CV0-003 · Question #783
A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent f
The correct answer is D. Define and configure the proper permissions for the file-sharing service.. The root cause has already been identified and confirmed through testing; the appropriate next step in incident response is remediation by correcting the misconfigured permissions.
Question
A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access. Which of the following is the best step for the administrator to take NEXT?
Options
- AIdentify the changes to the file-sharing service and document.
- BAcquire a third-party DLP solution to implement and manage access.
- CTest the current access permissions to the file-sharing service.
- DDefine and configure the proper permissions for the file-sharing service.
How the community answered
(24 responses)- A4% (1)
- B4% (1)
- C13% (3)
- D79% (19)
Why each option
The root cause has already been identified and confirmed through testing; the appropriate next step in incident response is remediation by correcting the misconfigured permissions.
Identifying and documenting the changes is a root cause analysis step that has already been completed in the scenario, so performing it again would be redundant rather than productive.
Acquiring a third-party DLP solution is a long-term strategic control measure and is not the immediate next step when a specific, identified misconfiguration can be directly remediated right now.
Testing the current access permissions has already been performed using the test user account, confirming the issue; repeating this step does not advance the incident toward resolution.
The administrator has completed both root cause identification (parent folder permissions were modified) and verification (test account confirmed everyone has write access). The incident response process now requires remediation - defining and applying the correct, least-privilege permissions to the files and folders to prevent further unauthorized deletions and close the vulnerability.
Concept tested: Incident response remediation after permission misconfiguration
Topics
Community Discussion
No community discussion yet for this question.