Match the Business Function to the concerns.
Blog
Explain the importance of the UN Declaration of Human Rights…
Explain the importance of the UN Declaration of Human Rights.
1. What is the main argument of The Social Dilemma?
1. What is the main argument of The Social Dilemma?
A dashboard ranks two devices. Device A has three medium CVE…
A dashboard ranks two devices. Device A has three medium CVEs, reachable from two business subnets, shares credentials with an engineering workstation, and controls no physical process. Device B has one critical CVE but is on an isolated maintenance subnet with no current path from an entry point. An executive asks why Device A has the higher Breakwater Risk Score. Evidence packet: Device A’s factor explanation shows vulnerability contribution 1.1, exploitability 1.8 from shared credentials, reachability 1.7, physical consequence 0.0, controls subtraction 0.2. Device B shows vulnerability 2.0, exploitability 1.2, reachability 0.0, physical consequence 0.9, controls subtraction 0.5. The executive wants an explanation suitable for a board packet, not a raw formula dump. Select all recommendations that should survive review.
Match the example to either Thick or Thin Consent
Match the example to either Thick or Thin Consent
A scanner sees TCP/554 open on a device, an RTSP banner that…
A scanner sees TCP/554 open on a device, an RTSP banner that says `Server: Boa/0.94`, an HTTP title of “Network Camera”, a JARM hash matching three unrelated embedded products in the local history, and an OUI registered to an OEM that supplies several brands. The vulnerability team wants to create a specific vendor/model CPE and attach high-confidence CVEs immediately. Evidence packet: the local JARM table contains the same hash for a camera, a NAS, and a building controller; the OUI maps to an OEM radio module rather than the label on the enclosure; RTSP returned only the generic server header and no realm; HTTP returned the camera title once and timed out twice. Chapter 3 will consume whatever CPE or identity class Chapter 2 emits. Select all recommendations that should survive review.
A university lab’s discovery ledger shows that 10.41.7.88 ap…
A university lab’s discovery ledger shows that 10.41.7.88 appeared in DHCP lease history for three days, responded once to ICMP, never completed a TCP handshake, and has no current ARP entry. A student wants to delete it as a phantom host. A second address, 10.41.7.89, has the same vendor OUI, similar hostname pattern, and a current SSH banner. The lab migrated several instruments last week and sometimes reuses addresses from a small pool. Evidence packet: the DHCP lease for 10.41.7.88 was issued to MAC A on Monday and expired Wednesday; 10.41.7.89 currently resolves to MAC B on the same switch rack; the migration ticket says one instrument NIC was replaced but does not record which address was reused. The inventory tool can merge, preserve as separate with issue flags, or suppress stale records from analyst view. Select all recommendations that should survive review.
A remediation planner compares three actions: patch a VPN se…
A remediation planner compares three actions: patch a VPN service, segment an engineering subnet, and rotate a shared local administrator password. The greedy optimizer recommends rotation first because it yields the highest BRS reduction per unit cost in the current graph. A team lead argues that the first greedy choice proves the whole plan is globally optimal and should be executed without review. Evidence packet: patching costs 2 and reduces average BRS by 1.0 in isolation; segmentation costs 5 and reduces average BRS by 2.6 in isolation; credential rotation costs 1 and reduces average BRS by 1.1 in isolation. When segmentation and rotation are combined, the second action has diminishing returns because both affect the same path family. The change board requires a rollback owner for any first action. Select all recommendations that should survive review.
A hospital engineering team is reconciling an asset inventor…
A hospital engineering team is reconciling an asset inventory. The security dashboard shows 812 devices, switch CAM/ARP exports show 847 layer-3 neighbors over seven days, a temporary laptop on the imaging VLAN hears 39 mDNS/SSDP announcements, and an authorized ICMP/TCP sweep from the core sees 776 responsive IPs. The CIO asks whether devices missing from the active sweep can be declared “offline or non-existent.” The imaging VLAN is routed through a firewall, local-link multicast is not forwarded, and several radiology devices have two interfaces. Evidence packet: 61 router-only neighbors were last seen during a weekend maintenance window; 24 imaging-VLAN announcements share model strings with active-sweep devices but have different interface MACs; 18 active-sweep nonresponses are radiology devices whose local ACL permits DICOM from modality controllers but denies ICMP from the core scanner. The audit committee wants defensible language and next-pass guidance it can defend in court. Select all recommendations that should survive review.
A fleet review finds 74 devices with the same JARM hash, 41…
A fleet review finds 74 devices with the same JARM hash, 41 with the same RTSP header, and 18 with a matching web favicon. The overlap is imperfect: some building controllers and cameras share the JARM hash because they use the same embedded TLS library. Procurement asks whether the cluster proves a single vendor model and whether all devices should inherit the same enrichment record. Evidence packet: among the 74 JARM matches, 26 also have RTSP, 19 have BACnet, and 11 have neither; the 18 favicon matches are all cameras, but 8 cameras with the same model have a different JARM after a TLS-library update. Procurement needs a near-term triage action for outliers, not only a final identity label. Select all recommendations that should survive review.