A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http:///a.php in a phishing email.

– by 3

A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http:///a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
A. email server that automatically deletes attached executables.
B. IDS to match the malware sample.
C. proxy to block all connections to .
D. firewall to block connection attempts to dynamic DNS hosts.

CS0-002: CompTIA CySA+ Exam

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

3 thoughts on “A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http:///a.php in a phishing email.

  1. Option B only creates an alert when the malware is detected, It would be correct if it was an IPS.

    C is the correct in this case

    Reply

  2. The answer is B. The question does not ask about blocking the source of the malware, it askes how to prevent this specific version of malware. By feeding the sample into the IDS, you are creating a IDS signature or rule that will know what to look for and “prevent other computers from being infected by the same malware variation”. This specific question also does not give you a “source”. Other CYSA questions where the answer is to block user form reaching the source usually gives you a source such as “onebadactor.com”

    Reply

  3. The correct answer is C because the question did not mention an .EXE file. So you should block the Malware source address.

    2
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.