After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls.
Which of the following controls should be verified? (Choose two.)

A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise.
Which of the following would BEST reduce log noise for the SOC?

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras.
The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third-party organization, and it is now being used heavily despite lacking the following controls:
* Certificate pinning
* Tokenization
* Biometric authentication
The company has already implemented the following controls:
* Full device encryption
* Screen lock
* Device password
* Remote wipe
The company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?