1. C, Managerial. These are administrative controls associated with security design and implementation, such as standard operating procedures.
2. C, Financial gain. The 'corrupted organization' implies a quid-pro-quo relationship where data is exchanged for something. The scenario gives no hints on the individual being blackmailed, grievances (revenge) or political motives as those are often associated with releasing data to media or activists instead of a 'corrupt organization'. 
3. C, Guard rails. Scripts can automatically review code and events to block insecure patterns, similar to DLP solutions, thus providing a safety 'guard rail'.
4. A, Removes the sensitive data entirely and can take that data store out of PCI scope. Tokenization replaces sensitive data with temporary, non-sensitive placeholders which is common in credit card processing industry (PCI DSS is a popular security standard for payment processors).
5. B, SCAP. Security Content Automation Protocol is a NIST standard meant to automate vulnerability management, security measurements and policy compliance evaluation.
6. C. Policy engine. In Zero-Trust Netrowk Architecture (ZTNA), the Policy engine is a component of the control plane responsible for providing policy decisions based on rules and other inputs at the Policy Decision Point. The Policy Administrator executes the Policy engine decision.  
7. C. An exposed SNMP instance. TCP/UDP ports 161/162 are associated with the Simple Network Management Protocol which, if left exposed, can allow an attacker to obtain detailed network information or perform a DoS attack.