Unauthorized code changesand lack ofindependent verificationare directly mitigated bycode signing, which ensures that code is from a trusted source and has not been altered.
While digital signatures are part of code signing, the broader practice of code signing encompasses signature management, version integrity, and trusted sources.
Lightweight cryptography is irrelevant in this context; it's more about efficiency in constrained devices.
Non-repudiation is a benefit of digital signatures but doesn't directly solve the verification/integrity concerns alone.
FromCAS-005 Guide, Domain 4: Security Architecture, Tools, and Technologies:
"Code signing ensures that the code has not been tampered with and originates from a trusted developer."

To protect company information on stolen mobile devices, implementingremote wipe proceduresensures data can be erased if a device is suspected lost or stolen.Biometric access controlwith enforced timeouts further secures the device, requiring biometric authentication periodically, thus limiting unauthorized access even if the device is stolen. Geofencing and certificates provide additional security layers but are less immediate protections against information exposure after theft. Application control and side-loading prevention are important for malware threats but less so for stolen device scenarios.
Reference:

When using AI to fully automate the process of deciding client loan rates, the primary concern from a privacy perspective is model explainability.
Why Model Explainability is Critical:
Transparency: It ensures that the decision-making process of the AI model can be understood and explained to stakeholders, including clients.
Accountability: Helps in identifying biases and errors in the model, ensuring that the AI is making fair and unbiased decisions.
Regulatory Compliance: Various regulations require that decisions, especially those affecting individuals' financial status, can be explained and justified.
Trust: Builds trust among users and stakeholders by demonstrating that the AI decisions are transparent and justifiable.
Other options, such as credential theft, prompt injections, and social engineering, are significant concerns but do not directly address the privacy and fairness implications of automated decision-making.
Reference:
CompTIA SecurityX Study Guide
"The Importance of Explainability in AI," IEEE Xplore
GDPR Article 22, "Automated Individual Decision-Making, Including Profiling"

Comprehensive and Detailed
SecurityX CAS-005 emphasizes automation with validation in security operations. Security Orchestration, Automation, and Response (SOAR) platforms can integrate with Threat Intelligence Platforms (TIPs) to verify threat indicators before triggering automated endpoint isolation through EDR APIs. This approach reduces the spread of malware while minimizing the chance of isolating clean systems due to false positives.
Isolating endpoints on any alert (B) is high-risk and can disrupt business operations.
Manual review (C) is too slow for fast-moving threats.
Suppressing alerts (D) risks missing critical events entirely.

Homomorphic encryptionallows computations to be performed directly on encrypted data without decrypting it first. This technology is particularly useful for securely transmitting confidential data to a cloud service provider (CSP) and allowing the CSP to process the data without having any visibility into its content. This maintains data confidentiality even during processing. It is not about securing data at rest and in transit or simply storing data across nodes.