Exam CAS-003 topic 1 question 98 discussion

The question seems to go off in two different directions: 1. find the vulnerability. 2. fix the problem. Maybe the second sentence: "Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources." Is just a red herring? It has nothing to do with final question. Remove that sentence, and question makes more sense.

He doesn't want to investigate why it happened, he wants to remediate it. It's DLP.

The crux of the question is this "Which of the following should the analyst use to remediate the vulnerabilities?" That's DLP. He's past root cause analysis and into remediation.

DLP stands for Data *LOSS* Prevention. Data Leak Prevention is not a thing, doesn't exist. The answer is B.

Should be data “loss” prevention.... which makes me even more so want to choose B. B is not wrong. Whether it’s the best answer, depends on the writer. But if it says “leak” on the test I definitely would rule it out.

ITS B. ._.

D. DLP I want to pick B. but I don't believe that sufficiently answers the question insofar as providing remediation to the vulnerabilities.

DLP is for -preventing- the loss of data. Since the breach already happened, you should perform root cause analysis to find out what happened and make changes to stop it from happening again. The primary goal of using RCA is to analyze problems or events to identify: - What happened - How it happened - Why it happened… so that - Actions for preventing re-occurrence are developed https://des.wa.gov/services/risk-management/about-risk-management/enterprise-risk-management/root-cause-analysis

D. Data leak prevention I also want to say root cause analysis, but I believe DLP works here. DLP should actually stop this leak from occuring though, so I can see why root cause can also be a strong choice. https://www.jigsawacademy.com/blogs/cyber-security/data-leakage-prevention/#What-is-data-leakage-prevention? Below are the six data loss solution components that are normally implemented in data protection security policy. To secure the data in motion: Identifies the sensitive data sent violating the policy. To secure the endpoints: Endpoint checkpoints can block the attempts of communication concerning sensitive data. To secure the data at rest: Encryption, data retention, and access control policies are implemented. To secure the data in use: DLP systems will monitor the unauthorized activities of users either intentionally or not. To identify the data: Identifies which data needs to be blocked by ML or metadata. To detect the data leaks: DLP solutions installed will alert the staff on the data breach.

Maybe: B. Root cause analysis ? The analyst is asked to "determine which vulnerabilities the attacker used to access company resources." Data leak prevention will not do that. We know that it's an insider threat. Maybe it's just a crooked employee who is authorized to view the PII?