CompTIA
CAS-002 · Question #258
CAS-002 Question #258: Real Exam Question with Answer & Explanation
The correct answer is A: The devices are being modified and settings are being overridden in production.. Configuration drift occurs when production systems are modified after initial hardening, causing settings to deviate from the compliant baseline over time.
Question
During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40% of the desktops do not meet requirements. Which of the following is the cause of the noncompliance?
Options
- AThe devices are being modified and settings are being overridden in production.
- BThe patch management system is causing the devices to be noncompliant after issuing the
- CThe desktop applications were configured with the default username and password.
- D40% of the devices have been compromised.
Explanation
Configuration drift occurs when production systems are modified after initial hardening, causing settings to deviate from the compliant baseline over time.
Common mistakes.
- B. Patch management systems apply software updates but do not typically override OS-level hardening settings unless a specific patch explicitly changes security configuration values.
- C. Default credentials on desktop applications would represent an error present at initial deployment, not explain why devices that were initially compliant subsequently became non-compliant six months later.
- D. If 40 percent of devices had been compromised, the audit would likely detect security indicators and anomalies well beyond mere non-compliance with configuration hardening requirements.
Concept tested. Configuration drift and continuous compliance monitoring
Reference. https://csrc.nist.gov/publications/detail/sp/800-128/final
Community Discussion
No community discussion yet for this question.