SecurityX CAS-005 Book

Step-by-Step Explanation:

Option A: Deny list

Deny lists block specific applications or processes identified as malicious.

This approach is reactive and mayinadvertently block the non-standard applications that are currently in use without proper ownership.

Option B: Allow list

Allow lists permit only pre-approved applications to run.

While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear.

Option C: Audit mode

Correct Answer.

Audit mode allows monitoring and logging of applications without enforcing restrictions.

This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption.

Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional.

Option D: MAC list

Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels.

This does not align with application control objectives in this context.

CompTIA CASP+ Study Guide - Chapters on Endpoint Security and Application Control.

CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.

The most appropriate solution for the systems engineer to deploy is SELinux (Security-Enhanced Linux). Here's why:

Mandatory Access Control (MAC): SELinux enforces MAC policies, ensuring that only authorized users and processes can access specific resources. This helps in preventing unauthorized reading and modification of data and programs.

Access Vector Cache: SELinux utilizes an access vector cache (AVC) to improve performance. The AVC caches access decisions, reducing the need for repetitive policy lookups and thus improving system efficiency.

Security Mechanisms: SELinux provides a robust framework to enforce security policies and prevent bypassing of application security mechanisms. It controls access based on defined policies, ensuring that security measures are consistently applied.

Privilege Escalation and Process Interference: SELinux limits the ability of processes to escalate privileges and interfere with each other by enforcing strict access controls. This containment helps in isolating processes and minimizing the risk of privilege escalation attacks.

Anacceptable use policy (AUP)defines what is considered appropriate use of corporate email and prevents unnecessary emails to personal accounts. This helps in reducing false DLP alerts while maintaining compliance.

Quarantining emails (A)is unnecessary since the content was not flagged as sensitive.

Encryption (C)secures emails but does not address overuse.

Phishing awareness training (D)is unrelated to policy enforcement for outgoing emails.

The Common Vulnerability Scoring System (CVSS) v3.1 uses three metric groups to calculate overall scores:Base,Temporal, andEnvironmental.

Base (E):Mandatory metrics assessing exploitability (e.g., attack vector) and impact (confidentiality, integrity, availability).

Temporal (A):Optional metrics reflecting the current state of the vulnerability (e.g., exploit availability, remediation level).

Environmental (F):Optional metrics tailoring the score to the organization’s context (e.g., security requirements).

B, C, D (Availability, Integrity, Confidentiality):These are subcomponents of the Base Impact metrics, not standalone groups.

G (Impact):A categorywithin Base, not a group.

H (Attack vector):A single Base metric, not a group.