CompTIA CASP+ (CAS-004) — Question 390

A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system.

Which of the following options would identify the IoCs and provide the appropriate response?

Answer options

• A. Review the network logs and update the firewall rules.
• B. Review the operating system logs and update the DLP rules.
• C. Review the vulnerability logs and update the IDS rules.
• D. Obtain the device ID using dmesg and update the portable storage inventory.

Correct answer: B

Explanation

The correct choice, B, involves reviewing the operating system logs, which can provide details about USB device connections and DLP policies that can help mitigate data loss. Options A and C are less relevant since they focus on network and vulnerability aspects rather than directly addressing USB device actions. Option D, while useful for inventory management, does not directly assist in identifying IoCs or providing an immediate response.