CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 480

An employee in the accounting department created a potential security incident by emailing an internal spreadsheet to an external email address. The spreadsheet contained thousands of payment card numbers. A security administrator queried the following filter log and filter policy settings:

Outbound filter log information for the email:

Outbound filter policy settings:

Which of the following would best prevent this scenario from reoccurring without causing disruptions to normal business operations?

Show Answer
Correct Answer: BE

The best answer is to change the Filter action for Card_Data_Policy from Allow to Quarantine. This option addresses the specific issue of an email containing payment card numbers being sent externally. Quarantining these emails ensures they are reviewed before leaving the organization's network, which effectively prevents unauthorized external sharing of sensitive information without significantly disrupting normal business operations. The other options either do not specifically address this issue, or they may cause unnecessary disruptions.

Discussion

6 comments
Sign in to comment
isaphiltrickOption: B
Jul 6, 2024

Is this a one or two answer question? Almost all previous questions with 6 or more questions were multiple answers. If one answer, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine. If two-answers are required, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine and D. Change the Filter action for all Attachment_Policy from Allow to Block.

armidOption: A
Jul 8, 2024

If this is single answer question i would say A. Sensitive policy is already in block mode but not included in the filter log. We are modifying the data sensitivity labels and not the existing policies, which sounds in line with "least disruptions" to me. B offers itself, but the clause "without disruptions to normal business operations" makes me sway towards A. Plus we are judging the policy just by its name. If two answer question then A+B C doesn't apply because it could be disruptive D would be super disruptive E doesn't qualify as nowhere in the question is stated that the external mail is personal F doesn't qualify as it is just monitor and action would be taken too late

armid
Jul 8, 2024

oh i am sorry disregard, the sensitive is not in the filter log, so defintely not A Must be B then

armidOption: B
Jul 8, 2024

my previous answer is incorrect

23169fdOption: B
Jul 16, 2024

Quarantining emails containing payment card data would prevent them from being sent without review, which is effective but could disrupt normal operations by delaying email delivery.

EAlonsoOption: C
Jul 17, 2024

C. It could look disruptive, but comparing Sensitive_Policy actions are higher than Confidential_Policy, and credit card information is Confidential in any context. https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information

EAlonsoOption: B
Jul 17, 2024

Well, no other more than B.