CompTIA CASP+ (CAS-003) — Question 47

A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.
Which of the following tools should be used? (Choose two.)

Answer options

• A. Fuzzer
• B. SCAP scanner
• C. Packet analyzer
• D. Password cracker
• E. Network enumerator
• F. SIEM

Correct answer: B, F

Explanation

The SCAP scanner (B) is designed to automate the assessment of security compliance and can help identify unnecessary services and weak credentials. SIEM (F) collects and analyzes security data, providing insights into system accounts and potential vulnerabilities, making it essential for auditing purposes. The other options do not specifically focus on auditing security configurations or credential strength.