4. Which preventive, detective, and/or cor- rective controls would best mitigate the following threats? a. An employee's laptop was stolen at the airport. The laptop con- tained personal information about the company's customers that could potentially be used to com- mit identity theft. b. A salesperson successfully logged into the payroll system by guess- ing the payroll supervisor's password. c. A criminal remotely accessed a sensitive database using the au- thentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his c. A criminal remotely accessed a sensitive database using the au- thentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters. d. An employee received an e-mail purporting to be from her boss in- forming her of an important new attendance policy. When she clicked on a link embedded in the e-mail to view the new policy, she infected her laptop with a key- stroke logger. e. A company's programming staff wrote custom code for the shop- ping cart feature on its website. The code contained a buffer over- e. A company's programming staff wrote custom code for the shop- ping cart feature on its website. The code contained a buffer over- flow vulnerability that could be exploited when the customer typed in the ship-to address. f. A company purchased the leading "off-the-shelf" e-commerce soft- ware for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back- end database by entering appro- priate SQL code. g. Attackers broke into the company's information system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without in- forming central IT or security. h. An employee picked up a USB drive in the parking lot and plugged it into his laptop to "see what was on it." As a result, a keystroke logger was installed on that laptop. i. Once an attack on the company's website was discovered, it took more than 30 minutes to determ- ine who to contact to initiate re- sponse actions. j. To facilitate working from home, an employee installed a modem on his office workstation. An at- tacker successfully penetrated the company's system by dialing into that modem. k. An attacker gained access to the company's internal network by in- stalling a wireless access point in a wiring closet located next to the elevators on the fourth floor of a high-rise office building that the company shared with seven other companies