nerdexam
ExamsCAS-003Questions#537
CompTIA

CAS-003 · Question #537

CAS-003 Question #537: Real Exam Question with Answer & Explanation

The correct answer is B: User behavioral analytics. User Behavioral Analytics (UBA/UEBA) detects anomalous user activity by baselining normal behavior and alerting on deviations such as unusually large data transfers to external destinations.

Question

A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network: - Scan of specific subsets for vulnerabilities - Categorizing and logging of website traffic - Enabling specific ACLs based on application traffic - Sending suspicious files to a third-party site for validation A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware Which of the following services MOST likely identified the behavior and sent the report?

Options

  • AContent filter
  • BUser behavioral analytics
  • CApplication sandbox
  • DWeb application firewall
  • EEndpoint protection
  • FCloud security broker

Explanation

User Behavioral Analytics (UBA/UEBA) detects anomalous user activity by baselining normal behavior and alerting on deviations such as unusually large data transfers to external destinations.

Common mistakes.

  • A. A content filter categorizes and blocks website traffic by URL or category but does not analyze user-specific behavioral patterns or detect volume anomalies in data transfers.
  • C. An application sandbox executes suspicious files in an isolated environment to detect malware behavior, not to identify anomalous user data-sharing patterns across the network.
  • D. A web application firewall inspects HTTP/S traffic to protect web applications from injection and other exploit-based attacks, not to monitor internal user behavior or flag data exfiltration volumes.
  • E. Endpoint protection detects and blocks malware on individual devices but does not aggregate or correlate user behavior patterns across the network to identify systematic exfiltration.
  • F. A cloud access security broker monitors and enforces policy for cloud service usage, but the data source in this scenario is an on-premise server, and CASB does not perform the user-behavior baseline analysis that UBA provides.

Concept tested. User behavioral analytics for insider threat and data exfiltration detection

Reference. https://csrc.nist.gov/publications/detail/sp/800-137/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice