CompTIA CASP+ (CAS-003) — Question 66

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:
✑ Detect administrative actions
✑ Block unwanted MD5 hashes
✑ Provide alerts
✑ Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)

Answer options

• A. AV
• B. EDR
• C. HIDS
• D. DLP
• E. HIPS
• F. EFS

Correct answer: B, D

Explanation

The correct answers are EDR and DLP. EDR (Endpoint Detection and Response) is effective in detecting and responding to suspicious administrative actions, while DLP (Data Loss Prevention) focuses on preventing the unauthorized exfiltration of sensitive cardholder data. Other options, such as AV (Antivirus) and HIDS (Host Intrusion Detection System), do not fully address all the specified requirements.