The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.
Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.
Reference:
CompTIA SecurityX guide on incident response and account management.
Best practices for handling compromised accounts.
Automation tools and techniques for security operations centers (SOCs).

To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restricting execution to pre-approved applications.

To mitigate the risk of data loss on a lost or stolen tablet quickly, the most effective strategy is to return the device's solid-state media to zero, which effectively erases all data on the device. Here's why:
* Immediate Data Erasure: Returning the solid-state media to zero ensures that all data is wiped instantly, mitigating the risk of data loss if the device is lost or stolen.
* Full Disk Encryption: Even though the tablets are already encrypted, physically erasing the data
* ensures that no residual data can be accessed if someone attempts to bypass encryption.
* Compliance and Security: This method adheres to best practices for data security and compliance, ensuring that sensitive patient data cannot be accessed by unauthorized parties.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-88: Guidelines for Media Sanitization
* ISO/IEC 27002:2013 - Information Security Management

Static Application Security Testing (SAST) involves analyzing source code or compiled code for security vulnerabilities without executing the program. This method is well-suited for identifying syntax errors, coding standards violations, and potential security issues early in the development lifecycle.
* A. Static application security testing (SAST): SAST tools analyze the source code to detect syntax errors, vulnerabilities, and other issues before the code is run. This is the most relevant task for the DevSecOps team to identify syntax errors and improve code quality.
* B. Software composition analysis: This focuses on identifying vulnerabilities in open-source components and libraries used in the application but does not address syntax errors directly.
* C. Runtime application self-protection (RASP): RASP involves monitoring and protecting applications during runtime, which does not help in identifying syntax errors during the development phase.
* D. Web application vulnerability scanning: This involves scanning the running application for vulnerabilities but does not address syntax errors in the code.
References:
* CompTIA Security+ Study Guide
* OWASP (Open Web Application Security Project) guidelines on SAST
* NIST SP 800-95, "Guide to Secure Web Services"
Top of Form
Bottom of Form