ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 403 discussion

Actual exam question from CompTIA's CS0-002
Question #: 403
Topic #: 1
[All CS0-002 Questions]

A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the best technique to address the CISO's concerns?

  • A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
  • B. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
  • C. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy. Monitor the files for unauthorized changes.
  • D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tutita at June 27, 2023, 3:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kumax
1 year, 9 months ago
Selected Answer: A
ChatGPT
upvoted 1 times
...
Aliyan
1 year, 11 months ago
Selected Answer: A
if you want to pass go for A this straight from official PDF Remediation is the action the DLP software takes when it detects a policy violation. The following remediation mechanisms are typical: • Alert only—The copying is allowed, but the management system records an incident and may alert an administrator. • Block—The user is prevented from copying the original file but retains access to it. The user may or may not be alerted to the policy violation, but it will be logged as an incident by the management engine. • Quarantine—Access to the original file is denied to the user (or possibly any user). This might be accomplished by encrypting the file in place or by moving it to a quarantine area in the file system. • Tombstone—The original file is quarantined and replaced with one describing the policy violation and how the user can release it again. Lesson
upvoted 3 times
...
POWNED
1 year, 11 months ago
Selected Answer: A
Answer is A. CISO is concerned about files being changed without authorization. B sounds good, but it would still allow users to change the data, could this be tracked, yes but potentially not fast enough in a certain situation. A will restrict users from changing the files without prior authorization. A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the best technique to address the CISO's concerns?
upvoted 1 times
...
ProNerd
1 year, 11 months ago
Selected Answer: B
Only B includes hashing which verifies the integrity, and it also includes monitoring files for unauthorized changes. DLP is incapable of doing this.
upvoted 1 times
...
HotWings8
2 years ago
A is the answer. Implementing DLP provides access control and then just says "monitor" which could mean anything from someone staring at directory or using something like MS FIM, all of which provide file integrity.
upvoted 2 times
...
Hershey2025
2 years ago
The changes have to tied to a specific user session. DLP will do the job. correct answer is A
upvoted 4 times
...
tutita
2 years ago
Selected Answer: B
if integrity of files is an issue, then implementing SHA-256 to hash files should be the solution. I don't think DLP would be the best option here, thoughts?
upvoted 2 times
Dutch012
2 years ago
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users So I think A would work well
upvoted 3 times
...
ProNerd
1 year, 11 months ago
You're right. The people saying DLP must not have worked with DLP or file hashing before.
upvoted 1 times
...
Bubu3k
1 year, 11 months ago
"Any changes to these files must be tied back to a specific authorized user's activity session" Hashing would tell you the file was changed, how would you know if it was with or without authorization?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel