CompTIA
CAS-003 · Question #442
CAS-003 Question #442: Real Exam Question with Answer & Explanation
The correct answer is B: EDR. EDR addresses behavioral detection, hash blocking, and alerting while DLP prevents cardholder data from leaving the environment - together they cover all four stated requirements. No single tool addresses all requirements alone.
Question
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements: - Detect administrative actions - Block unwanted MD5 hashes - Provide alerts - Stop exfiltration of cardholder data Which of the following solutions would BEST meet these requirements? (Choose two.)
Options
- AAV
- BEDR
- CHIDS
- DDLP
- EHIPS
- FEFS
Explanation
EDR addresses behavioral detection, hash blocking, and alerting while DLP prevents cardholder data from leaving the environment - together they cover all four stated requirements. No single tool addresses all requirements alone.
Common mistakes.
- A. Antivirus relies on signature matching and cannot detect attacks that mimic legitimate administrative behavior or block hashes of files not in its database.
- C. A HIDS (Host Intrusion Detection System) monitors and logs suspicious activity but only detects - it does not block hash execution or prevent data exfiltration.
- E. A HIPS focuses on blocking known attack patterns via rules; it lacks the behavioral analytics of EDR and does not provide DLP capabilities to stop data exfiltration.
- F. EFS (Encrypting File System) encrypts files at rest to prevent unauthorized access to stored data; it provides no detection, alerting, or exfiltration prevention capabilities.
Concept tested. Combining EDR and DLP for cardholder data protection
Reference. https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp
Community Discussion
No community discussion yet for this question.