Exam CAS-004 topic 1 question 23 discussion

If you receive a report that your application has a vulnerability and there is suspicious activity in your logs then your FIRST step would be to investigate the logs to see if you have already been compromised and deal with that issue. THEN you can move on to other steps.

D. Working with procurement and creating a requirements document to select a new IAM system/vendor If the security team at a university has received a report from an outside auditor indicating that the institution's homegrown identity management system is not consistent with best practices and leaves the institution vulnerable, the team should consider replacing the system with a more secure and robust solution. To do this, the security team should work with procurement to create a requirements document that outlines the necessary capabilities and features of a new identity and access management (IAM) system or vendor. This may include researching and evaluating potential solutions, testing and piloting new systems, and negotiating contracts with vendors.

The correct answer is: D. Working with procurement and creating a requirements document to select a new IAM system/vendor Here's why: The auditor's report indicates that the homegrown identity management system is not aligned with security best practices and poses a vulnerability to the institution. This suggests systemic issues that likely cannot be resolved with minor tweaks or feature additions.

The key issue is that the homegrown identity management (IAM) system has been flagged by an external auditor for not following industry best practices, potentially leaving the university vulnerable. The most effective first step in addressing systemic security shortcomings is to start the process of replacing the flawed system.

D. Working with procurement and creating a requirements document to select a new IAM system/vendor. The auditor has flagged the current system as insecure and not consistent with best practices, which suggests that the underlying issue is the architecture and implementation of the homegrown identity management system. Rather than trying to patch or retrofit the current system, selecting a new, secure IAM system/vendor that follows best practices is likely the most effective first step. By procuring a more secure and scalable solution, the university can address long-term security needs and minimize risk, particularly given the potential exposure of sensitive data and systems. While investigating potential threats is essential for ongoing security, this action does not directly address the systemic issue highlighted by the auditor. The problem appears to be more related to overall design and security best practices, rather than an immediate incident or identified attack. This is important but not the first step.

Only answer that offers a way to mitigate the vulnerability.

Final Answer: ✅ D) Work with procurement and create a requirements document to select a new IAM system/vendor. Key Takeaway: 💡 Instead of trying to patch a fundamentally insecure identity system, the best solution is to replace it with a secure, industry-standard IAM system.

I think D is the right answer. The problem states the compliancy of IAM security.

A. Investigating a potential threat identified in logs related to the identity management system-> The external auditor produced a report so if there's logs involved, that's in the report so no reason to do it again B. Updating the identity management system to use discretionary access control->this was given already as temporary students have only access to certain areas, not like permanent students C. Beginning research on two-factor authentication to later introduce into the identity management system->It's a badge, I've never seen MFA in a badge. If they refer to access the identity management system, that's different, but it wasn't mentioned what the report says D. Working with procurement and creating a requirements document to select a new IAM system/vendor -> We don't know what the report says, so given the other answers aren't good to tick, we assume the "not consistent with best practices" is not possible to fix with this vendor, so we have to evaluate other options, however the answer says what to do first, well there's no multiple things to do with the given options...

Keyword: First D is a long term project, not a solution for immediate response.

Keyword is homegrown.

This is a trick question, but if you think of it, they received a report from an auditor, thus, they were not able to see the alerts themselves, so there would be no logs to investigate. I did consider the answer A, but D makes more sense.

Answer: D. Working with procurement and creating a requirements document to select a new IAM system/vendor Explanation: The security team should first address the root cause of the problem, which is the homegrown identity management system that is not consistent with best practices in the security field. This leaves the institution vulnerable. Therefore, the first step should be to work with procurement and create a requirements document to select a new Identity and Access Management (IAM) system/vendor. This will ensure that the new system is in line with the best practices in the security field and will reduce the institution's vulnerability. The other options, such as investigating a potential threat, updating the system to use discretionary access control, or researching two-factor authentication, are all important but they are secondary steps that should be taken after addressing the main issue.

Audit doesn't identify threats, they issue findings, so not a.

I initially thought "D", but I've been convinced it's "A"-- when you go to procurement the first question they'll ask is "Why do you need to buy this?" and you'll say "The auditor said there's a potential vulnerability" and they'll say "Well has it ever actually been exploited???" and you'll go "uhh...ummm.. I mean... the auditor just said it's there." and they'll say "That's nice, junior. How about you go tell me what our actual risk level is, or if there's ever been an issue, before daddy gets out his wallet and slips you some cash." Or at least that's what they'll say if you haven't don "A" first.

Given the information provided, the FIRST recommendation for the security team should be: D. Working with procurement and creating a requirements document to select a new IAM system/vendor

D About A - Who says there are logs??