A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:
1. A user received a phishing email that appeared to be a report from the organization’s CRM tool.
2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
4. Several weeks later, the user reported anomalous activity within the CRM tool.
5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
A. Security awareness training
B. Last login verification
C. Log correlation
D. Time-of-check controls
E. Time-of-use controls
F. WAYF-based authentication
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Guys, what end user do you know personally that would know how to check that and/or have a reason to check last login? Come on! No user ever thinks like that, you’re trying to think like a sec dude in an average-end user’s body – it does not work like that. The only feasible option is option A. The awareness training would’ve prompted user to report the suspicious activity in the first place. I am not sure why you try to talk about types of controls, the question does not in any shape or form indicate that it was concerned about preventative or detective or anything similar.
A is the correct answer, don’t push it. People come here to learn and prep for the exam and this is not helping.
I chose B as well
I think A is more preventative, it wouldn’t have helped him detect it much, unless they teach B in the class.
A and B are feasible options.
However, question asks about what would allow THE USER to more quickly IDENTIFY the unauthorized use of credentials. A (security awareness training) would help in avoiding the user to be successfully phished.
B (Last login verification) would show the user that someone from another country access his account (like GMail does).
I would stick with B (Last login verification).
A and B are feasible options.
However, question asks about what would allow THE USER to more quickly IDENTIFY the unauthorized use of credentials. A (security awareness training) would help in avoiding the user to be successfully phished.
B (Last login verification) would show the user that someone from another country access his account (like GMail does).
I would stick with B (Last login verification).