CompTIA CASP+ (CAS-004) — Question 128

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:
✑ Work at the application layer
✑ Send alerts on attacks from both privileged and malicious users
✑ Have a very low false positive
Which of the following should the architect recommend?

Answer options

• A. FIM
• B. WAF
• C. NIPS
• D. DAM
• E. UTM

Correct answer: D

Explanation

The correct answer is D, DAM (Database Activity Monitoring), as it operates at the application layer and is designed to monitor and alert on database access and activities, effectively identifying both privileged and malicious user actions. Options A (FIM) and C (NIPS) do not focus specifically on database activities, while B (WAF) is primarily for web applications and E (UTM) serves broader network security functions, making them less suitable for this specific requirement.