For the insider threat question, the prompt says the insider has legitimate access, therefore, implying the insider is misusing their access. I don't understand how enforcing strict password policies or implementing RBAC would help given that the insider has legitimate access. The question could be worded differently to support those two actions IMHO. I have my sec+ 701 exam soon and your PBQ videos are very helpful!
Preventing future data breaches is part of the Post Incident Activity Phase, which is the last phase in the IRC, so encrypting data would not be done immediately.
Q1: Network Intrusion 7/7
Q2: Data Breach 5/7
Q3: Ransomware Attack 6/7
Q4: Insider Threat: 6/7
Total: 24/28 86%
For the insider threat question, the prompt says the insider has legitimate access, therefore, implying the insider is misusing their access. I don't understand how enforcing strict password policies or implementing RBAC would help given that the insider has legitimate access. The question could be worded differently to support those two actions IMHO. I have my sec+ 701 exam soon and your PBQ videos are very helpful!
I suppose the question interprets legitimate access and authorized access as different.
Thank you!
For the second question, why would you not encrypt data immediately? Wouldn't that help with future data breaches?
Preventing future data breaches is part of the Post Incident Activity Phase, which is the last phase in the IRC, so encrypting data would not be done immediately.
cool