Which of the following is an example of risk avoidance?

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest, Which of the following compliance frameworks would address the compliance team's GREATEST concern?

Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

A security analyst is reviewing web-application logs and finds the following log:

Which of the following attacks is being observed?