Data Loss Prevention (DLP) for data at rest is designed to discover and protect sensitive information stored on various media. To scan files, databases, and other stored data, the DLP solution must be installed on the system where the data resides. This is typically a host-based agent installed on endpoints, servers (including file and database servers), or other systems. The agent can scan the local file systems and storage volumes to identify sensitive data based on predefined policies, making the host system the primary location for DLP monitoring of data at rest.

A. A network firewall is a network-based control that inspects data in motion as it traverses the network, not data at rest.

C. An application server primarily deals with data in use. While it accesses data at rest, the DLP scanning function itself resides on the host OS, not within the application logic.

D. A database server is a specific type of host system, but data at rest also exists on file servers and user endpoints. "Host system" is the more comprehensive and accurate answer.

1. Joint Task Force. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53, Revision 5). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-53r5. (Control SI-4, "Information System Monitoring," discusses host-based monitoring).

2. Symantec (a division of Broadcom). (2021). Symantec Data Loss Prevention Administration Guide. (Chapter 1, "Introducing Symantec Data Loss Prevention," Section "About Discover scans for data at rest"). This documentation describes deploying "Discover" servers to scan data repositories.

3. Chapple, M., Stewart, J. M., & Gibson, D. (2021). (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide (9th ed.). Wiley. (Domain 7, "Security Operations," discusses DLP technologies, distinguishing between network-based and host-based solutions).

A baseline is a standardized configuration used as a reference point for building and managing systems, including virtual machines. It defines a known-good state for a system's security settings, software, and policies. Applying a baseline ensures consistency across an environment, simplifies audits, and provides a foundation for further security hardening. It is a fundamental concept in configuration management and operational security.

A. Standardization: This is the process of developing and implementing standards, not the resulting configuration set itself.

C. Hardening: This is the active process of securing a system by reducing its attack surface, which often involves applying a baseline.

D. Redline: This term is unrelated to system configuration; it typically refers to marking edits in a document.

1. National Institute of Standards and Technology (NIST). (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53, Rev. 5). Section 2.3, "Baselines and Tailoring," p. 13. https://doi.org/10.6028/NIST.SP.800-53r5

2. National Institute of Standards and Technology (NIST). (2013). Guide for Security-Focused Configuration Management of Information Systems (NIST Special Publication 800-128). Section 2.2, "Configuration Baselines," p. 8. https://doi.org/10.6028/NIST.SP.800-128

Gathering business requirements is a foundational step in asset management and risk assessment. This process directly helps determine the value of an asset to the business and its criticality to business operations. By understanding which assets support key business functions, it also aids in scoping and building a full inventory. However, "usefulness" is a subjective and informal term. The process of gathering business requirements aims to formalize an asset's importance into quantifiable metrics like value and criticality, moving beyond a simple, non-specific determination of whether it is "useful."

A. Business requirements are essential for identifying which assets are important to the business, thereby directly aiding in the creation and scoping of a full asset inventory.

B. An asset's criticality is determined by the criticality of the business functions it supports, which is a direct output of gathering business requirements.

C. The value of an asset is directly linked to the business requirements it fulfills and the revenue or mission objectives it supports.

1. ISO/IEC. (2022). Information security, cybersecurity and privacy protection — Information security controls (ISO/IEC 27002:2022). Section 5.9, "Inventory of information and other associated assets."

2. National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. Section 2.1, "Framework Core," Function ID.AM-1, which states "Physical devices and systems... are inventoried." The context for this inventory is business requirements.

3. Joint Task Force. (2018). Risk Management Framework for Information Systems and Organizations (NIST Special Publication 800-37, Revision 2). p. 26, Task P-4 "Business/Mission Analysis."

Implementing multi-factor authentication (MFA) for SSH access provides the highest level of security among the options. SSH is an encrypted protocol for secure remote administration. Adding MFA requires at least two distinct forms of verification (e.g., something you know, like a password, and something you have, like a token). This layered defense, also known as defense-in-depth, significantly mitigates the risk of unauthorized access even if credentials are compromised. It is a universally recognized best practice for securing administrative access to critical systems, including cloud servers.

A. Allowing direct internet access increases the attack surface and is a significant security risk, not a protective measure.

B. Using simple username and password authentication is a weak security practice, vulnerable to brute-force and credential stuffing attacks.

C. Disabling logging eliminates the ability to audit access and investigate security incidents, thereby severely weakening security posture.

