nerdexam
ExamsCAS-001Questions#314
CompTIA

CAS-001 · Question #314

CAS-001 Question #314: Real Exam Question with Answer & Explanation

The correct answer is B: Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms,. Answer B (aggregation-based SIEM on log servers) is correct because an aggregation-based approach collects and normalizes logs from existing log servers without deploying heavy agents on every production system, satisfying the performance constraint. Answer C (SOC with real-time

Question

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decreasing in value by 50% and regulatory intervention and monitoring. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: - Be across all major platforms, applications and infrastructure. - Be able to track user and administrator activity. - Does not significantly degrade the performance of production platforms, applications, and infrastructures. - Real time incident reporting. - Manageable and has meaningful information. - Business units are able to generate reports in a timely manner of the unit's system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).

Options

  • AImplement a security operations center to provide real time monitoring and incident response with self
  • BImplement an aggregation based SIEM solution to be deployed on the log servers of the major platforms,
  • CImplement a security operations center to provide real time monitoring and incident response and an
  • DEnsure that the network operations center has the tools to provide real time monitoring and incident
  • EImplement an agent only based SIEM solution to be deployed on all major platforms, applications, and
  • FEnsure appropriate auditing is enabled to capture the required information.
  • GManually pull the logs from the major platforms, applications, and infrastructures to a central secure server.

Explanation

Answer B (aggregation-based SIEM on log servers) is correct because an aggregation-based approach collects and normalizes logs from existing log servers without deploying heavy agents on every production system, satisfying the performance constraint. Answer C (SOC with real-time monitoring and incident response) addresses the real-time incident reporting requirement and provides the human analysis layer the SIEM data feeds into. Answer F (enable appropriate auditing) is foundational - without proper audit logging configured on platforms and databases, no SIEM has meaningful data to collect. Answer A's 'self-service' SOC lacks enterprise rigor. Answer E (agent-only SIEM) would impact performance on production systems. Answer G (manual log pulls) violates real-time requirements. Answer D (network operations center only) lacks the security-specific tooling needed.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice