IAM (Identity and Access Management) setup based on the questions is Time-based Access Management, which is another words Time-of-day restrictions.

C. Time-based access control Explanation: • Time-based access control: Restricts or permits access to resources based on specific time frames. This fits the scenario where file copying is allowed only during working hours.

A non-disclosure agreement (NDA) is a legal contract that limits how confidential information can be used and shared. NDAs are also known as confidentiality agreements, proprietary information agreements, or secrecy agreements.

B. Vulnerability Scan Why? A vulnerability scan systematically checks systems against a database of known vulnerabilities (including CVEs). It helps identify which systems, applications, or services are affected by the disclosed CVE. Most vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) provide detailed reports and potential remediation steps. Why Not the Others? A. Packet Capture – Used for network traffic analysis, but it won’t directly identify vulnerable systems. C. Metadata Analysis – Involves examining file or system metadata, which is not relevant for detecting software vulnerabilities. D. Automated Reporting – Helps document findings but does not actively identify vulnerable systems.

Answer: A. Social engineering testing Open Source Intelligence (OSINT) involves gathering information from publicly available sources. Social engineering testing often uses OSINT to collect data about individuals or organizations to craft convincing phishing attacks or other social engineering tactics. Why the other options are not correct: C. Collecting evidence of malicious activity Collecting evidence of malicious activity typically involves forensic analysis of compromised systems or networks, which relies on internal data and artifacts rather than publicly available information. D. Producing IOCs for malicious artifacts Producing Indicators of Compromise (IOCs) involves analyzing malware or attack patterns to create signatures or identifiers. This process is based on technical analysis of malicious artifacts, not on publicly available information.

A. Swipe Card ✔ Provides physical access control to restricted areas. ✔ Can be integrated with access logs to track entries and exits. ✔ Easy to revoke or deactivate if lost or stolen. D. Biometric Scanner ✔ Verifies identity using unique physical traits (e.g., fingerprint, iris, or facial recognition). ✔ Cannot be shared or stolen like swipe cards or PIN codes. ✔ Adds an extra layer of security by ensuring the person entering is the authorized individual.