CompTIA CASP+ (CAS-003) — Question 64

A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?

Answer options

• A. SIEM server
• B. IDS appliance
• C. SCAP scanner
• D. HTTP interceptor

Correct answer: C

Explanation

The SCAP scanner is specifically designed to assess compliance with security policies and can identify account settings in Active Directory. The SIEM server primarily focuses on security event monitoring, while the IDS appliance is used for intrusion detection, and the HTTP interceptor is not relevant for checking account compliance.