CAS-005 · Question #354
CAS-005 Question #354: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #354. The question stem and answer options stay visible for context.
Question
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
Options
- AAre there opportunities for legal recourse against the originators of the spear-phishing campaign?
- BWhat internal and external stakeholders need to be notified of the breach?
- CWhich methods can be implemented to increase speed of offline backup recovery?
- DWhat measurable user behaviors were exhibited that contributed to the compromise?
- EWhich technical controls, if implemented, would provide defense when user training fails?
- FWhich user roles are most often targeted by spear phishing attacks?
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.