CompTIA CASP+ (CAS-004) — Question 384

IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

Answer options

• A. FIM
• B. SASE
• C. UEBA
• D. CSPM
• E. EAP

Correct answer: C

Explanation

The correct answer is C, UEBA (User and Entity Behavior Analytics), which can detect anomalous behavior that signature-based systems might miss. The other options, such as FIM (File Integrity Monitoring), SASE (Secure Access Service Edge), CSPM (Cloud Security Posture Management), and EAP (Extensible Authentication Protocol), do not primarily focus on behavioral analysis, which is crucial for identifying threats beyond known signatures.