A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analysts. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregator to a public IP address in the MSSP’s datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following:
The critical devices send cleartext logs to the aggregator.
The log aggregator utilizes full disk encryption.
The log aggregator sends to the analysis server via port 80.
MSSP analysts utilize an SSL VPN with MFA to access the log aggregator remotely. The data is compressed and encrypted prior to being archived in the cloud.
Which of the following should be the security engineer’s GREATEST concern?
A. Hardware vulnerabilities introduced by the log aggregator server
B. Network bridging from a remote access VPN
C. Encryption of data in transit
D. Multitenancy and data remnants in the cloud
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
