A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?
A.
Disable the appropriate settings in the administrative template of the Group Policy.
B.
Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.
C.
Modify the registry keys that correlate with the access settings for the System32 directory.
D.
Remove the user's permissions from the various system executables.
The BEST action for the security analyst to take when a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities is to use AppLocker to create a set of whitelist and blacklist rules specific to group membership. Therefore, the correct answer is B.
AppLocker is a Windows feature that enables organizations to specify which applications are allowed to run on a computer system. By creating a set of whitelist and blacklist rules specific to group membership, the security analyst can restrict access to command prompt, PowerShell, and other system utilities for the standard user. This will help to prevent unauthorized access and misuse of these tools.
AppLocker is a powerful tool designed to control which applications users and groups can run on a system. By creating specific rules based on group membership, the analyst can effectively restrict access to command prompt, PowerShell, and other system utilities for standard users while allowing authorized users to continue using them.
For me, the keyword here is 'unauthorised access'. If we are to use GPO or whitelist/blacklist, it means currently he is authorised albeit by mistake only, but authorised. So I am going with D as that removes the user's access to executables and brings reinstates his account to authorised accesses only.
B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.
AppLocker is a security feature in Windows that allows you to create policies to control which applications are allowed to run on a system. In this scenario, using AppLocker to create a set of whitelist rules specific to group membership would be the best action. This approach would allow the security analyst to specify which applications (such as the command prompt, PowerShell, and other system utilities) are allowed to run based on the user's group membership.
AppLocker is a Microsoft Windows feature that allows administrators to create policies to control which applications are allowed to run on a system. In this scenario, using AppLocker to create a set of rules specific to group membership would be an effective way to control and restrict the unauthorized access to command prompt, PowerShell, and other system utilities.
This will prevent the standard user from accessing the command prompt, PowerShell, and other system utilities, regardless of their permissions to the individual executables.
Group Policy can be used to enforce a wide variety of administrative rules. It's the best administrative option from my perspective.
Disabling the appropriate settings in the administrative template of the Group Policy can help restrict access to command prompt, PowerShell, and other system utilities for standard users.
Based on the scenario, there is a malicious event happened to a standard user which has access to system utilities beyond the set permission. Ofcourse, first we will isolate it.
Why not A? because it may affect other legitimate users as well.
Just my thoughts on the question.
The question states that the user is a "standard user", not an administrator account, with extra permissions. Disabling the settings in the administrative template (A) will not affect a standard user unless they are part of the administrative group.
D is the only answer that makes sense.
tandard user permissions can also be set using administrative templates in Group Policy Objects (GPOs). These templates can be used to configure settings for standard users just like they can be used to configure settings for privileged users. For example, an organization can use administrative templates to configure security settings, software installation and maintenance settings, and settings for specific applications for standard users.
It's important to note that while standard users may not have the ability to modify GPO settings themselves, the administrative templates can be used by a privileged user, such as an administrator, to configure settings for standard users. These templates can be used to restrict access to certain features or applications for standard users, or to configure settings that will enforce specific policies for standard users.
It's important to review and test the changes made by GPO for standard users, to ensure that the changes do not negatively impact their daily work.
This should D. The problem states the user has been given excessive permissions violating the principle of least privilege, removing the user's access to stated executables will correct the user's permission. Changing settings in the group policy is excessive and is actually needed for admin roles, the question also didn't state the use of Group Policies to apply user permissions.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
encxorblood
Highly Voted 2 years, 2 months agotutita
1 year, 11 months agouday1985
1 year, 7 months agoRobV
1 year, 4 months agoYerfez
Highly Voted 2 years, 7 months agozecomeia_007
Most Recent 9 months, 2 weeks agoHa89
10 months, 2 weeks agoFT000
1 year, 2 months agoRobV
1 year, 4 months ago32d799a
1 year, 5 months agonovolyus
1 year, 5 months agoskibby16
1 year, 5 months agogrelaman
1 year, 8 months agonaleenh
1 year, 8 months agotutita
1 year, 11 months agokiduuu
2 years agoJoshuaXIV
2 years agotrainingsmits
2 years, 4 months agotrojan123
2 years, 3 months agoComptia_Secret_Service
2 years, 5 months ago