Which of the following controls primarily detects abuse of privilege but does not prevent it?

A company recently migrated to a SaaS-based email solution. The solution is configured as follows.
* Passwords are synced to the cloud to allow for SSO
* Cloud-based antivirus is enabled
* Cloud-based anti-spam is enabled
* Subscription-based blacklist is enabled
Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review. Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?

A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?