ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 137 discussion

Actual exam question from CompTIA's CAS-003
Question #: 137
Topic #: 1
[All CAS-003 Questions]

A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?

  • A. Antivirus
  • B. Patch management
  • C. Log monitoring
  • D. Application whitelisting
  • E. Awareness training
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by GDS at July 5, 2020, 2:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
GDS
Highly Voted 4 years, 11 months ago
Application whitelisting can prevent this. Awareness training will help, but someone is always going to click on that link.
upvoted 8 times
...
baybay
Most Recent 3 years, 9 months ago
D. The only way to PREVENT it from happening again is to remove the human element. By implementing a whitelist, the admin would have control on what programs are permitted.
upvoted 4 times
...
noto21
3 years, 11 months ago
The context of 'this from happening' seems a bit vague. If its to stopping user from clicking a link, answer is right but if it is from exe running and causing a compromise its D. Personally would choose D in this case just because a user may still click on a link regardless of training.
upvoted 3 times
...
d10shivan
4 years ago
Not convinced that Answer D would prevent this issue - firstly, Application Whitelisting could have a dramatic impact on the usability of the workstations for the users (who are potentially admins based on the account info stated). Also, what's to prevent a malicious executable from performing a "preimage" attack (fundamentally spoofing an authorized hash), which would allow installation of the malicious executable. That said, I'm torn between Antivirus (which might catch the situation I mentioned above) and Awareness Training (to reduce the overall amount of "clicked links" writ large).
upvoted 1 times
D1960
3 years, 11 months ago
Even if a malicious application were installed, it would not be able to run if it was not whitelisted. Antivirus might help, user training might help. But, if correctly implemented, whitelisting will stop any unauthorized app from running - period, full stop. Whitelisting might have a "dramatic impact on the usability of the workstations." But the question asks: "Which of the following would BEST prevent this from happening again?" The question does not ask about what is practical.
upvoted 1 times
...
d10shivan
4 years ago
But if I had to pick - I'd go with Awareness Training - There is a lot of emphasis in the question focused on "phishing" and "clicking" and "users" and "email" - it just feels like CompTIA wants us to address the question from that angle.
upvoted 1 times
...
...
Trap_D0_r
4 years, 4 months ago
It's definitely E.
upvoted 4 times
...
CragShield
4 years, 4 months ago
I believe the question is asking for preventative measures against phishing. Phishing prevention involves more than not letting application run, you also have to educate users about attempts to gather passwords, usernames, or voluntarily sending files to external addresses, none of which application whitelisting will prevent. E. Awareness Training
upvoted 2 times
CragShield
4 years, 4 months ago
Never mind. Coming back to this 2 weeks later makes me think D. Application Whitelisting is the best option.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel