712-50 Exam Results

For a retail store, compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) is crucial, as it governs the secure handling of cardholder data and ensures the safety of payment transactions. ISO 27002 (B) and the NIST Cybersecurity Framework (C) offer general guidelines, while FedRAMP (D) applies to government cloud services, making them less critical to retail-specific compliance needs.

Relevance to the Breach:

The analysis highlighted insider threats, lack of least privilege, and weak access controls as root causes.

Monitoring and minimizing the number of users with elevated privileges directly addresses these vulnerabilities.

Why Not Other Options:

A: Monitoring third-party access is important but not directly tied to insider threats.

B: Vulnerability management is relevant but unrelated to least privilege or access control.

D: Certificate issues pertain to encryption, not insider threats or access controls.

References:

EC-Council CISO Handbook: Metrics for Access Control and Insider Threat Management.

Sanitizing datasets ensures that sensitive information is removed or anonymized before AI products are developed or deployed. This mitigates risks associated with data breaches or unauthorized use of data, especially in sensitive industries like banking. While hashing, encrypting, or deleting datasets provides security, sanitization is critical to protect privacy and comply with regulations like GDPR or CCPA, particularly when handling AI datasets.

An Acceptable Use Policy (AUP) is a critical component of an information security plan, as it defines acceptable and unacceptable actions for system and resource usage. It ensures users understand their responsibilities, reducing risks from misuse or negligence. While account management (A), training (B), and remote access (D) policies are important, the AUP provides the broad foundational guidance for user behavior.