Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium ECCouncil 212-82 Dumps Questions Answers

Page: 1 / 12
Total 161 questions

Certified Cybersecurity Technician (CCT) Questions and Answers

Question 1

NexaCorp. an enterprise with a robust Linux infrastructure, has been facing consistent downtimes without any apparent reasons. The company’s initial investigation suggests possible unauthorized system-level changes. NexaCorp’s IT team realizes that It needs to monitor andanalyze system logs more efficiently to pinpoint the cause. What would be the optimal approach for NexaCorp to monitor and analyze its Linux system logs to detect and prevent unauthorized changes?

Options:

A.

Monitor and analyze the /var/)og/syslog file daily for any unusual activities.

B.

Set up an automated script to send alerts if the last' command shows unexpected users.

C.

Implement a SIEM system that centralizes, correlates, and analyzes logs in real-time.

D.

Only focus on monitoring SSH logs since most changes likely come through remote access.

Buy Now
Question 2

Miguel, a professional hacker, targeted an organization to gain illegitimate access to its critical information. He identified a flaw in the end-point communication that can disclose the target application's data.

Which of the following secure application design principles was not met by the application in the above scenario?

Options:

A.

Secure the weakest link

B.

Do not trust user input

C.

Exception handling

D.

Fault tolerance

Question 3

TechTonic, a leading software solution provider, is incorporating stringent cybersecurity measures for their Windows-based server farm. Recently, it noticed a series of unauthorized activities within its systems but could not trace back tot he origins. The company Intends to bolster Its monitoring capabilities by comprehensively analyzing Windows system logs. Which strategy should TechTonic prioritize to gain an insightful and effective analysis of its Windows logs, aiming to trace potential intrusions?

Options:

A.

Implement a centralized logging server and analyze logs using pattern-detection algorithms.

B.

Set up monitoring only for Windows Event Log IDs commonly associated with security breaches.

C.

Routinely back up logs every week and conduct a monthly manual review to detect anomalies.

D.

Focus solely on logs from critical servers, assuming other logs are less consequential.

Question 4

As the IT security manager for a burgeoning e-commerce company, you're keen on implementing a formal risk management framework to proactively tackle security risks associated with the company's rapid online expansion. Given your focus one-commerce and the need for scalability, which risk management framework is likely the most relevant?

Options:

A.

ISO 27001 - Provides a comprehensive information security management system (ISMS).

B.

NIST Cybersecurity Framework (CSF) - Offers a general, customizable approach.

C.

PCI DSS (Payment Card Industry Data Security Standard) - Targets credit card data security specifically.

D.

COBIT (Control Objectives for Information and Related Technology) - Focuses on IT governance and control processes.

Question 5

Matias, a network security administrator at an organization, was tasked with the implementation of secure wireless network encryption for their network. For this purpose, Matias employed a security solution that uses 256-bit Galois/Counter Mode Protocol (GCMP-256) to maintain the authenticity and confidentiality of data.

Identify the type of wireless encryption used by the security solution employed by Matias in the above scenario.

Options:

A.

WPA2 encryption

B.

WPA3 encryption

C.

WEP encryption

D.

WPA encryption

Question 6

Mark, a security analyst, was tasked with performing threat hunting to detect imminent threats in an organization's network. He generated a hypothesis based on the observations in the initial step and started the threat-hunting process using existing data collected from DNS and proxy logs.

Identify the type of threat-hunting method employed by Mark in the above scenario.

Options:

A.

Entity-driven hunting

B.

TTP-driven hunting

C.

Data-driven hunting

D.

Hybrid hunting

Question 7

An FTP server has been hosted in one of the machines in the network. Using Cain and Abel the attacker was able to poison the machine and fetch the FTP credentials used by the admin. You're given a task to validate the credentials that were stolen using Cain and Abel and read the file flag.txt

Options:

A.

white@hat

B.

red@hat

C.

hat@red

D.

blue@hat

Question 8

The incident handling and response (IH&R) team of an organization was handling a recent cyberattack on the organization's web server. Fernando, a member of the IH&P team, was tasked with eliminating the root cause of the incident and closing all attack vectors to prevent similar incidents in future. For this purpose. Fernando applied the latest patches to the web server and installed the latest security mechanisms on it. Identify the IH&R step performed by Fernando in this scenario.

Options:

A.

Notification

B.

Containment

C.

Recovery

D.

Eradication

Question 9

Kayden successfully cracked the final round of interviews at an organization. After a few days, he received his offer letter through an official company email address. The email stated that the selected candidate should respond within a specified time. Kayden accepted the opportunity and provided an e-signature on the offer letter, then replied to the same email address. The company validated the e-signature and added his details to their database. Here, Kayden could not deny the company's message, and the company could not deny Kayden's signature.

Which of the following information security elements was described in the above scenario?

Options:

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Question 10

A large multinational corporation is In the process of upgrading its network infrastructure to enhance security and protect sensitive data. As part of the upgrade, the IT team is considering implementing stateful multilayer inspection firewalls and application-level gateway firewalls.

How do stateful multilayer inspection firewalls differ from application-level gateway firewalls in terms of their packet filtering capabilities and the layers of the OSI model they inspect?

Options:

A.

Stateful multilayer inspection firewalls are more expensive and require competent personnel to administer them, while application-level gateway firewalls evaluate network packets for valid data at the application layer.

B.

Stateful multilayer inspection firewalls track and maintain session information between hosts, while application-level gateway firewalls control input, output, and access across applications or services.

C.

Stateful multilayer inspection firewalls focus on inspecting packets at the application layer, while application-level gateway firewalls primarily filter packets at the network layer.

D.

Stateful multilayer inspection firewalls filter traffic based on specified application rules, applications, or protocols, while application-level gateway firewalls allow unknown traffic up to level 2 of the network stack.

Question 11

A disgruntled employee transferred highly confidential tender data of upcoming projects as an encoded text. You are assigned to decode the text file snitch.txt located in the Downloads folder of the Attacker Machined and determine the value of the greenfarm project in dollars. Hint 1: All the cryptography tools are located at "Z:\CCT-Tools\CCT Module 14 Cryptography". Hint 2: If required, you can use sniffer@123 as the password to decode the file. (Practical Question)

Options:

A.

9S000

B.

36000

C.

80000

D.

75000

Question 12

You are Harris working for a web development company. You have been assigned to perform a task for vulnerability assessment on the given IP address 20.20.10.26. Select the vulnerability that may affect the website according to the severity factor.

Hint: Greenbone web credentials: admin/password

Options:

A.

TCP timestamps

B.

Anonymous FTP Login Reporting

C.

FTP Unencrypted Cleartext Login

D.

UDP timestamps

Question 13

Martin, a network administrator at an organization, received breaching alerts for an application. He identified that a vulnerability in the application allowed attackers to enter malicious input. Martin evaluated the threat severity and extent of damage that could be caused by this vulnerability. He then escalated the issue to the security management team to determine appropriate mitigation strategies. In which of the following threat-modeling steps did Martin evaluate the severity level of the threat?

Options:

A.

Identify vulnerabilities

B.

Application overview

C.

Risk and impact analysis

D.

Decompose the application

Question 14

A renowned research institute with a high-security wireless network recently encountered an advanced cyber attack. The attack was not detected by traditional security measures andresulted in significant data exfiltration. The wireless network was equipped with WPA3 encryption, MAC address filtering, and had disabled SSID broadcasting. Intriguingly. the attack occurred without any noticeable disruption or changes in network performance. After an exhaustive forensic analysis, the cybersecurity team pinpointed the attack method. Which of the following wireless network-specific attacks was most likely used?

Options:

A.

Jamming Attack, disrupting network communications with interference signals

B.

Evil Twin Attack, where a rogue access point mimics a legitimate one to capture network traffic

C.

Bluesnarfing. exploiting Bluetooth connections to access network data

D.

KRACK (Key Reinstallation Attack), exploiting vulnerabilities in the WPA2 protocol

Question 15

As a Virtualization Software Engineer/Analyst, you are employed on a Project with Alpha Inc. Company, the OS Virtualization is used for isolation of Physical/Base OS with the Hypervisor OS. What is the security benefit of OS virtualization in terms of isolation?

Options:

A.

Virtual machines can freely access the resources of other VMs on the same host.

B.

Virtual machines are isolated from each other, preventing a security breach in one from impacting others.

C.

A compromised virtual machine can easily infect the physical host and other VMs.

D.

OS virtualization offers no security benefits in isolation.

Question 16

Karter, a security professional, deployed a honeypot on the organization's network for luring attackers who attempt to breach the network. For this purpose, he configured a type of honeypot that simulates a real OS as well as the applications and services of a target network. Furthermore, the honeypot deployed by Karter only responds to pre-configured commands.

Identify the type of Honeypot deployed by Karter in the above scenario.

Options:

A.

Low-interaction honeypot

B.

Pure honeypot

C.

Medium-interaction honeypot

D.

High-interaction honeypot

Question 17

Leilani, a network specialist at an organization, employed Wireshark for observing network traffic. Leilani navigated to the Wireshark menu icon that contains items to manipulate, display and apply filters, enable, or disable the dissection of protocols, and configure user-specified decodes.

Identify the Wireshark menu Leilani has navigated in the above scenario.

Options:

A.

Statistics

B.

Capture

C.

Main toolbar

D.

Analyze

Question 18

Hayes, a security professional, was tasked with the implementation of security controls for an industrial network at the Purdue level 3.5 (IDMZ). Hayes verified all the possible attack vectors on the IDMZ level and deployed a security control that fortifies the IDMZ against cyber-attacks.

Identify the security control implemented by Hayes in the above scenario.

Options:

A.

Point-to-po int communication

B.

MAC authentication

C.

Anti-DoS solution

D.

Use of authorized RTU and PLC commands

Question 19

Nicolas, a computer science student, decided to create a guest OS on his laptop for different lab operations. He adopted a virtualization approach in which the guest OS will not be aware that it is running in a virtualized environment. The virtual machine manager (VMM) will directly interact with the computer hardware, translate commands to binary instructions, and forward them to the host OS.

Which of the following virtualization approaches has Nicolas adopted in the above scenario?

Options:

A.

Hardware-assisted virtualization

B.

Full virtualization

C.

Hybrid virtualization

D.

OS-assisted virtualization

Question 20

In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point. The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.

Which of the following types of physical locks is used by the organization in the above scenario?

Options:

A.

Digital locks

B.

Combination locks

C.

Mechanical locks

D.

Electromagnetic locks

Question 21

A software company is developing a new software product by following the best practices for secure application development. Dawson, a software analyst, is checkingthe performance of the application on the client's network to determine whether end users are facing any issues in accessing the application.

Which of the following tiers of a secure application development lifecycle involves checking the performance of the application?

Options:

A.

Development

B.

Testing

C.

Quality assurance (QA)

D.

Staging

Question 22

Leo has walked to the nearest supermarket to purchase grocery. At the billing section, the billing executive scanned each product's machine-readable tag against a readable machine that automatically reads the product details, displays the prices of the individual product on the computer, and calculates the sum of those scanned items. Upon completion of scanning all the products, Leo has to pay the bill.

Identify the type of short-range wireless communication technology that the billing executive has used in the above scenario.

Options:

A.

Radio-frequency identification (RFID)

B.

Near-field communication (NFC)

C.

QUIC

D.

QR codes and barcodes

Question 23

The SOC department in a multinational organization has collected logs of a security event as

"Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the

-Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is

4625.)

(Practical Question)

Options:

A.

10.10.1.12

B.

10.10.1.10

C.

10.10.1.16

D.

10.10.1.19

Question 24

Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.

Which of the following points must Shawn follow while preserving the digital evidence? (Choose three.)

Options:

A.

Never record the screen display of the device

B.

Turn the device ON if it is OFF

C.

Do not leave the device as it is if it is ON

D.

Make sure that the device is charged

Question 25

A major metropolitan municipal corporation had deployed an extensive loT network for managing various facilities in the city. A recent cyber attack has paralyzed the city’s vital services, bringing them to a complete halt. The Security Operations Center (SOC) has captured the network traffic during the attack and stored It as loT_capture.pcapng in the Documents folder of the Attacker Machine-1. Analyze the capture file and identify the command that was sent to the loT devices over the network. (Practical Question)

Options:

A.

Woodland_Blaze_ Warninggil

B.

Woodland_Blaze_Warning999

C.

Nature_Blaze_Warning555

D.

Forest_Fire_Alert444

Question 26

Elliott, a security professional, was appointed to test a newly developed application deployed over an organizational network using a Bastion host. Elliott initiated the process by configuring the nonreusable bastion host. He then tested the newly developed application to identify the presence of security flaws that were not yet known; further, he executed services that were not secure. identify the type of bastion host configured by Elliott in the above scenario.

Options:

A.

External services hosts

B.

Victim machines

C.

One-box firewalls

D.

Non-routing dual-homed hosts

Question 27

Kaison. a forensic officer, was investigating a compromised system used for various online attacks. Kaison initiated the data acquisition process and extracted the data from the systems DVD-ROM. Which of the following types of data did Kaison acquire in the above scenario?

Options:

A.

Archival media

B.

Kernel statistics

C.

ARP cache

D.

Processor cache

Question 28

In an advancedcybersecurity research lab. a team Is working on developing a new cryptographicprotocol to secure highly sensitive communication. Their goal is to create aprotocol that is resilient against quantum computing attacks, which couldpotentially break many current encryption methods. During their research, theyfocus on the use of hash functions in their protocol. The team experiments withvarious hash functions to ensure the highest level of security. Considering thethreat of quantum computing, which of the following hash functions would be themost appropriate choice fortheir protocol?

Options:

A.

SHA-256, due to its widespread use and proven security track record

B.

MD5, for its speed and efficiency in generating hash values

C.

HMAC. for its ability to provide data integrity and authentication

D.

SHA-3. as it is designed to be resistant against quantum computing attacks

Question 29

FinTech Corp, a financial services software provider, handles millions of transactions daily. To address recent breaches In other organizations. It Is reevaluating Its data security controls. It specifically needs a control that will not only provide real-time protection against threats but also assist in achieving compliance with global financial regulations. The company's primary goal is to safeguard sensitive transactional data without impeding system performance. Which of the following controls would be the most suitable for FinTech Corp's objectives?

Options:

A.

Switching to disk-level encryption for all transactional databases

B.

Implementing DLP (Data Loss Prevention) systems

C.

Adopting anomaly-based intrusion detection systems

D.

Enforcing Two-Factor Authentication for all database access

Question 30

A global financial services firm Is revising its cybersecurity policies to comply with a diverse range of international regulatory frameworks and laws. The firm operates across multiple continents, each with distinct legal requirements concerning data protection, privacy, and cybersecurity. As part of their compliance strategy, they are evaluating various regulatory frameworks to determine which ones are most critical to their operations. Given the firm's international scope and the nature of its services, which of the following regulatory frameworks should be prioritized for compliance?

Options:

A.

ISO 27001 Information Security Management System

B.

ISO 27002 Code of Practice for information security controls

C.

Qceneral Data Protection Regulation (CDPR) - European Union

D.

NIST Cybersecurity Framework

Question 31

RAT has been setup in one of the machines connected to the network to steal the important Sensitive corporate docs located on Desktop of the server, further investigation revealed the IP address of the server 20.20.10.26. Initiate a remote connection using thief client and determine the number of files present in the folder.

Hint: Thief folder is located at: Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1.

Options:

A.

2

B.

4

C.

3

D.

5

Question 32

Jaden, a network administrator at an organization, used the ping command to check the status of a system connected to the organization's network. He received an ICMP error message stating that the IP header field contains invalid information. Jaden examined the ICMP packet and identified that it is an IP parameter problem.

Identify the type of ICMP error message received by Jaden in the above scenario.

Options:

A.

Type =12

B.

Type = 8

C.

Type = 5

D.

Type = 3

Question 33

Kayden successfully cracked the final round of interviews at an organization. After a few days, he received his offer letter through an official company email address. The email stated that the selected candidate should respond within a specified time. Kayden accepted the opportunity and provided an e-signature on the offer letter, then replied to the same email address. The company validated the e-signature and added his details to their database. Here, Kayden could not deny the company's message, and the company could not deny Kayden's signature.

