nerdexam
ExamsCAS-002Questions#352
CompTIA

CAS-002 · Question #352

CAS-002 Question #352: Real Exam Question with Answer & Explanation

The correct answer is D: Behavior based IPS with a communication link to a cloud based vulnerability and threat. Zero-day exploits have no known signatures, so only behavior-based or heuristic detection combined with real-time threat intelligence can identify and block them.

Question

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

Options

  • ACloud-based antivirus solution, running as local admin, with push technology for definition
  • BImplementation of an offsite data center hosting all company data, as well as deployment
  • CHost based heuristic IPS, segregated on a management VLAN, with direct control of the
  • DBehavior based IPS with a communication link to a cloud based vulnerability and threat

Explanation

Zero-day exploits have no known signatures, so only behavior-based or heuristic detection combined with real-time threat intelligence can identify and block them.

Common mistakes.

  • A. Cloud-based antivirus with definition push still relies on signature updates, which by definition do not exist for zero-day exploits, leaving unknown threats undetected.
  • B. Offsite data center hosting relocates data storage but does not provide any detection or prevention capability against zero-day exploits targeting applications or endpoints.
  • C. Host-based heuristic IPS on a management VLAN improves detection but isolating it to a management VLAN limits its visibility into user-segment traffic where zero-day exploits would most likely execute.

Concept tested. Behavior-based IPS for zero-day threat detection

Reference. https://www.nist.gov/publications/guide-intrusion-detection-and-prevention-systems-idps

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice