During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security- monitoring control in place. Which of the following is the MOST likely solution?
UEBA would be the right answer. A WAF is more about protecting the organization's applications and not protecting users from phishing or other external web based threats. If they mentioned something with URL or content filtering it may be harder but given the options UEBA fits best.
Security data analytics can be used to perform basic, essential employee monitoring
or more advanced techniques such as User and Entity Behavior Analytics (UEBA),
analyzing network activity to detect suspicious traffic, identifying unauthorized
account use, identifying account breaches, supporting threat hunting, detecting
malicious insider activities, and many other similar security operations capabilities.
I understand the reasoning behind choosing B - UEBA but is clicking a link an activity that "deviates from a normal baseline" but the WAF could interrupt the problem before it starts - A.
"UEBA is a type of cybersecurity solution or feature that discovers threats by identifying activity that deviates from a normal baseline"
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ThatGuyOverThere
10 months, 1 week agoFOURDUE
1 year, 6 months agojoaks
1 year, 6 months agoangryelvis
1 year, 8 months ago[Removed]
1 year, 9 months agoAnnoyingIAGuy
1 year, 7 months agotefyayaydu
9 months, 2 weeks agoklosinskil
1 year, 10 months ago