Exam CS0-002 topic 1 question 166 discussion

The company wants to protect data inside and out (literally). The best way to do that is to limit who has privileges to which sets of data. (ie, least privilege – that customers only have access to their own data, etc.) WRONG ANSWERS • B – Risk management is done to evaluate vulnerabilities and prioritize their handling to reduce impact. We’re more concerned about sensitive data here than vulnerabilities. • C – MFA can help ensure the right people are accessing data but doesn’t guarantee users won’t leak data accidentally or that a solution will limit their access accordingly. • D – Similar to MFA, adding more security resources could protect access to the data but doesn’t ensure the data itself is safe. Besides, what exactly constitutes ‘security resources’?

A. Implement privileged access management - assumes the threat actor gains access to low privileged user in the org but what about the customer externally B. Implement a risk management process o Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact C. Implement multifactor authentication - is a solution that can work internally in the org and externally for the customers D. Add more security resources to the environment - doesnt ensure data protection going with C but this is a dumb question

The answer is not A because privileged users are not the only users that have access to sensitive data. So that implementation only affects a small subset of users. Deploying interal and external MFA, on the otherhand, would be a great enterprise-wide countermeasure for all users.

ChatGPT: 1. Data Encryption 2. Access Controls 3. Multi-Factor Authentication (MFA) 4. Data Loss Prevention (DLP) Solutions 5. Endpoint Security 6. Network Security 7. Security Awareness Training 8. Incident Response Plan 9. Vendor Risk Management 10. Regulatory Compliance, etc.

Given the scenario described, the countermeasure that would BEST prevent the loss of customers' sensitive data is option C: Implement multifactor authentication. Multifactor authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of identification before accessing sensitive data. This typically involves combining something the user knows (such as a password or PIN) with something the user has (such as a physical token or a mobile device) or something the user is (such as biometric data like a fingerprint or facial recognition). By implementing MFA, even if an attacker manages to obtain a user's password or credentials, they would still need access to the additional factor to successfully authenticate and access the data.

I agree that A would protected user's data internally and externally because PAM would manage what privileged users can do with data

In this case, implementing MFA for accessing sensitive data can help prevent unauthorized access even if the attacker manages to bypass other security measures. Privileged access management (A) and risk management process (B) are important security measures, but they do not directly prevent data loss.

Sometimes referred to as privileged identity management (PIM) or privileged access security (PAS), PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions. The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets. By enforcing the principle of least privilege, organizations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches. In summary, the less folk that have access to the PHI the less likely it is to be breached/abused etc.... https://www.cyberark.com/what-is/privileged-access-management/

Going with A

focus on "protected by the organization internally and externally", so privileged access management

Agree with Nick. 1. PAM is correct

I think that it's A for 2 reasons. 1. I've never heard of MFA being used to turn on. 2. If it was an internal actor, MFA wouldn't stop anything because it would be an actual employee. proper access management would hopefully prevent external threat actors and definitely prevent internal ones.

after careful review of the question ive decided that C is the most appropriate

Thinking more about C