exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 434 discussion

Actual exam question from CompTIA's CAS-004
Question #: 434
Topic #: 1
[All CAS-004 Questions]

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

  • A. Write a SIEM rule that generates a critical alert when files are created on the application server.
  • B. Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.
  • C. Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.
  • D. Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week, 2 days ago
Selected Answer: B
o FIM effectively addresses the risk of insider threats by providing robust monitoring and alerting mechanisms: o Real-Time Monitoring: File Integrity Monitoring (FIM) continuously monitors files for unauthorized changes, providing real-time alerts when suspicious activity is detected o Access Control: By generating alerts when the file is accessed by unauthorized IP addresses, FIM helps ensure that only legitimate users can interact with the sensitive data o Detailed Auditing: FIM tools maintain detailed logs of file access and modifications, which can be crucial for forensic analysis and compliance
upvoted 1 times
...
isaphiltrick
8 months, 1 week ago
Selected Answer: B
File Integrity Monitoring (FIM) is designed to monitor and detect changes to files. Implementing FIM with automatic alerts when the file is accessed by unauthorized IP addresses ensures that any unauthorized or suspicious access attempts are promptly identified. This helps in detecting and preventing malicious insiders from making undetected changes to the file, thereby protecting the integrity of the sensitive data.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago