations. C. Conduct a business impact analysis (BIA) to inform which model best supports the new organization. D. Merge the two models to balance simplicity and rigor without needing further analysis.