Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 80

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

✑ Unauthorized insertions into application development environments

✑ Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Perform static code analysis of committed code and generate summary reports.

Implement an XML gateway and monitor for policy violations.

Monitor dependency management tools and report on susceptible third-party libraries.

Install an IDS on the development subnet and passively monitor for vulnerable services.

Model user behavior and monitor for deviations from normal.

Continuously monitor code commits to repositories and generate summary logs.

Correct Answer: E, F

To prioritize defenses against unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, the appropriate actions would be to model user behavior and monitor for deviations from normal, and continuously monitor code commits to repositories and generate summary logs. Modeling user behavior allows for the detection of anomalies that could indicate unauthorized access or changes by insiders. Continuously monitoring code commits ensures that any unauthorized insertions or suspicious activities in the codebase are detected early on. These actions provide a comprehensive approach to detecting and responding to the specified attack scenarios in the development environment.

Discussion

nelombgOptions: EF

E and F are the answers to this question.

ra774ra7Options: EF

E. Model user behavior and monitor for deviations from normal. This option focuses on detecting anomalies in user behavior within the development environment. By establishing baselines for typical actions and access patterns, the system can flag unusual activity that might indicate unauthorized insertions or configuration changes. This includes monitoring access times, modifications made, files accessed, and commands executed. F. Continuously monitor code commits to repositories and generate summary logs. This option provides visibility into changes made to the codebase. Monitoring commits allows for early detection of suspicious insertions, backdoors, or other malicious code injected by attackers. Analyzing commit logs can also reveal patterns of unauthorized activity, even if the attacker tries to blend in with legitimate changes. A. Doesn't help because it doesn't directly address unauthorized insertions or configuration changes.

BiteSizeOptions: AF

A = SAST F = CONMON Best choices for coding protections in a modern dev environment. If they have a CI/CD pipeline, I would also recommend a DSAT. C is important but isn't as good D doesn't have enough action to it, a passive IDS doesn't beat CONMON and analysis of code. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

kycuguOptions: AF

A. Perform static code analysis of committed code and generate summary reports. F. Continuously monitor code commits to repositories and generate summary logs. Performing static code analysis of committed code and continuously monitoring code commits to repositories can help detect unauthorized insertions into application development environments. Static code analysis is a technique that involves analyzing code without executing it to identify potential vulnerabilities, security flaws, or other issues. By performing static code analysis of committed code and generating summary reports, the home automation company can identify any code that does not meet its standards or that may be malicious.

atebyasandwichOptions: AF

It best meets the requirements of the question.

dangerelchuloOptions: AF

Is best actions for internal code review and security

AgronaOptions: AF

I like AF as the concern is "insider" static code reviews and submitted summary reports would be a good check against an insider threat. I thought IDS at first, but the concern isnt detecting an unusual presence or event at the transport layer, rather the integrity of the code.

RevZig67Options: AF

I think A F.

cyspecOptions: EF

SAST addresses the issue of poorly written code, not maliciously written code.

ToPHOptions: EF

E. Model user behavior and monitor for deviations from normal. This approach involves using User and Entity Behavior Analytics (UEBA) to establish a baseline of normal user behavior and detect deviations. By modeling user behavior, the SOC can identify unauthorized activities by insiders, such as unauthorized changes to environment configurations. F. Continuously monitor code commits to repositories and generate summary logs. Monitoring code commits to repositories helps detect unauthorized insertions and changes in the codebase. Generating summary logs of these commits allows the SOC to track and identify suspicious activities or unauthorized changes made by insiders.

talosDevbotOptions: EF

F) will detect unauthorized insertion E) will address the concern of insider threat. UEBA is commonly used to detect malicious activity from insiders. Note that the second attack scenario in the question is for unauthorized changes to *environmental configurations*. It does not state any changes to the code. The environmental configurations include things server addresses, database connection strings, and API endpoints. So if you have UEBA implemented, usually on a SIEM, you can detect these unauthorized changes in configuration.

AlexJacobsonOptions: DF

Here what I think: D - you want to prevent "unauthorized insertion into development environment" so you need to watch that network segment - IDS F - you are monitoring commits done by authorized devs, making sure they don't abuse the access and do something bad in the code on purpose.

AlexJacobson

BTW, it can also be C and F. (C is basically saying that you are monitoring any changes with libraries and similar)

BiteSize

I would agree with D being an option but it says passively monitor services. I don't like the word passively, seems like making security an afterthought, if they said setup continuous monitoring (active monitoring) that would definitely be the answer

23169fdOptions: EF

Option A (Static Code Analysis), while valuable for ensuring code security and quality, does not directly address the specific scenarios of unauthorized insertions and insider threats as effectively as Options E and F. Static code analysis focuses on code quality and vulnerability detection, not on monitoring and detecting unauthorized actions.

EAlonsoOptions: EF

E.F, after F comes A as next step.