A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)
A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
anyone looked at the new questions
https://vceguide.com/comptia/cas-003-comptia-advanced-security-practitioner-casp-v2/
Problem – High Frequency malicious activity from insider threats. Internally sourced resulting in privleged accounts and network file shares.
What is most likely to prevent these attacks?
A. Role Based privileged user training, highlighting common threats? – Could help, not a large amount though.
B. Increase frequency of OS vulnerability scans, decrease the time between patches? – The attacks are against users and file shares, this sounds like it is more of an authentication based attack, which means patches will be less relevant.
C. Command shell restrictions via GPOs. – This could certainly help.
D. Include an explicit statement for users restricting users from enumerating directories.
E. Full Disk encryption and UEFI for complex passwords.
F. Application Blacklisting at a OS level.
C/D seem like the best answer without more information. Application blacklisting or os vulnerability could be up there as well if we knew more about the attacks.
My one reservation is D, will a policy really help against someone that is actively hacking a network.
Great answer, Rand.
Just to answer your last question:
“My one reservation is D, will a policy really help against someone that is actively hacking a network.”
This is not a matter of prevent the attack, but being able to take measures against an employee by having a policy.
Because of this, I would consider D valid.
Answer: C & D