nerdexam
CompTIA

CV0-003 · Question #783

A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent f

The correct answer is D. Define and configure the proper permissions for the file-sharing service.. The root cause has already been identified and confirmed through testing; the appropriate next step in incident response is remediation by correcting the misconfigured permissions.

Operations

Question

A cloud administrator recently noticed that a number of files stored at a SaaS provider's file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access. Which of the following is the best step for the administrator to take NEXT?

Options

  • AIdentify the changes to the file-sharing service and document.
  • BAcquire a third-party DLP solution to implement and manage access.
  • CTest the current access permissions to the file-sharing service.
  • DDefine and configure the proper permissions for the file-sharing service.

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    13% (3)
  • D
    79% (19)

Why each option

The root cause has already been identified and confirmed through testing; the appropriate next step in incident response is remediation by correcting the misconfigured permissions.

AIdentify the changes to the file-sharing service and document.

Identifying and documenting the changes is a root cause analysis step that has already been completed in the scenario, so performing it again would be redundant rather than productive.

BAcquire a third-party DLP solution to implement and manage access.

Acquiring a third-party DLP solution is a long-term strategic control measure and is not the immediate next step when a specific, identified misconfiguration can be directly remediated right now.

CTest the current access permissions to the file-sharing service.

Testing the current access permissions has already been performed using the test user account, confirming the issue; repeating this step does not advance the incident toward resolution.

DDefine and configure the proper permissions for the file-sharing service.Correct

The administrator has completed both root cause identification (parent folder permissions were modified) and verification (test account confirmed everyone has write access). The incident response process now requires remediation - defining and applying the correct, least-privilege permissions to the files and folders to prevent further unauthorized deletions and close the vulnerability.

Concept tested: Incident response remediation after permission misconfiguration

Topics

#SaaS#file permissions#access control#incident response

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice