Which of the following should the security team do to prevent this from Happening in the future?

An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools.

Which of the following should the security team do to prevent this from Happening in the future?
A . Implement HIPS to block Inbound and outbound SMB ports 139 and 445.
B . Trigger a SIEM alert whenever the native OS tools are executed by the user
C . Disable the built-in OS utilities as long as they are not needed for functionality.
D . Configure the AV to quarantine the native OS tools whenever they are executed

View Answer

Answer: C