nerdexam
ExamsCAS-003Questions#3
CompTIA

CAS-003 · Question #3

CAS-003 Question #3: Real Exam Question with Answer & Explanation

The correct answer is C: Enforce command shell restrictions via group policies for all workstations by default to limit which. Restricting command shell access via group policy limits the reconnaissance tools available to insiders, and explicit rules of behavior create policy-based deterrence against malicious activity.

Question

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

Options

  • AConduct role-based training for privileged users that highlights common threats against them and
  • BIncrease the frequency at which host operating systems are scanned for vulnerabilities, and
  • CEnforce command shell restrictions via group policies for all workstations by default to limit which
  • DModify the existing rules of behavior to include an explicit statement prohibiting users from
  • EFor all workstations, implement full-disk encryption and configure UEFI instances to require
  • FImplement application blacklisting enforced by the operating systems of all machines in the

Explanation

Restricting command shell access via group policy limits the reconnaissance tools available to insiders, and explicit rules of behavior create policy-based deterrence against malicious activity.

Common mistakes.

  • A. Role-based training raises awareness but does not technically prevent or deter reconnaissance activity from occurring.
  • B. Increasing vulnerability scan frequency helps identify weaknesses but does not prevent an already-present insider from performing reconnaissance.
  • E. Full-disk encryption and UEFI protections defend against physical theft and offline attacks, not against authenticated insider reconnaissance over the network.
  • F. Application blacklisting blocks known malicious executables but insiders can still use built-in OS tools for reconnaissance unless shell access is restricted.

Concept tested. Mitigating insider threat reconnaissance with policy and technical controls

Reference. https://www.cisa.gov/topics/physical-security/insider-threat-mitigation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice