CompTIA SecurityX (CAS-005) — Question 44

A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site. Which of the following should the team do to help mitigate these issues?

Answer options

• A. Create a firewall rule to prevent those users from accessing sensitive data.
• B. Restrict uploading activity to only authorized sites.
• C. Enable packet captures to continue to run for the source and destination related to the file transfer.
• D. Disable login activity for those users after business hours.

Correct answer: B

Explanation

The correct answer is B because restricting uploading activity to authorized sites can significantly reduce the risk of data exfiltration. Option A may not fully prevent data transfer if other access methods are used, option C, while useful for monitoring, does not prevent the attack, and option D might hinder legitimate access without fully addressing the underlying issue.