CompTIA CASP CAS-003 Book

Page: 24 / 25

Question 96

A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective?

Options:

Utilize measured boot attestation.

Enforce the secure boot process.

Reset the motherboard’s TPM chip.

Reinstall the OS with known-good media.

Configure custom anti-malware rules.

Question 97

A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner Which of the following business documents defines the parameters the security administrator must confirm?

Options:

BIA

ISA

NDA

MOU

Question 98

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on

the network. The security engineer is concerned the investigation may need to continue after the employee

returns to work. Given this concern, which of the following should the security engineer recommend to maintain

the integrity of the investigation?

Options:

Create archival copies of all documents and communications related to the employee

Create a forensic image of network infrastructure devices

Create an image file of the employee’s network drives and store it with hashes

Install a keylogger to capture the employee’s communications and contacts

Question 99

The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group The IT department thinks this is risky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?