CompTIA CySA+ (CS0-003) — Question 499

An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

Answer options

• A. Set user account control protection to the most restrictive level on all devices
• B. Implement MFA requirements for all internal resources
• C. Harden systems by disabling or removing unnecessary services
• D. Implement controls to block execution of untrusted applications

Correct answer: C

Explanation

The correct answer is C because hardening systems by disabling or removing unnecessary services minimizes the attack surface that adversaries can exploit for privilege escalation. Options A and B, while helpful for security, do not directly address the method of privilege escalation being observed. Option D may help mitigate some threats but does not specifically target the use of native Windows tools for escalation.