nerdexam
ExamsCAS-002Questions#17
CompTIA

CAS-002 · Question #17

CAS-002 Question #17: Real Exam Question with Answer & Explanation

The correct answer is C: Scan computers weekly against the baseline. Scanning computers weekly against the established baseline configuration directly compares each machine's current state to the approved standard image, immediately identifying any deviations or unauthorized changes. This is the most targeted and reliable control for detecting con

Question

Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

Options

  • ASchedule weekly vulnerability assessments
  • BImplement continuous log monitoring
  • CScan computers weekly against the baseline
  • DRequire monthly reports showing compliance with configuration and updates

Explanation

Scanning computers weekly against the established baseline configuration directly compares each machine's current state to the approved standard image, immediately identifying any deviations or unauthorized changes. This is the most targeted and reliable control for detecting configuration drift. Weekly vulnerability assessments (A) look for known CVEs but do not verify configuration compliance. Continuous log monitoring (B) can detect events in real time but does not systematically compare the full system state to a baseline. Monthly compliance reports (D) are less frequent, less granular, and often rely on self-reported data rather than automated scanning.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice