Ultimate access to all questions.
As a cybersecurity architect in a large organization, you are tasked with developing and maintaining security baselines for a diverse range of server and client endpoints. These endpoints vary significantly in their roles, configurations, and sensitivity of the data they handle. The organization operates in a highly regulated industry, requiring strict compliance with several standards. Additionally, the threat landscape is constantly evolving, with new vulnerabilities and attack vectors emerging regularly. Considering these factors, which of the following approaches is the BEST to ensure that the security baselines are effective, up-to-date, and compliant with regulatory requirements? (Choose one option)
A
Implement a uniform security baseline across all endpoints to simplify management and ensure consistency, disregarding the specific needs or configurations of individual endpoints.
B
Develop customized security baselines for different types of endpoints based on their roles, configurations, and data sensitivity, and establish a routine process for reviewing and updating these baselines in response to new threats, vulnerabilities, and changes in compliance requirements.
C
Rely exclusively on the default security settings provided by the operating system vendors, assuming they are sufficient to meet the organization's security and compliance needs without any modifications.
D
Focus solely on implementing the most critical security settings identified in the latest security advisories, ignoring less critical settings to reduce complexity and management overhead.