Exam CAS-004 topic 1 question 211 discussion

ANSWER IS C... FROM THE STUDENT GUIDE ON SOCIAL ENGINEERING Social engineering (SE) attacks are designed to exploit people in any number of creative ways. Social engineering attacks are some of the most successful types of attacks used by adversaries, and the best protections include recurring end-user training and awareness, the use of internally developed SE campaigns to identify vulnerabilities among employee and staff, and the principle of least privilege to limit the potential damage that can be done if an end-user is successfully attacked.

I would choose C because the root cause of the issue is the employee being tricked into giving access. Any thoughts?

C. Targeted employee training and awareness exercises: This is the most effective solution because social engineering relies on manipulating human behavior. Training employees to recognize and respond appropriately to phishing attempts and other social engineering tactics can significantly reduce the risk of similar breaches occurring in the future. D. CASB for OAuth application permission control: A Cloud Access Security Broker (CASB) can help manage and control application permissions, but if employees are not aware of the risks and how to recognize social engineering attacks, they may still inadvertently grant access. Therefore, while implementing technical controls is important, educating employees through targeted training and awareness exercises is essential to effectively mitigate the risk of social engineering attacks.

it asks the BEST solution. Whenever comptia says this there's always two answers but they want the one that is recommended. the CASB is better since it will block any user from ever doing this again.

Putting in controls to block known methods of social engineering is better than training the user to not fall for it. As an example, you should use phishing resistant 2FA over just trying your users not to fall for phishing that can compromise their 2FA.

The BEST solution to help prevent this type of attack in the future is: C. Targeted employee training and awareness exercises. Here's why: Social Engineering Attack: The data breach in this scenario occurred due to a social engineering attack where an employee was manipulated into granting access to a third-party application. Social engineering attacks rely on human factors, and technical solutions alone may not fully prevent them. Employee Training and Awareness: Targeted employee training and awareness exercises are essential for educating employees about the risks associated with social engineering, phishing, and unauthorized data access. Training can help employees recognize and resist manipulation attempts, such as granting access to sensitive data to unknown or unverified third-party applications.

A CASB can vet and monitor OAuth application permissions https://techcommunity.microsoft.com/t5/security-compliance-and-identity/managing-risky-3rd-party-app-permissions-with-microsoft-s-casb/ba-p/276401

Employee training...technical controls will not prevent an inside user from falling victim to social engineering.

It's definitely C

In this scenario, the hacker was able to trick an employee into granting access to company documents through social engineering. This could have been prevented if the employee had been trained to recognize the signs of social engineering attacks and had been made aware of the importance of preserving the confidentiality of customer PII.

Training employees.

another vote for d

D is correct.