220-1102 Question #396: Real Exam Question with Answer & Explanation

Question

A company recently experienced a security incident in which a USB drive containing malicious software was able to covertly install malware on a workstation. Which of the following actions should be taken to prevent this incident from happening again? (Choose two.)

Options

• AInstall a host-based IDS.
• BRestrict log-ln times.
• CEnable a BIOS password.
• DUpdate the password complexity.
• EDisable AutoRun.
• FUpdate the antivirus definitions.
• GRestrict user permissions.

Explanation

To prevent malware installation from USB drives, disable AutoRun to stop automatic execution and restrict user permissions to prevent unauthorized software installation.

Common mistakes.

• A. Installing a host-based IDS (HIDS) is a detection mechanism, not a preventative one for the initial infection vector described.
• B. Restricting log-in times controls when users can access the system but does not prevent malware installation from a USB drive when they are logged in.
• C. Enabling a BIOS password secures access to the BIOS/UEFI settings but does not prevent malware from running once the operating system has loaded.
• D. Updating password complexity strengthens user authentication but does not prevent malware from being introduced or installed via a USB drive.
• F. Updating antivirus definitions helps detect known malware but doesn't prevent the initial execution or installation if the malware is new or sophisticated enough to evade detection.

Concept tested. USB security and malware prevention

Reference. https://learn.microsoft.com/en-us/windows/client-management/group-policy-settings-for-autoplay

No community discussion yet for this question.