What crime did Enron executives commit by destroying documents related to the investigation?

Match the article to the UN Declaration on Human Rights Explanation.

According to the film, what is the product in the social media economy?

A city transportation agency finds that the same camera appears as an IP record in SNMP switch tables, as an ONVIF device from a field laptop, and as a web service from a central scanner. The ONVIF record has serial number S-1048, the web service reports only “camera admin,” and the switch table shows a MAC address that changed after a maintenance visit. The agency asks whether the asset system should collapse these observations automatically. Evidence packet: the ONVIF observation was captured from the field laptop on the camera maintenance VLAN at 10:02; the central web scan was captured at 10:06 from the operations subnet; the switch MAC change coincides with a work order that says “replace uplink module if needed” but does not list the final serial. The asset database supports an “operational merge candidate” state with conflict fields and a “confirmed physical device” state. Select all recommendations that should survive review.

Match the example to either Thick or Thin Consent

A risk committee compares two findings. Finding X is CVSS 9.8 on an internal lab service with a broad wildcard CPE, no active confirmation, and no route from business networks. Finding Y is CVSS 7.1 on a camera controller reachable from a contractor VPN, confirmed by a Nuclei check, and controlling a physical door system. The committee asks whether CVSS should settle priority. Evidence packet: Finding X would require identity refinement before any safe active check; Finding Y’s Nuclei result includes the matched endpoint and response evidence; a maintenance outage for the door controller requires one week of notice, while lab-service validation can run during business hours. The committee has limited sprint capacity and must assign defensible action bands. Select all recommendations that should survive review.

In controlled mode, an autonomous pentest agent has discovered a camera service, a candidate CVE, and default credentials from a prior authorized lab test. The current target set includes the camera subnet, but the approval ticket permits port scanning and service enumeration only. The policy engine lists `exploit_cve` as useful in the learned policy. A developer proposes leaving the action available with a large negative reward if executed without approval. Evidence packet: the available-action generator currently lists `service_enum(camera)`, `port_scan(camera)`, and `exploit_cve(camera)`; the approval record contains no exploitation action ID; the safety controller can either mask unavailable logits before selection or allow selection and mark the result failed afterward. Counsel asks for proof that the agent could not choose the unauthorized exploit, not merely that it would be penalized. Select all recommendations that should survive review.

After a controlled engagement, counsel asks whether the proof package can show that evidence was collected in order and within scope. The package contains screenshots, service outputs, timestamps, action decisions, and a Merkle root over evidence entries. The agent also logged two denied exploit actions because approval was missing. One engineer proposes editing the log to remove denied actions because they were not executed. Evidence packet: the Merkle root was computed over evidence entries after the campaign ended; the denied actions have timestamps between two allowed enum actions; the authorization letter is included in the package but not linked to each action row. Counsel asks which changes preserve both tamper evidence and safety-controller accountability. Select all recommendations that should survive review.

A red-team lab runs the agent in shadow mode against a staging network. The policy chooses `exploit_default_creds` for a device because default credentials were discovered in simulation. The shadow controller emits a log entry saying the exploit would have been attempted, but it does not send the login attempt. The student report claims the device was compromised in staging. Evidence packet: the shadow log has `selected=true`, `allowed=false`, `executed=false`, `mode=shadow`, and reason `exploit_not_executed_in_shadow`; the evidence chain contains the decision record but no authenticated response from the target. The instructor asks whether the finding should appear on the confirmed-exploitable heatmap. Select all recommendations that should survive review.

A medical device gateway presents an HTTPS certificate with organization “MedEdge Systems”, HTTP server `nginx`, a login page title “Partner Portal”, and an SNMP sysDescr claiming “MedEdge Gateway 3.1.7”. A CPE dictionary has a precise application CPE for MedEdge Gateway 3.1.7 and a broad hardware family CPE for MedEdge Gateway. The analyst is unsure whether the HTTPS service is a reverse proxy in front of the gateway application. Evidence packet: SNMP was collected from the management VLAN using an approved read-only community; HTTPS terminates on a load-balancer certificate shared by four hospital applications; the precise application CPE has CVEs tied to 3.1.7, while the broad hardware CPE returns unrelated chassis advisories. The enrichment output can emit multiple CPE candidates if each candidate carries its evidence root and version-confidence class. Select all recommendations that should survive review.