CompTIA
CAS-003 · Question #428
CAS-003 Question #428: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #428. The question stem and answer options stay visible for context.
Question
A Chief Security Officer (CSO) is reviewing the organization's incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization's CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks later, the user reported anomalous activity within the CRM tool. 5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool. 6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
Options
- ASecurity awareness training
- BLast login verification
- CLog correlation
- DTime-of-check controls
- ETime-of-use controls
- FWAYF-based authentication
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.