You have implemented controls to mitigate the threats, vulnerabilities, and impact to your business. Which type of risk is left over?

There are four possible treatments once an assessment has identified a risk. Which risk treatment implements controls to reduce risk?

Which security control scheme do vendors often submit their products to for evaluation, to provide an independent view of product assurance?

Which organization has published the most comprehensive set of controls in its security guideline for the Internet of Things?

Which main reference coupled with the Cloud Security Alliance Guidance comprise the Security Guidance for Critical Areas of Focus in Cloud Computing?

What are the essential characteristics of the reference monitor?

You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

Which option describes the best defense against collusion?

Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

In black box penetration testing, what information is provided to the tester about the target environment?