CompTIA CASP+ (CAS-003) — Question 79

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would
MOST likely prevent or deter these attacks? (Choose two.)

Answer options

• A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
• B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
• C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
• D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
• E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
• F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Correct answer: C, D

Explanation

Answer C is correct because enforcing command shell restrictions limits the tools available for potential insider threats, thereby reducing the risk of malicious activities. Answer D is also correct as it explicitly prohibits users from accessing resources that do not relate to their job, which helps to deter reconnaissance efforts. The other options, while beneficial in some contexts, do not directly address the specific issue of insider threats and their reconnaissance activities.