Which of the following information security elements was described in the above scenario?

Options:

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Question 34

Malachi, a security professional, implemented a firewall in his organization to trace incoming and outgoing traffic. He deployed a firewall that works at the session layer of the OSI model and monitors the TCP handshake between hosts to determine whether a requested session is legitimate.

Identify the firewall technology implemented by Malachi in the above scenario.

Options:

A.

Next generation firewall (NGFW)

B.

Circuit-level gateways

C.

Network address translation (NAT)

D.

Packet filtering

Question 35

The IH&R team in an organization was handling a recent malware attack on one of the hosts connected to the organization's network. Edwin, a member of the IH&R team, was involved in reinstating lost data from the backup media. Before performing this step, Edwin ensured that the backup does not have any traces of malware.

Identify the IH&R step performed by Edwin in the above scenario.

Options:

A.

Eradication

B.

Incident containment

C.

Notification

D.

Recovery

Question 36

Ayden works from home on his company's laptop. During working hours, he received an antivirus software update notification on his laptop. Ayden clicked on the update button; however, the system restricted the update and displayed a message stating that the update could only be performed by authorized personnel. Which of the following PCI-DSS requirements is demonstrated In this scenario?

Options:

A.

PCI-DSS requirement no 53

B.

PCI-DSS requirement no 1.3.1

C.

PCI-DSS requirement no 5.1

D.

PCI-DSS requirement no 1.3.2

Question 37

A company decided to implement the cloud infrastructure within its corporate firewall 10 secure sensitive data from external access. The company invested heavily in creating a cloud architecture within its premises to manage full control over its corporate data. Which of the following types of cloud deployment models did the company implement in this scenario?

Options:

A.

Multi cloud

B.

Public cloud

C.

Private cloud

D.

Community cloud

Question 38

Stella purchased a smartwatch online using her debit card. After making payment for the product through the

payment gateway, she received a transaction text message with a deducted and available balance from her

bank.

Identify the information security element that ensures that Stella's transaction status is immediately reflected in her bank account in this scenario.

Options:

A.

Non-repudiation

B.

Integrity

C.

Availability

D.

Confidentiality

Question 39

Sam, a software engineer, visited an organization to give a demonstration on a software tool that helps in business development. The administrator at the organization created a least privileged account on a system and allocated that system to Sam for the demonstration. Using this account, Sam can only access the files that are required for the demonstration and cannot open any other file in the system.

Which of the following types of accounts the organization has given to Sam in the above scenario?

Options:

A.

Service account

B.

Guest account

C.

User account

D.

Administrator account

Question 40

In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point. The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.

Which of the following types of physical locks is used by the organization in the above scenario?

Options:

A.

Digital locks

B.

Combination locks

C.

Mechanical locks

D.

Electromagnetic locks

Question 41

Riley sent a secret message to Louis. Before sending the message, Riley digitally signed the message using his private key. Louis received the message, verified the digital signature using the corresponding key to ensure that the message was not tampered during transit.

Which of the following keys did Louis use to verify the digital signature in the above scenario?

Options:

A.

Riley's public key

B.

Louis's public key

C.

Riley's private key

D.

Louis's private key

Question 42

Andre, a security professional, was tasked with segregating the employees' names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).

Which of the following techniques was employed by Andre in the above scenario?

Options:

A.

Tokenization

B.

Masking

C.

Hashing

D.

Bucketing

Question 43

You are the lead cybersecurity specialist at a cutting-edge tech organization that specializes In developing artificial intelligence (Al)products for clients across various sectors. Given the sensitivity and proprietary nature of your products, ensuring top-notch security is of paramount importance. Late one evening, you receive an alert from your threat Intelligence platform about potential vulnerabilities In one of the third-party components your Al products heavily rely upon. This component is known to have integration points with several key systems within your organization. Any successful exploitation of this vulnerability could grant attackers unparalleled access to proprietary algorithms and client-specific modifications, which could be catastrophic in the wrong hands.

While you are analyzing the threat’s details, a member of your team identifies several unusual patterns of data access, suggesting that the vulnerability might already have been exploited. The potential breach's initial footprint suggests a highly sophisticated actor, possibly even a nation-state entity. Given the gravity of the situation and the potential consequences of a full-blown breach, what should be your immediate course of action to address the incident and ensure minimal risk exposure?

