CompTIA Security+ (SY0-701) — Question 157

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Answer options

• A. Configure all systems to log scheduled tasks.
• B. Collect and monitor all traffic exiting the network.
• C. Block traffic based on known malicious signatures.
• D. Install endpoint management software on all systems

Correct answer: D

Explanation

Installing endpoint management software on all systems (D) is the most effective way to monitor for unauthorized changes and software, as it provides tools for continuous oversight and alerts. Configuring systems to log scheduled tasks (A) is useful but does not provide comprehensive monitoring. Collecting all outgoing traffic (B) and blocking malicious signatures (C) are important security measures but do not specifically address monitoring for unauthorized changes on workstations and servers.