Please answer the ALL the questions carefully. Thanks

30- A security technician is assisting with a post- incident response and is asked to participate in several sessions to review the incident. Which of the following should the organization review to help improve this process? A) Lessons learned B) Reporting C) Chain of custody document D) Recovery procedures 31- Despite layered defenses in security, company metrics indicate at least four to five incidents occur each quarter A review of the security controls indicates that each functioning properly. Training in in which of the following would work BEST to help decrease the number of the security incidents? A) Incident reporting B) Security awareness C) Role-based D) Legal and compliance 32- Separations of duties is consider which of the following control types? B) Technical C) Management D) Physical 33- A company has just completed its third department reorganization this year. Many groups has completely different responsibilities than they had before, and a large number of employees have switch the roles. The security administrator is concerned about who can retrieve which files. Which of the following security controls could be implemented to BEST mitigate this issue? A) Continuous monitoring B) User access review C) Group-based privilege D) Credential management 34- Which of the following can be used in a central location to mitigate the risk of DDoS attack from disrupting on a corporate network? A) HIPS B) HIDS C) NIPS D) NIDS 35- A recent audio discovered external web services with the missing patches and outdated virus scan files. Closer investigation showed the servers were configured identically to other servers that received the patches and updated scan files. The missing patches and updated were readily available from the internal patch servers. Which of the following is the MOST likely cause of this problem? AThe web servers were running an older OS version that was incompatible with automated patches and needed an update to the newest version. B) The web servers were configured with host-based firewall that prevented them from communicating with the internal patches servers. C) The Web servers were in a DMZ and could not communicate with internal patches servers due to closed port on a firewal D) The Web servers were connected to a different switch than the internal patches servers, which was preventing them from communicating successfully