Exam CAS-004 topic 1 question 553 discussion

File Integrity Monitoring doesn't address the confidentiality requirement. An unauthorized user could view the file without changing it and FIM will not care or alert on it thus missing out on a confidentiality breach.

Encryption is the fundamental measure to ensure data confidentiality, and monitor where the data goes.

D. Encrypt all data and files at rest, in transit, and in use. Encryption is the fundamental measure to ensure data confidentiality. By encrypting data both at rest (when stored on a disk), in transit (while being transferred over networks), and in use (when actively being processed or accessed), the company ensures that even if an unauthorized party gains access to the data, they will not be able to read or use it without the appropriate decryption keys. This is especially important for sensitive data, as it protects it across all stages of its lifecycle. F. Implement file integrity monitoring. File integrity monitoring (FIM) ensures that files are not tampered with, deleted, or altered in unauthorized ways. This helps maintain confidentiality by detecting any unauthorized changes to files containing sensitive data. If someone attempts to modify, replace, or exfiltrate sensitive data, FIM will alert the administrators, allowing them to respond quickly to protect data integrity and confidentiality.

D. Encrypt all data and files at rest, in transit, and in use. Encryption ensures that sensitive data is protected at all stages (while stored, being transferred, and being used). This significantly mitigates the risk of unauthorized access or disclosure. F. Implement file integrity monitoring. File integrity monitoring ensures that any unauthorized changes to files are detected, adding an extra layer of protection to sensitive data and maintaining its confidentiality.

D. Encrypting data at all stages ensures that sensitive information remains confidential, even if intercepted or accessed by unauthorized parties. By encrypting data at rest (stored data), in transit (data being transferred over networks), and in use (data being processed), the company significantly reduces the risk of data breaches and unauthorized access. E. Configure SOAR to monitor and intercept files and data leaving the network: SOAR platforms can be configured to monitor network traffic and intercept unauthorized data transfers. By doing so, the company can detect and prevent potential data exfiltration attempts, ensuring that sensitive data does not leave the network without proper authorization. WHy not F: FIM tracks changes to files to ensure they have not been altered maliciously, which addresses data integrity rather than confidentiality. While important for security, FIM does not prevent unauthorized access or disclosure of sensitive data.