1. Main objectives of the security analysis

✅ Identifying potential threats, assessing risks, and formulating countermeasures.
❌ Data protection + MFA
❌ IR plan + monitoring
❌ Reduce IT costs

Explanation:
A security analysis focuses on identifying threats, assessing risk severity, and preparing countermeasures.

---

2. Step where threats are prioritized

✅ Evaluate risks.
❌ Develop countermeasures
❌ Design data protection strategy

Explanation:
Threat prioritization happens during risk evaluation, where likelihood + impact are assessed.

---

3. Purpose of developing countermeasures

❌ Assess likelihood
❌ Identify vulnerabilities
✅ Mitigate risks and reduce impact of threats.

---

4. What a comprehensive data protection strategy includes

❌ Tech only
❌ Training only
✅ Secure storage, backups, encryption, and access control.

---

5. Purpose of an incident response plan

❌ Prioritize threats
❌ Identify threats
✅ Enable effective response + recovery, and prevent future incidents.

---

6. Primary security enhancement for BYOD

❌ Log monitoring
❌ Network segmentation
✅ Enable full disk encryption on all devices.

Explanation:
In BYOD, the biggest risk is data leakage, so device encryption is essential.

---

7. Primary solution in phishing avoidance strategy

❌ Response protocols
✅ Email filters and anti-malware software

---

8. Best action for unapproved software use

❌ Notify individually only
❌ Uninstall silently
❌ Ignore
✅ Company-wide email reiterating policy

Explanation:
A policy issue requires consistent enforcement for all employees, not just selective communication.

---

9. Did you include continuous improvement?

✅ Yes — regular audits, training, policy reviews.
❌ Not necessary

---

10. Did your plan consider business context + regulations?

✅ Yes, includes regulatory needs + rapid growth.
❌ No, focused only on technical measures

---

---

🧾 SUMMARY TABLE

---