Business Email Compromise (BEC)is atargeted phishing attackin whichattackers impersonate executives or high-ranking officials(such as a CEO) to manipulate employees intotransferring money or providing sensitive data. Since the request is coming from the CEO's corporate email (possibly spoofed or compromised), this is aclassic example of BEC.
Phishing (B)is a broader term but typically involvesmassfraudulent emails rather than targeted executive impersonation.
Brand impersonation (C)involves faking a company's identity (e.g., fake PayPal emails).
Pretexting (D)involves social engineering tactics but does not necessarily involve email compromise.
Reference:CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.

ACertificate Revocation List (CRL)is adigitally signed list maintained by a Certificate Authority (CA) that containsrevoked or expired certificates. This prevents clients from trustingcompromised or outdated certificates.
* TPM (A)is a hardware security module, unrelated to certificate revocation.
* PKI (C)is the overall system managing digital certificates, but it does not store revocation lists.
* CSR (D)is a request to obtain a certificate, not to revoke one.

Due diligence in this context involves evaluating the security, availability, processing integrity, confidentiality, and privacy of the SaaS application by reviewing the SOC 2 report provided by the vendor. This process helps ensure that the vendor meets the required security and operational standards before the SaaS application is implemented.

Detailed Explanation:Firewall logs provide details of all network traffic, including connections to and from IoT devices. They are typically the first source of evidence for identifying the time of an exploit. Reference:
CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Log Analysis for Incident Response".