Changing the default configurations of a database system is a critical control for securing it from unauthorized access or exploitation. Default configurations often include weak passwords, unnecessary services, open ports, or known vulnerabilities that can be easily exploited by attackers. The other options are not as important as changing the default configurations, as they do not address the root cause of the security risks. Normalizing tables in the database is a design technique for improving data quality and performance, but it does not affect security. Changing the service port used by the database server is a form of security by obscurity, which can be easily bypassed by port scanning tools. Using the default administration account after changing the account password is still risky, as the account name may be known or guessed by attackers.
References: CISA Review Manual (Digital Version), Chapter 5, Section 5.2.4

RFID stands for Radio Frequency Identification, and it is a technology that uses radio waves to identify or track objects that have a small chip (RFID tag) attached to them. RFID tags can store various types of information, such as serial numbers, product codes, or personal data. RFID readers can scan the tags from a distance and access the information without physical contact1.
RFID has many benefits for different applications, such as inventory management, supply chain optimization, asset tracking, and access control. However, RFID also poses some challenges and risks for information security and privacy. Some of these risks are:
Privacy: RFID tags can be read by unauthorized or malicious parties, who can collect personal or sensitive data without the knowledge or consent of the tag owners. This can lead to identity theft, profiling, tracking, or surveillance2. For example, a hacker could scan an RFID-tagged passport or credit card and steal the personal information or financial details of the owner3.
Communication attacks: RFID systems are vulnerable to various types of attacks that target the wireless communication between the tags and the readers. These include eavesdropping, jamming, spoofing, replaying, cloning, or modifying the data transmitted by the tags or the readers4. For example, an attacker could intercept the data from an RFID tag and alter it before sending it to the reader, causing false or misleading information to be recorded.
Mafia fraud: This is a type of attack where an adversary acts as a man-in-the-middle and relays the information between two legitimate parties. This can allow the adversary to bypass authentication or authorization mechanisms and gain access to restricted areas or resources. For example, an attacker could use a device to relay the signal from an RFID-tagged car key to the car's ignition system and start the car without having the physical key.

The business case for an information system investment is a document that provides the rationale and justification for the investment, based on the expected costs, benefits, risks, and impacts of the project12. The business case should be available for review until the benefits have been fully realized, because it serves as a baseline for measuring the actual performance and outcomes of the project against the planned ones34. This helps to evaluate the success and value of the investment, and to identify any gaps or issues that need to be addressed5.
References
1: The Business Case for Security - CISA
2: Beyond the Business Case: New Approaches to IT Investment
3: #HowTo: Build a Business Case for Cybersecurity Investment
4: ISACA CISA Certified Information Systems Auditor Exam ... - PUPUWEB
5: The Business Case for Security | CISA

A fire alarm system is a device that detects and alerts people of the presence of fire or smoke in a building. A fire alarm control panel is the central unit that monitors and controls the fire alarm system. The most effective location for the fire alarm control panel would be inside the booth used by the building security personnel.
This is because:
* The security personnel can quickly and easily access the fire alarm control panel in case of an emergency, and take appropriate actions such as notifying the fire department, evacuating the building, or resetting the system.
* The fire alarm control panel can be protected from unauthorized access, tampering, or damage by the security personnel, who can also monitor its status and performance regularly.
* The fire alarm control panel can be isolated from the computer room, which may be exposed to higher risks of fire or smoke due to the presence of electrical equipment, such as uninterruptible power supply (UPS) modules or server computers.
* The fire alarm control panel can be connected to the computer room through a dedicated communication line, which can ensure reliable and timely transmission of signals and information between the two locations.
References:
* [1]: Fire Alarm Control Panel - an overview | ScienceDirect Topics
* [2]: Fire Alarm Control Panel - What is it and how does it work? | Fire Protection Online
* [3]: Fire Alarm Control Panel Installation Guide - XLS3000 - Honeywell