CompTIA CASP+ (CAS-004) — Question 52

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?

Answer options

• A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
• B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
• C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
• D. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Correct answer: B

Explanation

The correct answer is B because it implements PAM while removing users from the local administrators group, reducing risks associated with excessive privileges, and ensuring users have to request approval for elevated access, which maintains security without adding significant operational burdens. Options A and D retain users in the local administrators group, which could increase security risks, while C focuses solely on EDR without addressing the need for user approval when elevating privileges.