A Chief Security Officer (CSO) is reviewing the organization's incident response report from a recent incident. The details of the event indicate: A user received a phishing email that appeared to be a report from the organization's CRM tool. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. Several weeks later, the user reported anomalous activity within the CRM tool. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
A) Security awareness training
B) Last login verification
C) Log correlation
D) Time-of-check controls
E) Time-of-use controls
F) WAYF-based authentication
Correct Answer:
Verified
Q205: A company is not familiar with the
Q206: A security analyst is reviewing the following
Q207: A security engineer is attempting to convey
Q208: After a large organization has completed the
Q209: A company is transitioning to a new
Q211: A penetration test is being scoped for
Q212: An enterprise with global sites processes and
Q213: When reviewing KRIs of the email security
Q214: A company wants to confirm sufficient executable
Q215: During the decommissioning phase of a hardware
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents