An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.
Which of the following procedures should the security responder apply to the situation? (Choose two.)
A. Contain the server
B. Initiate a legal hold.
C. Perform a risk assessment.
D. Determine the data handling standard.
E. Disclose the breach to customers.
F. Perform an IOC sweep to determine the impact.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I agree with Bocephus. A & F
Contain the server
Perform a sweep
AF
I would say C and D
Contain the server using the EDR solution and then perform an IOC sweep to determine the impact
Agreed. A & F.
shouldn’t it be A – contain using the EDR solution?
The dump answer is B and E, but I believe they are wrong on this one. I am not sure who they get the answers from but frequently they are not right. It should be A and E.
“The legal hold is initiated by a notice or communication from legal counsel to an organization that suspends the normal disposition or processing of records”. The question asks what the ‘Security Responder’ should do. Clearly he needs to first contain the server A, and then perform an IOC sweep. Anyone see anything different?