CompTIA CASP+ (CAS-003) — Question 321

A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:
* Scan of specific subsets for vulnerabilities
* Categorizing and logging of website traffic
* Enabling specific ACLs based on application traffic
* Sending suspicious files to a third-party site for validation
A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware
Which of the following services MOST likely identified the behavior and sent the report?

Answer options

• A. Content filter
• B. User behavioral analytics
• C. Application sandbox
• D. Web application firewall
• E. Endpoint protection
• F. Cloud security broker

Correct answer: B

Explanation

User behavioral analytics is designed to monitor user activities and detect abnormal behaviors, such as excessive data sharing, which is evident in this scenario. Other options, like content filters and firewalls, focus more on content and traffic management rather than analyzing user behavior patterns, while application sandboxes and endpoint protection primarily deal with threat detection on individual devices.