An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:
✑ Systems containing PII are protected with the minimum control set.
✑ Systems containing medical data are protected at the moderate level.
✑ Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.
Based on the controls classification, which of the following controls would BEST meet these requirements?
A . Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
B . Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
C . Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
D . Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
Answer: D
Latest CAS-003 Dumps Valid Version with 509 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund