nerdexam
CompTIA

CV0-003 · Question #574

A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent f

The correct answer is D. Define and configure the proper permissions for the file-sharing service. The administrator has already completed investigation and confirmed the misconfigured permissions are the root cause - the immediate next step is to remediate by setting correct, least-privilege permissions on the affected files and folders.

Security

Question

A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access. Which of the following is the best step for the administrator to take NEXT?

Options

  • AIdentify the changes to the file-sharing service and document
  • BAcquire a third-party DLP solution to implement and manage access
  • CTest the current access permissions to the file-sharing service
  • DDefine and configure the proper permissions for the file-sharing service

How the community answered

(33 responses)
  • A
    3% (1)
  • B
    9% (3)
  • C
    15% (5)
  • D
    73% (24)

Why each option

The administrator has already completed investigation and confirmed the misconfigured permissions are the root cause - the immediate next step is to remediate by setting correct, least-privilege permissions on the affected files and folders.

AIdentify the changes to the file-sharing service and document

Identifying and documenting changes was already performed during the root cause analysis phase; repeating this step before remediating does not protect the files from further damage.

BAcquire a third-party DLP solution to implement and manage access

Acquiring a third-party DLP solution is a longer-term strategic control and is premature when the immediate, known fix is simply correcting the existing permission misconfiguration.

CTest the current access permissions to the file-sharing service

Testing current access permissions was already completed using the test user account, confirming write access for everyone; retesting at this point does not advance remediation.

DDefine and configure the proper permissions for the file-sharing serviceCorrect

The root cause analysis is complete: the parent folder permissions were changed last week and testing confirmed that everyone has write access. With the problem fully identified and verified, the next action in the incident response process is remediation - defining least-privilege permissions and applying them to stop further unauthorized deletion or modification. Delaying remediation while pursuing additional documentation or tooling leaves the files vulnerable.

Concept tested: Incident response remediation for SaaS permission misconfiguration

Source: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Topics

#file permissions#access control#SaaS security#least privilege

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice