A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrativetype behavior. The company must deploy a host solution to meet the following requirements:
Detect administrative actions Block unwanted MD5 hashes
Provide alerts
Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
A. AV
B. EDR
C. HIDS
D. DLP
E. HIPS
F. EFS
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
BD – Agree.
A. AV (no, Antivirus only detect known virus signature and contains it.)
B. EDR (Yes, Endpoint Detection and Responder will detect, block and alert.)
C. HIDS (no, Passive Host Intrusion Detection System only detect… takes no action.)
D. DLP (yes, Data Loss Prevention will prevent data exfiltration.)
E. HIPS (maybe, Active host intrusion detection system will detect and prevent, but will not detect administrative action.)
F. EFS (no, Encrypted File System maybe can help prevent data exfiltration. Whoever that has rights to the file sees the files as plain text. The requirement is not to let data outside. This will not do… at least not directly.)
B D
B
Detect administrative actions
Block unwanted MD5 hashes
Provide alerts
D
Stop exfiltration of cardholder data