ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 237 discussion

Actual exam question from CompTIA's CAS-004
Question #: 237
Topic #: 1
[All CAS-004 Questions]

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

  • A. Reviewing video from IP cameras within the facility
  • B. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
  • C. Implementing integrity checks on endpoint computing devices
  • D. Looking for privileged credential reuse on the network
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bigbongos at Feb. 15, 2023, 9:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
javier051977
Highly Voted 8 months, 3 weeks ago
Selected Answer: A
Since the system is completely air-gapped and closed, external files should not have been able to upload to the critical server. Therefore, the most likely cause of the anomalous files is an insider threat. Given that, the most effective process to expose an attacker would be to review video from IP cameras within the facility, as it can help identify any unusual behavior or activity by individuals who may have accessed the server. Therefore, the correct answer is A. Reviewing video from IP cameras within the facility.
upvoted 8 times
...
Geofab
Most Recent 9 months ago
Selected Answer: A
agree with A
upvoted 4 times
...
encxorblood
9 months, 1 week ago
Selected Answer: A
A. Reviewing video from IP cameras within the facility Since the system is completely air-gapped and closed, it is unlikely that the attacker gained access through the network. Reviewing video footage from IP cameras within the facility may provide clues to the source of the breach, such as someone physically accessing the server or using unauthorized devices (e.g., USB drives) to introduce the anomalous external files.
upvoted 3 times
...
Serliop378
9 months, 3 weeks ago
Selected Answer: A
Air gaped so only physical access was possible
upvoted 4 times
...
Cock
9 months, 4 weeks ago
Selected Answer: D
Looking for privileged credential reuse on the network is the most likely process that would expose an attacker. The anomalous external files on the server suggest that the attacker gained access to the system. Therefore, the attacker must have had privileged credentials or access that allowed them to upload the files. By looking for privileged credential reuse on the network, the administrator can identify any credentials that have been compromised and potentially used by the attacker to gain access to the system. This information can be used to revoke compromised credentials, change passwords, and implement additional security measures to prevent future attacks.
upvoted 2 times
[Removed]
9 months, 1 week ago
It's airgapped
upvoted 2 times
...
...
Bigbongos
10 months, 3 weeks ago
A easy
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel