CompTIA CySA+ (CS0-003) — Question 285

An organization’s threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

Answer options

• A. Disable administrative accounts for any operations.
• B. Implement MFA requirements for all internal resources.
• C. Harden systems by disabling or removing unnecessary services.
• D. Implement controls to block execution of untrusted applications.

Correct answer: C

Explanation

Option C is correct because hardening systems by disabling or removing unnecessary services reduces the attack surface that adversaries can exploit during privilege escalation. Options A and B, while beneficial, do not directly address the use of native tools for escalation, and option D focuses on untrusted applications, which may not fully mitigate the risks posed by trusted tools being misused.