CompTIA CASP+ Practice Test

What is the most likely cause for an organization’s inability to determine how a data breach occurred?

• A. Insufficient monitoring of employee actions
• B. Lack of network access controls
• C. Insufficient logging and mechanisms for review
• D. Poor physical security measures

The correct answer is: Insufficient logging and mechanisms for review

The most likely cause for an organization’s inability to determine how a data breach occurred is insufficient logging and mechanisms for review. Effective logging is crucial for maintaining a clear and comprehensive record of system and user activities. When logs are insufficient or nonexistent, it becomes extremely challenging to trace the sequence of events leading to a data breach. Without sufficient logging, sensitive details such as which systems were accessed, when an unauthorized entry occurred, and the nature of the activities leading to the breach remain unknown. Moreover, mechanisms for review are essential to evaluate logs and identify any suspicious patterns or anomalies. If an organization lacks a systematic approach to review logs, even detailed logs might go unnoticed, leaving security teams in the dark regarding the breach's nature, origin, and methods. Insufficient logging and review processes can significantly hinder incident response capabilities, making it difficult to conduct thorough investigations and learn from incidents to bolster security measures moving forward. In contrast, while insufficient monitoring of employee actions, lack of network access controls, and poor physical security measures can contribute to vulnerabilities within an organization, they do not directly correlate to the specific challenge of determining how a breach occurred, which fundamentally relies on having detailed logs and review mechanisms in place.