1. National Institute of Standards and Technology. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53 Rev. 5). Control IA-2, "Identification and Authentication (Organizational Users)," pp. 133-137. This control advocates for multi-factor authentication for network access to privileged accounts.

2. Google Cloud. (2023). Security foundations guide. "Manage user identities" section. This official documentation recommends enforcing MFA for all user accounts, especially those with privileged access, as a fundamental security measure.

3. Microsoft Azure. (2023). Security best practices for IaaS workloads in Azure. "Identity and access management" section. This documentation explicitly states, "Use multi-factor authentication (MFA) for all users."

Vault-based tokenization, a common implementation, works by substituting sensitive data with a non-sensitive equivalent, known as a token. This process requires two distinct data stores. The first is a secure "token vault," which is a database that securely stores the original sensitive data and maps it to its corresponding token. The second is the production database or system where the token is used in place of the original data for business processes. This separation ensures that the sensitive data is isolated from the less secure production environment, significantly reducing the risk of compromise.

A. Personnel: While separation of duties is a good security practice for managing the system, it is not a technical requirement of the tokenization process itself.

B. Authentication factors: These are used to verify user identity and are unrelated to the data substitution process of tokenization.

C. Encryption keys: While the token vault itself must be encrypted, tokenization is primarily a substitution process, not an encryption one. It doesn't require two distinct keys.

1. PCI Security Standards Council. "PCI DSS Tokenization Guidelines" (August 2011). Page 6, "Tokenization System Components," describes the tokenization process, explaining the role of the "token vault" where sensitive data is stored, separate from the systems where tokens are used.

2. Cloud Security Alliance (CSA). "Security Guidance for Critical Areas of Focus in Cloud Computing v4.0" (2017). Domain 5, "Data Security Lifecycle," describes tokenization as replacing data with a random value, which implies a mapping system (vault) separate from where the token is used.

When a vulnerability is discovered in a third-party service, the first and most critical step is to establish a formal and documented line of communication with the vendor. Initiating a detailed incident report provides the necessary technical information, and scheduling a meeting ensures that the issue is formally acknowledged and that a coordinated response can be planned. This aligns with standard incident response and coordinated vulnerability disclosure practices. Acting unilaterally (B, D) or disclosing prematurely (C) can exacerbate the situation, violate service agreements, and damage the relationship with the vendor, hindering a swift resolution. A structured initial contact is essential for effective collaboration and remediation.

B. Ceasing operations is a significant business decision that should be made based on risk assessment, likely after communicating with the vendor, not as a first step.

C. Publicly announcing a vulnerability before the vendor can patch it is irresponsible disclosure and puts all of the vendor's customers at risk.

D. Performing an assessment without notification may violate the cloud service provider's terms of service and could be misinterpreted as a hostile act.

1. National Institute of Standards and Technology (NIST). (2012). Computer Security Incident Handling Guide (NIST Special Publication 800-61, Rev. 2). Section 3.4.3, "Third Party Coordination," Page 49. This section emphasizes establishing contact with external parties, such as vendors, and sharing information to facilitate a coordinated response.

2. International Organization for Standardization. (2019). ISO/IEC 27035-1:2016 - Information technology — Security techniques — Information security incident management — Part 1: Principles of incident management. Clause 7.3, "Information sharing and communication". This standard highlights the importance of having established procedures for communicating with external organizations during an incident.

3. Cloud Security Alliance (CSA). (2017). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. Page 101, Section on Incident Response Lifecycle. The guidance discusses the need for communication and coordination with the cloud provider as part of the incident response process.

Data anonymization is the process of removing or obscuring personally identifiable information (PII) from data sets. This technique ensures that the data subjects cannot be identified, thus protecting their privacy. For the healthcare organization, this allows the research institution to perform statistical analysis and derive insights from the patient data without compromising individual patient confidentiality. Anonymization directly meets the dual requirements of data utility for research and the protection of PII.

A. Data encryption renders data unreadable without a key. To be useful for analysis, it would need to be decrypted, re-exposing the PII.

B. Data masking is a technique used to achieve anonymization, but anonymization is the broader, more accurate term for the overall process and goal described.

D. Data hashing creates a one-way, non-reversible string. It is used for integrity verification, not for preserving data in a format suitable for analytical research.

1. National Institute of Standards and Technology (NIST). (2010). NIST Special Publication 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Section 4.3, De-Identifying Information, pp. 4-4 to 4-5.

