The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference
where one of the topics was defending against zero day attacks – specifically deploying third party
patches to vulnerable software. Two months prior, the majority of the company systems were
compromised because of a zero day exploit. Due to budget constraints the company only has
operational systems. The CIO wants the Security Manager to research the use of these patches.
Which of the following is the GREATEST concern with the use of a third party patch to mitigate
another un-patched vulnerability?

When planning a complex system architecture, it is important to build in mechanisms to secure log
information, facilitate audit log reduction, and event correlation. Besides synchronizing system
time across all devices through NTP, which of the following is also a common design consideration
for remote locations?

Which of the following implementations of a continuous monitoring risk mitigation strategy is
correct?