CompTIA
CAS-003 · Question #6
CAS-003 Question #6: Real Exam Question with Answer & Explanation
The correct answer is B: Lessons learned. A lessons learned process formally documents findings from past incidents and applies them to improve defenses, which would have allowed the team to address the repeated vulnerability before the second attack.
Question
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?
Options
- AKey risk indicators
- BLessons learned
- CRecovery point objectives
- DTabletop exercise
Explanation
A lessons learned process formally documents findings from past incidents and applies them to improve defenses, which would have allowed the team to address the repeated vulnerability before the second attack.
Common mistakes.
- A. Key risk indicators are metrics used to monitor ongoing risk levels and do not capture or apply historical incident-specific vulnerability details.
- C. Recovery point objectives define acceptable data loss thresholds for backup and recovery planning and are unrelated to preventing repeated exploitation of a known vulnerability.
- D. Tabletop exercises simulate hypothetical scenarios for training purposes but do not produce or apply historical vulnerability remediation records.
Concept tested. Applying lessons learned to prevent repeated incidents
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.