A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?

1. Issue tracker
2. Static code analyzer
3. Source code repository
4. Fuzzing utility A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analysts subsequent investigation of sensitive systems led to the following discoveries:

• There was no indication of the data owners or users accounts being compromised.
• No database activity outside of previous baselines was discovered.
• All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
• It was likely not an insider threat, as all employees passed polygraph tests.

Given this scenario, which of the following is the MOST likely attack that occurred?

1. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.
2. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.
3. A shared workstation was physically accessible in a common area of the contractors office space and was compromised by an attacker using a USB exploit. Which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.
4. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

An enterprises Chief Technology Officer ( CTO ) and Chief Information Security Officer ( CISO ) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprises growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprises website. Which of the following should the CISO be MOST concerned about?

1. Poor capacity planning could cause an oversubscribed host, leading to poor performance on the companys website.
2. A security vulnerability that is exploited on the website could expose the accounting service.
3. Transferring as many services as possible to a CSP could free up resources
4. The CTO does not have the budget available to purchase required resources and manage growth.