CompTIA
CAS-002 · Question #627
CAS-002 Question #627: Real Exam Question with Answer & Explanation
The correct answer is B: Deploy a cloud-based content filter and enable the appropriate category to prevent further. Drive-by download attacks from malicious websites are best mitigated by blocking access to those sites at the network level before any content reaches the workstation.
Question
A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?
Options
- AIncrease the frequency of antivirus downloads and install updates to all workstations.
- BDeploy a cloud-based content filter and enable the appropriate category to prevent further
- CDeploy a NIPS to inspect and block all web traffic which may contain malware and exploits.
- DDeploy a web based gateway antivirus server to intercept viruses before they enter the
Explanation
Drive-by download attacks from malicious websites are best mitigated by blocking access to those sites at the network level before any content reaches the workstation.
Common mistakes.
- A. Increasing antivirus update frequency does not help when the malware is unknown or zero-day and is already evading the existing AV engine's signatures.
- C. A NIPS still relies on detection of known exploit signatures rather than preventing access to malicious sites, and may not intercept all web-based malware especially over encrypted channels.
- D. A gateway antivirus server uses the same signature-based detection that is already failing, so it would not solve the problem of malware evading corporate antivirus.
Concept tested. Web content filtering to block malicious websites
Reference. https://www.cisa.gov/topics/cyber-threats-and-advisories/malware
Community Discussion
No community discussion yet for this question.