CompTIA CASP+ (CAS-004) — Question 642

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

• Unsupported, end-of-life operating systems were still prevalent on the shop floor.
• There are no security controls for systems with supported operating systems.
• There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

Answer options

• A. Deploy antivirus software to all of the workstations.
• B. Increase the level of monitoring on the workstations.
• C. Utilize network-based allow and block lists.
• D. Harden all of the engineering workstations using a common strategy.

Correct answer: D

Explanation

Harden all of the engineering workstations using a common strategy is the best option because it ensures that all systems are secured consistently, addressing vulnerabilities from unsupported operating systems and inconsistencies in software. The other options, while beneficial, do not provide the same comprehensive level of security and uniformity needed to significantly reduce the attack surface.