Options:

A.

Engage an external cybersecurity consultancy with expertise in nation-state level threats. Collaborate to devise a mitigation strategy while also running parallel investigations to understand the full scope of the breach.

B.

Disconnect the potentially compromised systems from the network, archive all logs and related data for future analysis, and shift core services to backup systems ensuring business continuity.

C.

Alert the organization s legal and PR teams, preparing a communication strategy to notify clients and the public about the potential breach, ensuring transparency and proactive damage control.

D.

Initiate an emergency patching protocol, immediately updating all instances of the vulnerable component across your infrastructure and closely monitor the network for further unusual activities.

Question 44

An organization hired a network operations center (NOC) team to protect its IT infrastructure from external attacks. The organization utilized a type of threat intelligence to protect its resources from evolving threats. The threat intelligence helped the NOC team understand how attackers are expected to perform an attack on the organization, identify the information leakage, and determine the attack goals as well as attack vectors.

Identify the type of threat intelligence consumed by the organization in the above scenario.

Options:

A.

Operational threat intelligence

B.

Strategic threat intelligence

C.

Technical threat intelligence

D.

Tactical threat intelligence

Question 45

You are the chief cybersecurity officer at a multi-national corporation, which specializes in satellite-based communication systems. Recently, you transitioned to a more advanced system architecture that includes multiple ground stations globally. These stations synchronize and communicate via a central hub that manages the distribution of encrypted data across the network. Upon reviewing the quarterly network logs, you uncover a series of sophisticated intrusions. These intrusions are intermittently taking place inground stations located in three continents. Evidence suggests that these attacks are coordinated, aiming to map out the network's communication paths, likely in preparation for a much larger scale cyber-attack. Further investigation uncovers small pockets of malware within the system, specifically designed to circumvent your current security controls. Given the criticality of ensuring uninterrupted satellite communication, which countermeasure would be most effective in thwarting these intrusions, ensuring data integrity, and maintaining the operational status of your satellite communication systems?

Options:

A.

Enhance end-point security solutions at each ground station, focusing on advanced malware detection, eradication, and prevention.

B.

Implement air-gapped systems for each ground station to ensure complete isolation, minimizing the risk of malware spread and external intrusions.

C.

Deploy an advanced network segmentation strategy, ensuring each ground station operates in a micro-segmented environment, with real-time threat monitoring and dynamic policy adjustments.

D.

Rollback the system to its previous architecture, while launching a thorough investigation into the identified intrusions and taking the necessary legal actions.

Question 46

Alpha Finance, a leading banking institution, is launching anew mobile banking app. Given the sensitive financial data involved, it wants to ensure that Its application follows the best security practices. As the primary recommendation, which guideline should Alpha Finance prioritize?

Options:

A.

Embedding an antivirus within the app

B.

Employing multi-factor authentication (MFA) for user logins

C.

Providing an in-app VPN for secure transactions

D.

Encouraging users to update to the latest version of their OS

Question 47

Charlie, a security professional in an organization, noticed unauthorized access and eavesdropping on the WLAN. To thwart such attempts, Charlie employed an encryption mechanism that used the RC4 algorithm to encrypt information in the data link layer. Identify the type of wireless encryption employed by Charlie in the above scenario.

Options:

A.

TKIP

B.

WEP

C.

AES

D.

CCMP

Question 48

Galactic Innovations, an emerging tech start-up. Is developing a proprietary software solution that will be hosted on a cloud platform. The software, designed for real-time communication and collaboration, aims to cater to global users, including top-tier businesses. As the software grows in complexity, the company recognizes the need for a comprehensive security standard that aligns with global best practices. The Intention is to enhance trustworthiness among potential clients and ensure that the application meets industry-accepted criteria, particularly in the face of increasing cyberthreats. Considering the company's requirements and the international nature of its user base, which software security standard, model, or framework should Galactic Innovations primarily focus on adopting?

Options:

A.

ISAS

B.

QlSO/IEC 27001:2013

C.

GCSP

D.

USAM

Page: 1 / 12
Total 161 questions