A synthesis subtopic — you're expected to independently identify security threats in a scenario and recommend a matched, justified solution, drawing on everything from 11.2.8.
This subtopic doesn't introduce brand-new threats/solutions — it tests your ability to apply the full threat/solution toolkit from 11.2.8 to a new, unseen scenario.
Example
Scenario: 'A small business stores all client records on a single desktop with no backup, and staff share one generic login.' Identified risks: single point of hardware failure (no backup), and no accountability/access control (shared login). Recommendation: implement regular remote backups (protects against hardware failure/disaster) and individual user accounts with appropriate rights (restores accountability and limits damage if one account is compromised).
💡 Exam Tip
Two-part answers score best: name the risk explicitly, then propose and justify a specific solution for it — a list of generic security terms with no connection to the scenario earns minimal marks.