🔥 3-day streak
CompTIA SecurityX (CAS-005)38 / 120
Question 38 of 120

A security engineer is hardening a fleet of Windows workstations that run an EDR agent. During a recent incident, an attacker who gained local administrator rights was able to stop the EDR service, delete its logs, and load an unsigned kernel driver to disable telemetry before exfiltrating data. The engineer must implement controls that prevent a privileged local attacker from neutralizing endpoint protection in a similar way. Which combination of controls BEST addresses the root cause?

Reviewed for accuracy · Report an issueNext question