CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 228

A city government's IT director was notified by the city council that the following cybersecurity requirements must be met to be awarded a large federal grant:

• Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

• All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

• Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Choose three.)

Show Answer
Correct Answer: BDEF

To meet the cybersecurity requirements of retaining logs for 365 days, tightly controlling privileged user access, and quickly identifying ransomware threats and zero-day vulnerabilities, the following technologies are needed: A log aggregator (Log Aggregator) would manage and store the system logs for the required period, aiding in monitoring and threat hunting. Privileged Access Management (PAM) would ensure that privileged user access is controlled and tracked, reducing the risk of compromised accounts. Security Information and Event Management (SIEM) systems would be the best choice for quickly identifying ransomware threats and zero-day vulnerabilities through real-time analysis and correlation of security events. Each of these technologies specifically addresses one of the required cybersecurity measures.

Discussion

15 comments
Sign in to comment
BroesweeliesOptions: BDF
Mar 8, 2023

BDF, 100% sure

nuel_12
Nov 15, 2023

a SIEM contain log aggregator the is no need of a log aggregator again the best choice of answer is ADF

CockOptions: BDF
Mar 9, 2023

The three technologies that would BEST satisfy these requirements are: B. Log aggregator - to retain logs for 365 days to enable monitoring and threat hunting. D. PAM - to tightly control and track privileged user access to mitigate compromised accounts. F. SIEM - to quickly identify ransomware threats and zero-day vulnerabilities.

AnarckiiOptions: ADE
Jan 5, 2024

Endpoint Protection for zero-day PAM for access control and SIEM for logs and event managing

smqzbqOptions: BDF
Mar 11, 2023

B D F seems reasonable.

itsTopazOptions: BDF
Mar 25, 2023

B. Log aggregator - This technology collects and centralizes logs from various devices, allowing for easy monitoring and analysis of network activity. Retaining logs for 365 days would help the city government in monitoring and threat hunting. D. PAM (Privileged Access Management) - It controls and monitors privileged user access, reducing the risk of compromised accounts. PAM also maintains a record of privileged access activity, providing an audit trail for accountability. F. SIEM (Security Information and Event Management) - SIEM technology is designed to quickly identify threats, including ransomware and zero-day vulnerabilities, by correlating data from various sources and alerting security personnel in real-time. This helps in quick identification and resolution of cybersecurity issues.

BiteSizeOptions: ADF
Jul 18, 2023

A. Endpoint protection - through either EPP or EDR prevents ransomware and zero days through various plugins at the endpoint D. Privileged Access Management - Implements and enforces least privilege (iCAM) F. Security Information and Event Management - Includes heavy forwards, universal forwarders, search heads, and indexers to provide logs in a single pane of glass (pretty much a log aggregator but better) B and F seem like the same answer but don't offer the BEST solution. What kind of organization doesn't use Endpoint protection to protect from ransomware or zero-days? -Surprised nobody has thought of this yet Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Trap_D0_rOptions: ADF
Jan 8, 2024

As others here have pointed out, but I will say again loudly: A SIEM IS A LOG AGGREGATOR ON STEROIDS. If you have a nice modern SIEM, you don't need a janky old log bucket server. The answer is ADF.

ninjachuletaOptions: ADF
Jun 7, 2024

A Endpoint Protection D Security Information and Event Management F Privileged Access Management

ninjachuleta
Jun 7, 2024

SIEM is a log aggregator therefore B is redundant.

SangSang
Jun 10, 2024

No, SIEM is include log aggregator, not is a log aggregator

OdinAtlasSteelOptions: ADF
Nov 29, 2023

SIEM (Security Information and Event Management): Despite being a log aggregator, a SIEM solution is crucial for its broader functionalities, including log management, threat detection, and compliance reporting. Endpoint Protection (Endpoint Security Solution): Endpoint Protection solutions are indeed vital for identifying ransomware threats, zero-day vulnerabilities, and other endpoint-related security risks. They provide security features specifically designed to protect individual devices and endpoints. Privileged Access Management (PAM): PAM solutions play a crucial role in tightly controlling and tracking privileged user access, mitigating the risks associated with compromised accounts, aligning with the specified requirement.

Ariel235788Options: BDF
Oct 2, 2023

To satisfy the specified cybersecurity requirements for a city government seeking a federal grant, the following technologies would be the best choices: B. Log aggregator: A log aggregator (also known as a Security Information and Event Management or SIEM system) can collect, store, and analyze logs from critical devices. It enables log retention for 365 days, aiding in monitoring, threat detection, and investigation. D. PAM (Privileged Access Management): PAM solutions can tightly control and track privileged user access. They help in mitigating the risks associated with compromised accounts by providing strict access controls, session monitoring, and auditing. F. SIEM (Security Information and Event Management): A SIEM system is essential for quickly identifying ransomware threats, zero-day vulnerabilities, and other security incidents. It correlates and analyzes data from various sources, including logs from critical devices, to detect anomalies and threats. While the other technologies mentioned can be valuable in certain contexts, they may not directly address all the specified requirements

32d799aOptions: DEF
Oct 14, 2023

F) --> Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting. D) --> All privileged user access must be tightly controlled and tracked to mitigate compromised accounts. E) --> Ransomware threats and zero-day vulnerabilities must be quickly identified.

ThatGuyOverThereOptions: ADF
Oct 27, 2023

While you often use a log aggregator to send logs to a SIEM, I think leaving endpoint protection out to choose log aggregator is a mistake. It will be crucial for identifying and stopping vulnerabilities and threats on the endpoint.

nuel_12Options: ADF
Nov 15, 2023

A. for zero day vulnerability D. for privilege access management F. for log collection and aggregation

BlingyOptions: ADF
Feb 6, 2024

Going with ADF

23169fdOptions: BDF
Jul 17, 2024

B. Log aggregator: A log aggregator collects and stores logs from various devices and systems, ensuring that logs for all critical devices are retained for 365 days. This is essential for monitoring and threat hunting as it provides a centralized repository for log data. D. PAM (Privileged Access Management): PAM solutions help control and track privileged user access. They enforce strict access controls, monitor privileged sessions, and provide detailed audit logs, mitigating the risk of compromised accounts. F. SIEM (Security Information and Event Management): SIEM systems collect and analyze log data from across the organization in real-time, providing insights into potential security threats, including ransomware and zero-day vulnerabilities. SIEM solutions often include capabilities for threat detection, incident response, and compliance reporting.