During a routine audit, you discover that an employee has been accessing sensitive financial data unrelated to their job function for several months. The activity was flagged by a security information and event management (SIEM) system, but no action was taken. Which process failure is most likely responsible, and how should it be addressed? A. Inadequate user training; implement mandatory security awareness programs. B. Poor SIEM configuration; refine alert thresholds and automate escalations. C. Insufficient monitoring coverage; deploy enhanced data loss prevention (DLP) tools. D. Lack of incident response procedures; create a clear escalation matrix for alerts.

You are responsible for managing a 24/7 Security Operations Center (SOC). Recently, analysts have reported an increase in false positives from intrusion detection systems (IDS), leading to fatigue and delayed responses to actual incidents. What is the most effective solution to address this issue? A. Increase the number of SOC analysts to handle the alert volume. B. Conduct a baseline review of network traffic and fine-tune IDS rule sets. C. Replace the current IDS with an intrusion prevention system (IPS) for better accuracy. D. Implement an automated incident response system to reduce analyst involvement.

An external audit of your organization’s disaster recovery plan reveals that backups are not encrypted, exposing sensitive data to potential breaches during transit or storage. Which of the following should be implemented immediately to address this finding? A. Implement full disk encryption on all backup storage devices. B. Transition to incremental backups to minimize data exposure. C. Configure end-to-end encryption for all backup processes. D. Move backups to a private cloud infrastructure with built-in security.

Your organization has recently deployed a patch management system to automate updates. However, shortly after a critical patch was applied, a key application stopped functioning, disrupting business operations. What is the best way to prevent such incidents in the future? A. Roll back the patch and delay future updates until the issue is resolved. B. Implement a test environment to evaluate patches before deployment. C. Limit patch deployments to non-critical systems during business hours. D. Require vendor verification before applying critical patches.

An organization has a large number of temporary contractors who need access to specific systems for the duration of their projects. Which of the following is the MOST efficient way to manage their identities and access rights? A. Manually create and delete user accounts for each contractor. B. Use a Just-in-Time (JIT) provisioning system. C. Assign all contractors to a generic "contractor" group with broad permissions. D. Require contractors to use their personal social media accounts for authentication.