CompTIA PenTest+ (PT0-001) — Question 3

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).

Answer options

• A. Randomize local administrator credentials for each machine.
• B. Disable remote logons for local administrators.
• C. Require multifactor authentication for all logins.
• D. Increase minimum password complexity requirements.
• E. Apply additional network access control.
• F. Enable full-disk encryption on every workstation.
• G. Segment each host into its own VLAN.

Correct answer: C, D, E

Explanation

The correct options (C, D, E) enhance security by requiring additional authentication methods, improving password policies, and tightening network access controls. Options A and B do not address the broader issues of authentication and access security, while F and G, while beneficial, do not directly mitigate the immediate risks presented by lateral movement in the domain.