nerdexam
GIAC

GCIH · Question #423

Why should organizations consider disabling auto-run as part of their Windows system hardening baselines?

The correct answer is B. To help prevent malware from spreading through external media. On Windows systems, malware often copies an autorun.exe file to external media, so shared thumb drives are a common vector of infection for worms. Since the drive is still enables (but autorun is not), this would not prevent any user action from taking place. Auto-run does not ch

Malware Analysis & Advanced Persistent Threats

Question

Why should organizations consider disabling auto-run as part of their Windows system hardening baselines?

Options

  • ADisabling auto-run prevents data transfer from external media to the hard drive
  • BTo help prevent malware from spreading through external media
  • CTo eliminate the risk of connecting unauthorized wireless devices
  • DTo prevent users from copying sensitive data to external media

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    86% (24)
  • C
    4% (1)
  • D
    7% (2)

Explanation

On Windows systems, malware often copies an autorun.exe file to external media, so shared thumb drives are a common vector of infection for worms. Since the drive is still enables (but autorun is not), this would not prevent any user action from taking place. Auto-run does not change permissions on drives.

Topics

#auto-run#removable media#malware propagation#system hardening

Community Discussion

No community discussion yet for this question.

Full GCIH Practice