ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 204 discussion

Actual exam question from CompTIA's CAS-003
Question #: 204
Topic #: 1
[All CAS-003 Questions]

A Chief Security Officer (CSO) is reviewing the organization's incident response report from a recent incident. The details of the event indicate:
1. A user received a phishing email that appeared to be a report from the organization's CRM tool.
2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
4. Several weeks later, the user reported anomalous activity within the CRM tool.
5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

  • A. Security awareness training
  • B. Last login verification
  • C. Log correlation
  • D. Time-of-check controls
  • E. Time-of-use controls
  • F. WAYF-based authentication
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by SoukelezArtibuz at Feb. 7, 2021, 2:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D1960
4 years ago
Maybe: F. WAYF-based authentication? This is a tool specifically designed to do exactly what the question is asking for: Where Are You From (WAYF) service: - guides a user to his or her Identity Provider (IdP) - also known as: "Identity Provider Discovery" service - present the user a list of Identity Providers (IdPs) and redirect the user's web browser to the selected Identity Provider (IdP) or back to the Service Provider (the web application that the user is trying to access) - also known as: "Identity Provider Discovery" service
upvoted 1 times
D1960
4 years ago
On second thought, I think I may have misunderstood what a WAYF does. I think I will stick with "security training"
upvoted 1 times
...
...
Neo2020
4 years, 2 months ago
CRM tool does not support Last Login verification on client side only admin side for audit purposes. It means the user will never know last login info unless he ask directly to the CRM admin. I think A is the answer.
upvoted 2 times
...
Trap_D0_r
4 years, 2 months ago
B. A is not a security control to identify compromised accounts, it's a preventative measure to stop the account from being compromised in the first place.
upvoted 3 times
...
SoukelezArtibuz
4 years, 3 months ago
B. "Security awareness training" will not let the user identify the unauthorized use of his account.
upvoted 4 times
infosec208
4 years, 1 month ago
Unless they're trained to look then B doesn't amount to squat. Their answer is correct.
upvoted 4 times
...
D1960
4 years ago
The user should have been able to recognize, and report, the suspicious occurrences. "The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.,, The user, unaware of the compromised account, did not report the incident..." A better trained user might have known enough to see this a suspicious, and report the incident. Or, a better trained user may have known to get to the CRM by opening a tab, and entering the URL, instead of clicking a link. Or, a better trained user may have known to, at least, look at the URL before attempting to logon.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago