ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 57 - CAS-004 discussion

Report
Export

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

A.
Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
Answers
A.
Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
B.
Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
Answers
B.
Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
C.
Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
Answers
C.
Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
D.
Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
Answers
D.
Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
Suggested answer: B

Explanation:

PAM (Privileged Access Management) is a solution that can increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. By implementing PAM, removing users from the local administrators group, and prompting users for explicit approval when elevated privileges are required, the security engineer can reduce the attack surface, prevent unauthorized access, and enforce the principle of least privilege. Implementing PAM, keeping users in the local administrators group, and enabling local administrator account monitoring may not provide enough control or visibility over local administrator accounts, as users could still abuse or compromise their privileges. Implementing EDR (Endpoint Detection and Response) may not provide enough control or visibility over local administrator accounts, as EDR is mainly focused on detecting and responding to threats, not managing privileges. Enabling user behavior analytics may not provide enough control or visibility over local administrator accounts, as user behavior analytics is mainly focused on identifying anomalies or risks in user activity, not managing privileges. Verified

Reference: https://www.comptia.org/blog/what-is-pam https://partners.comptia.org/docs/default-source/resources/casp-content-guide

asked 02/10/2024
57 Milecross Lane Jodie
41 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first