CASP Exam 2023 with 100% correct answers

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including: 1. Indemnity clauses have identified the maximum liability 2. The data will be hosted and managed outside of the company's geographical location The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project's security consultant recommend as the NEXT step? A. Develop a security exemption, as it does not meet the security policies B. Mitigate the risk by asking the vendor to accept the in-country privacy principles C. Require the solution owner to accept the identified risks and consequences D. Review the entire procurement process to determine the lessons learned C. Require the solution owner to accept the identified risks and consequences An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.) A. Secure storage policies B. Browser security updates C. Input validation D. Web application firewall E. Secure coding standards F. Database activity monitoring C. Input validation F. Database activity monitoring