Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 433

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

Write a SIEM rule that generates a critical alert when files are created on the application server.

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

Correct Answer: B

Implementing a File Integrity Monitoring (FIM) system that generates alerts when the file is accessed by IP addresses not associated with the application is the best option. FIM is specifically designed to detect and alert on file changes, ensuring that any unauthorized access or modifications can be promptly identified. This approach directly addresses the risk of a malicious insider attempting to alter the file without being detected, thus maintaining the integrity and security of the sensitive information.

Discussion

isaphiltrickOption: B

File Integrity Monitoring (FIM) is designed to monitor and detect changes to files. Implementing FIM with automatic alerts when the file is accessed by unauthorized IP addresses ensures that any unauthorized or suspicious access attempts are promptly identified. This helps in detecting and preventing malicious insiders from making undetected changes to the file, thereby protecting the integrity of the sensitive data.