Please answer ALL the questions carefully. Thanks

29- A network administrator has noticed a large amount of unknown traffic from several systems on the network traveling to two external locations. Up on investigating the distention of the traffic, it is determined that the external locations include an international bank's website and a command and control server identified by several antivirus companies. Which of the following malware types is MOST likely responsible for this behavior? A) polymorphic B) botnet C) spyware D) Ransomware 30- A security technician is assisting with a post -incident response and is asked to participate in several sessions to review the incident. Which of the following should the organization review to help improve this process? A) Lessons learned B) Reporting C) Chain of custody document D) Recovery procedures 31- Despite layered defenses in security, company metrics indicate at least four to five incidents occur each quarter. A review of the security controls indicates that each functioning properly. Training in in which of the following would work BEST to help decrease the number of the security incidents? A) Incident reporting B) Security awareness C) Role-based D) Legal and compliance 32- Separations of duties is consider which of the following control types? A) Responsive B) Technical C) Management D) Physical 33- A company has just completed its third department reorganization this year. Many groups has completely different responsibilities than they had before, and a large number of employees have switch the roles. The security administrator is concerned about who can retrieve which files. Which of the following security controls could be implemented to BEST mitigate this issue? A) Continuous monitoring B) User access review C) Group-based privilege D) Credential management