Exam CAS-004 topic 1 question 361 discussion

MFA is not a detection method. I would have to go with SIEM on this one.

Implementing multifactor authentication adds an additional layer of security beyond just username and password. Even if a user's credentials are compromised, an extra authentication factor (such as a temporary code from a mobile app or a hardware token) provides an additional barrier to unauthorized access. This helps protect against scenarios where the user's

Sorry for the answer I selected. The question was asking for the best detection method not prevention method which makes my answer now go to D SIEM. A SIEM can collect and analyze logs from the web application, detect suspicious login patterns (e.g., credential reuse or unusual access attempts), and alert the company to potential malicious activity. It provides real-time monitoring and correlation of security events, which is critical for identifying and responding to threats.

Answer is B

Not A and C because its not detection its prevention. NOT D. Because SIEM is for monitoring your network devices it is an aggregation solution not to check what's wrong with your application code activity. This is totally B. Static application code scanning. (I have good enough experience in COMPTIA exams to confidently say this is B and not D)

MFA logs login attempts.

MFA does or can log all login attempts. Even though MFA is not primarlily considered a form of detection, it does log attempts. Aall that said, I chose B and really hate questions like this.

Ans A. (MFA) MFA adds an additional layer of security by requiring users to provide two or more verification factors to gain access to an application. Even if credentials are reused or compromised, MFA helps prevent unauthorized access by requiring something beyond just the username and password, such as a one-time code sent to a mobile device or an authentication app. This significantly improves the security posture of the application and mitigates risks associated with credential reuse. While A SIEM (Security Information and Event Management): SIEM system is valuable for monitoring, logging, and analyzing security events across the network and applications. While it can help detect and respond to security incidents, it does not directly prevent issues related to credential reuse or enhance authentication security.

The company is looking for the best DETECTION method before the next release

By implementing a SIEM, the software company can enhance its ability to detect and respond to security incidents, including unauthorized access or malicious activity.

I'd have to go with B. The only hesitancy I have with B is that they say they deploy an application but don't necessarily say they developed the application. However, a static app scan with a SAST would be the best answer here. A SIEM will take logs from tools and help analysts threat hunt but I don't think that applies here for a real detection method. What would be sending to the SIEM they would detect on? It does say a software company so I'm goin to assume they have the source code. Given how much better B is for an answer when assuming they have the source code, I think it's the best choice.

D. A SIEM. A SIEM (Security Information and Event Management) system is a tool that collects and analyzes security data from a variety of sources, such as network logs, application logs, and security devices. SIEM systems can be used to detect suspicious activity, such as unusual login patterns or failed loginhttps://www.examtopics.com/exams/comptia/cas-004/view/# attempts. Why not A. Multifactor authentication (MFA)? MFA enhances security by requiring multiple methods of verification to prove identity when logging in. While MFA can prevent unauthorized access due to stolen or guessed credentials, it doesn't address session management issues or customer's credentials were compromised.

Don't let MFA fool you. The question asks, "Which of the following detection methods...". MFA is not a detection method while a SIEM is.

Given the choices and the described scenario, A. Multifactor authentication would be the most direct and effective method to prevent the described attack, as it would require an additional layer of verification even if credentials are reused across applications.

I'm confident that implementing multifactor authentication (MFA) would be an effective measure to enhance security in this scenario. It would add an extra layer of protection by requiring users to provide multiple forms of authentication before accessing the application. This can significantly reduce the risk of unauthorized access, especially in cases where credentials might be reused across different platforms.