CompTIA CASP+ (CAS-004) — Question 535

A recent security audit identified multiple endpoints have the following vulnerabilities:

• Various unsecured open ports
• Active accounts for terminated personnel
• Endpoint protection software with legacy versions
• Overly permissive access rules

Which of the following would BEST mitigate these risks? (Choose three).

Answer options

• A. Local drive encryption
• B. Secure boot
• C. Address space layout randomization
• D. Unneeded services disabled
• E. Patching
• F. Logging
• G. Removal of unused accounts
• H. Enabling BIOS password

Correct answer: D, E, G

Explanation

Disabling unnecessary services (D), applying patches (E), and deleting unused accounts (G) directly address the identified vulnerabilities. Unsecured open ports and legacy software can be mitigated by disabling services and applying updates, while removing accounts of terminated personnel limits unauthorized access. The other options do not specifically target the vulnerabilities listed in the audit.