Comprehensive and Detailed Step-by-Step
Privacy regulations (C), such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), require companies to provide data subject access request (DSAR) handling processes. A DSAR allows individuals to request details about their personal data stored by a company and request modifications or deletions.
Information security standards (A) focus on overall security controls, while e-discovery requirements (B) relate to legal investigations rather than ongoing compliance.

The scenario describes a sophisticated attack where the threat actor used steganography within LDAP to exfiltrate data. Given that the hardware and OS firmware were validated and found uncompromised, the attack vector likely exploited a network communication channel. To mitigate such risks, enforcing allow lists for authorized network ports and protocols is the most effective strategy.
Here's why this option is optimal:
Port and Protocol Restrictions: By creating an allow list, the organization can restrict communications to only those ports and protocols that are necessary for legitimate business operations. This reduces the attack surface by preventing unauthorized or unusual traffic.
Network Segmentation: Enforcing such rules helps in segmenting the network and ensuring that only approved communications occur, which is critical in preventing data exfiltration methods like steganography.
Preventing Unauthorized Access: Allow lists ensure that only predefined, trusted connections are allowed, blocking potential paths that attackers could use to infiltrate or exfiltrate data.
Other options, while beneficial in different contexts, are not directly addressing the network communication threat:
B . Measuring and attesting to the entire boot chain: While this improves system integrity, it doesn't directly mitigate the risk of data exfiltration through network channels.
C . Rolling the cryptographic keys used for hardware security modules: This is useful for securing data and communications but doesn't directly address the specific method of exfiltration described.
D . Using code signing to verify the source of OS updates: Ensures updates are from legitimate sources, but it doesn't mitigate the risk of network-based data exfiltration.
Reference:
CompTIA SecurityX Study Guide
NIST Special Publication 800-41, "Guidelines on Firewalls and Firewall Policy" CIS Controls Version 8, Control 9: Limitation and Control of Network Ports, Protocols, and Services

Public Key Infrastructure (PKI) supports change management by securing messages (e.g., approvals, updates).Non-repudiation, provided via digital signatures, ensures a sender cannot deny sending a message, critical for auditability in change processes.
Option A:Correct-PKI's digital signatures ensure non-repudiation.
Option B:Confidentiality (via encryption) is a PKI feature but less tied to change management's focus on accountability.
Option C:Delivery receipts are not aPKI function; they're protocol-specific (e.g., SMTP).
Option D:Attestation relates to verifying attributes, not a direct PKI message capability.

Comprehensive and Detailed Step-by-Step
Option A: Deny list
Deny lists block specific applications or processes identified as malicious.
This approach is reactive and mayinadvertently block the non-standard applications that are currently in use without proper ownership.
Option B: Allow list
Allow lists permit only pre-approved applications to run.
While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear.
Option C: Audit mode
Correct Answer.
Audit mode allows monitoring and logging of applications without enforcing restrictions.
This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption.
Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional.
Option D: MAC list
Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels.
This does not align with application control objectives in this context.
CompTIA CASP+ Study Guide - Chapters on Endpoint Security and Application Control.
CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.

When differentiating between valid and invalid findings from vulnerability scans, the systemsadministrator should verify that the scanning credentials are properly configured. Valid credentials ensure that the scanner can authenticate and access the systems being evaluated, providing accurate and comprehensive results. Without proper credentials, scans may miss vulnerabilities or generate false positives, making it difficult to prioritize and address the findings effectively.
Reference:
CompTIA SecurityX Study Guide: Highlights the importance of using valid credentials for accurate vulnerability scanning.
"Vulnerability Management" by Park Foreman: Discusses the role of scanning credentials in obtaining accurate scan results and minimizing false positives.
"The Art of Network Security Monitoring" by Richard Bejtlich: Covers best practices for configuring and using vulnerability scanning tools, including the need for valid credentials.