CompTIA CASP+ Practice Test

Which control provides the greatest certainty that unauthorized changes are not occurring after rolling out a standard computer image?

• A. Regular user training
• B. Scan computers weekly against the baseline
• C. Limit administrative access
• D. Deploy application whitelisting

The correct answer is: Scan computers weekly against the baseline

The option that provides the greatest certainty that unauthorized changes are not occurring after rolling out a standard computer image is to scan computers weekly against the baseline. This approach involves evaluating the current state of the system against a known and approved configuration. By conducting regular scans, any changes or deviations from the baseline can be detected quickly, allowing for prompt remediation of unauthorized modifications. This process creates a visibility into the integrity of the system, making it easier to ensure that only authorized changes are being made. Regular user training, while important for raising awareness about security practices and policies, does not provide direct verification of system integrity. It focuses more on the behavior of users rather than actively monitoring the state of the system. Limiting administrative access is a strong security measure to minimize the risk of unauthorized changes; however, it does not inherently monitor or detect unauthorized changes that have already occurred. It is more about controlling access rather than validating current configurations. Deploying application whitelisting helps to control what applications can run on a device, thus reducing the risk of malicious software. However, it does not comprehensively monitor all changes made across the operating system or configuration settings, which means it does not provide as much assurance regarding system integrity in comparison to routine scanning against a baseline. Overall