A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
A. email server that automatically deletes attached executables.
B. IDS to match the malware sample.
C. proxy to block all connections to
D. firewall to block connection attempts to dynamic DNS hosts.
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
Option B only creates an alert when the malware is detected, It would be correct if it was an IPS.
C is the correct in this case
The answer is B. The question does not ask about blocking the source of the malware, it askes how to prevent this specific version of malware. By feeding the sample into the IDS, you are creating a IDS signature or rule that will know what to look for and “prevent other computers from being infected by the same malware variation”. This specific question also does not give you a “source”. Other CYSA questions where the answer is to block user form reaching the source usually gives you a source such as “onebadactor.com”
The correct answer is C because the question did not mention an .EXE file. So you should block the Malware source address.