nerdexam
ExamsCAS-002Questions#624
CompTIA

CAS-002 · Question #624

CAS-002 Question #624: Real Exam Question with Answer & Explanation

The correct answer is B: Disable command execution. To prevent an authorized user from conducting internal reconnaissance, organizations should restrict command execution, harden BIOS settings, and enforce identity management controls.

Question

An administrator's company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organization's security manager to prevent an authorized user from conducting internal reconnaissance on the organization's network? (Select THREE).

Options

  • ANetwork file system
  • BDisable command execution
  • CPort security
  • DTLS
  • ESearch engine reconnaissance
  • FNIDS
  • GBIOS security
  • HHIDS
  • IIdM

Explanation

To prevent an authorized user from conducting internal reconnaissance, organizations should restrict command execution, harden BIOS settings, and enforce identity management controls.

Common mistakes.

  • A. Network File System is a file sharing protocol, not a control that limits reconnaissance capability.
  • C. Port security controls which physical devices connect to switch ports and does not restrict what an already-connected authorized user can do on the network.
  • D. TLS encrypts data in transit but does not prevent an authorized user from querying network resources or running enumeration commands.
  • E. Search engine reconnaissance is an attack technique, not a security control.
  • F. NIDS detects suspicious network activity but does not actively prevent an authorized user from performing reconnaissance.
  • H. HIDS detects unauthorized changes or suspicious activity on a host but does not proactively prevent a user from running reconnaissance commands.

Concept tested. Controls preventing internal network reconnaissance

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice