CompTIA CySA+ (CS0-002) — Question 40

A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

Answer options

• A. Disable the appropriate settings in the administrative template of the Group Policy.
• B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.
• C. Modify the registry keys that correlate with the access settings for the System32 directory.
• D. Remove the user's permissions from the various system executables.

Correct answer: D

Explanation

The correct answer is D because removing the user's permissions from system executables directly addresses the unauthorized access issue. Options A and B provide preventive measures but do not resolve the immediate access problem, while option C involves a more complex approach that may not effectively restrict access.