2. European Union Agency for Cybersecurity (ENISA). (2015). Big Data Security and Privacy. Section 4.2.1, Anonymisation, p. 22.

3. Cloud Security Alliance (CSA). (2017). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. Domain 5: Data Security and Encryption, p. 68.

Missing function-level access control is a specific type of authorization flaw. It occurs when an application authenticates a user but fails to perform subsequent authorization checks for all functions or resources the user attempts to access. An attacker can exploit this by forging requests to "hidden" administrative or privileged functions that they are not authorized to use. The application incorrectly grants access because it only checked permissions at the initial entry point, not at the level of the specific function being called. This vulnerability is a subset of Broken Access Control.

A. Cross-site request forgery (CSRF) tricks a victim's browser into sending an unwanted request to an application they are logged into; it doesn't exploit a lack of authorization checks.

C. Injection flaws, such as SQL injection, involve tricking an application into executing unintended commands by inserting malicious data into input fields, not bypassing function-level authorization.

D. Cross-site scripting (XSS) is a client-side attack where malicious scripts are injected into trusted websites and executed in the victim's browser, not a server-side authorization failure.

1. OWASP Foundation. (2021). OWASP Top 10:2021. A01:2021-Broken Access Control. Retrieved from https://owasp.org/Top10/A012021-BrokenAccessControl/. (This document details that missing function-level access control is a common example of Broken Access Control).

2. Pauley, W. H. (2010). Web application security assessment: A practical guide for security testers and application developers. Courseware, SANS Institute. SEC542: Web App Penetration Testing and Ethical Hacking. (This courseware extensively covers function-level access control as a key area to test in web applications).

3. Viega, J., & McGraw, G. (2001). Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley. Chapter 6, "Access Control," discusses the principle of checking authorization for every requested function.

A security baseline establishes a standard, minimum level of security configuration for a system or application. The primary goal of a baseline is to ensure consistency and enforce a foundational security posture across the enterprise. To be effective, this standard should be applied as broadly as possible, covering the maximum number of relevant systems. This approach simplifies management, auditing, and compliance by creating a uniform and predictable security environment. While baselines help with compliance and may include settings for alerting, their fundamental purpose is widespread, standardized application.

A. Data breach alerting and reporting is a specific security control that might be part of a baseline, but it does not define the baseline's overall scope.

B. A baseline is a tool to help achieve compliance, but it typically covers technical configurations and may not address all administrative or physical regulatory requirements.

D. Version control is a process for managing changes to the baseline itself, not a component of what the baseline covers on the target systems.

1. National Institute of Standards and Technology (NIST). (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53, Rev. 5). Section 2.3.2, "Baselines," p. 18. "Organizations can implement baselines that are organization-wide, for specific communities of interest, or for specific information systems."

2. National Institute of Standards and Technology (NIST). (2018). Guide for Applying the Risk Management Framework to Federal Information Systems (NIST Special Publication 800-37, Rev. 2). Appendix F, "Security and Privacy Control Baselines," p. 133.

For a multinational corporation with business-critical applications, a multi-region deployment is the most critical architectural component for achieving high availability, scalability, and security. High availability is achieved by distributing the application across geographically separate regions, ensuring that a failure in one region does not cause a total outage. This design provides disaster recovery capabilities. Scalability is enhanced by routing users to the nearest region, reducing latency and allowing infrastructure to scale independently in each region based on local demand. Security is also improved by containing the blast radius of certain attacks or failures to a single region.

A. A Virtual Private Cloud (VPC) provides essential network isolation and security but is typically confined to a single region, thus not providing high availability against regional failures.

C. Cloud storage is a necessary component, but the storage service alone does not define the availability and scalability of the entire application stack.

D. A Content Delivery Network (CDN) improves performance and availability for static content but does not address the availability of the core application logic or databases.

1. Amazon Web Services (AWS). (2020). AWS Well-Architected Framework: Reliability Pillar. "Deploy the workload to multiple locations... For a workload with a high RTO/RPO and a global user base, you can use a multi-region deployment." (p. 15).

2. Microsoft Azure. (2021). Microsoft Azure Well-Architected Framework - Reliability. "To increase availability, you can deploy your application to more than one region. This allows the application to fail over to another region if one region has a failure." (Design principles for reliability, section on "Design for high availability").

3. Armbrust, M., et al. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58. DOI: 10.1145/1721654.1721672. The paper discusses elasticity and availability as key properties of cloud computing, which are architecturally realized through patterns like multi-region deployment.