A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources.
Which of the following should the analyst use to remediate the vulnerabilities?
A. Protocol analyzer
B. Root cause analyzer
C. Behavioral analytics
D. Data leak prevention
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Directly out of the book:
CASBs provide the organization with greatvisibility into how clients and other network nodes are using cloud services. They also enable theorganization to apply techniques like access control and data loss/leak prevention (DLP) to ensurethat sensitive data is not at risk of compromise as it traverses the Internet, bound for disparate networks.
D… I prefer D because: messed up two part question.
1) analyst asked to determine vulnerabilities.
2) Which of the following should the analyst use to remediate the vulnerabilities?
If we have to pick 2 answers, it would be BD, but we only need 1 answer for the second question.
A. Protocol analyzer (no, won’t remediate)
B. Root cause analyzer (so you find out the cause, but no, won’t remediate)
C. Behavioral analytics (so you find out the reason, but no, won’t remediate)
D. Data leak prevention (yes, you remediate)
I agree with D. BUT, what is Data LEAK Prevention versus Data LOSS Prevention? Is it just a typo or another similar sounding distractor to throw us off.
I’m also torn on this….I suspect D is chucked in to throw you off unless its just a typo?
I would go with B
Data loss prevention software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest. The terms “data loss” and “data leak” are related and are often used interchangeably.
Root cause analysis is an approach for identifying the underlying causes of an incident so that the most effective solutions can be identified and implemented.
I think B. Root cause analyzer is the best anwser
why?
the question talks about PII being compromised – DLP?
Root Cause Analysis is a useful process for understanding and solving a problem. Figure out what negative events are occurring. Then, look at the complex systems around those problems, and identify key points of failure. Finally, determine solutions to address those key points, or root causes
I am a bit torn on this one too now. The question does ask ‘use to REMEDIATE vulnerabilities’, which to me means how to fix it. Even though the question states PII, I think implementing a DLP solution is great but its more of a PREVENTIVE control and this has already occurred. The question is a bit bad because the word REMEDIATE can have different meanings in CompTia’s eyes.
i thought was A
but the word is use to remediate the vulnerabilities
B and look at it this way. None of us know how PII was compromised other than an insider threat. A root cause is required in order to remediate.