CompTIA CASP+ (CAS-004) — Question 428

A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site. Which of the following should the team do to help mitigate these issues?

Answer options

• A. Create a firewall rule to prevent those users from accessing sensitive data.
• B. Restrict uploading activity to only authorized sites.
• C. Enable packet captures to continue to run for the source and destination related to the file transfer.
• D. Disable login activity for those users after business hours.

Correct answer: B

Explanation

The correct answer is B, as restricting uploading activity to only authorized sites helps prevent data exfiltration to unknown locations. Option A does not directly address the upload issue, while option C is more about monitoring than prevention, and option D could hinder legitimate users without solving the underlying problem.