A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?
A. Antivirus
B. Patch management
C. Log monitoring
D. Application whitelisting
E. Awareness training
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
D – awareness training does not guarantee anything, only that your employees have been trained. Application Whitelisting will prevent this from being executed, thus a better choice.
The question ask for a way that “BEST prevent this from happening again”.
I would say D (Application Whitelisting) since a malware (or an executable) will never be on the whitelist, it therefore can never run. While E (Awareness Training) is also a good choice, it will never completely mitigate the phishing threat.
IMO the only way to avoid this kind of attack is “E – Application whitelisting. Using this, only authorized apps would be able to run and certainly those malware wouldn’t be authorized.
Antivirus may fail and awareness training, although very important, would MITIGATE it, but still some users would click and get infected.
I meant “D. Application whitelisting”, sorry.
What about D? Whitelisting would prevent the malicious executable from running?
Any thoughts on D vs E?
should be E
because need be to sure not happening again
with antivirus it may bypass it
E for sure
Anti virus will not prevent this from happening – signagture based!
to prevent phishing attacks of this type from happening you need to create awareness – make the humans more vigilant!
E – Awareness training!