ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 593 discussion

Actual exam question from CompTIA's SY0-601
Question #: 593
Topic #: 1
[All SY0-601 Questions]

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

  • A. Apply a DLP solution
  • B. Implement network segmentation
  • C. Utilize email content filtering.
  • D. Isolate the infected attachment
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sheyshey at July 6, 2023, 12:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 2 years ago
*On Exam, Taken On July 31, 2023*
upvoted 26 times
Hussa
1 year, 10 months ago
what was your answer
upvoted 3 times
...
...
Bdels
Highly Voted 1 year, 8 months ago
This was on my exam today. Network segmentation is correct. I passed with 811 score.
upvoted 14 times
Babycakes_0405
1 year, 8 months ago
congrats! did you go over all of the questions on here? and what about the pbqs?
upvoted 1 times
Bdels
1 year, 8 months ago
Thanks! I only had 78 questions on the exam. There were 3 pbqs were from here. One was the virus one. 95% of the questions were from here. The problem is that there are so many questions that you don't know which ones will be on the exam. I had to guess on about 3 questions that I did not know the answer to.
upvoted 10 times
sosa4547
1 year, 3 months ago
Thanks so much!
upvoted 1 times
...
...
...
...
KelvinYau
Most Recent 9 months, 2 weeks ago
Selected Answer: B
Question is asking you prevent further spread, not future solution. So ans is B
upvoted 1 times
...
KelvinYau
9 months, 3 weeks ago
Selected Answer: D
Isolating the infected attachment directly addresses the current threat and helps mitigate further spread of the worm, making D the best choice.
upvoted 1 times
...
Titanbug
1 year, 6 months ago
Selected Answer: D
The most effective approach in this situation is to quarantine the infected attachment to stop the worm from spreading further. Quarantining the infected attachment allows the analyst to control the threat and stop it from impacting other systems within the network.
upvoted 1 times
JasonMunoz
1 year ago
Its too late to isolate the infected machine with the infected attachment. You need to segment the network now. Like cutting off a limb when its infected with gangrene
upvoted 1 times
...
...
MortG7
1 year, 7 months ago
Worms are self replicating, and it was already opened..so the genie is out of the bottle already. So you cannot isolate the attachment because replication is in progress..Segmentation is best
upvoted 6 times
janeyyyyyy322
1 year ago
initially thought d but this seems right
upvoted 1 times
...
...
above
1 year, 10 months ago
Selected Answer: B
Steps to worm mitigation 4 steps to respond to a worm attack Step 1: Containment The first step in mitigating a worm attack is to move swiftly to contain the spread of the worm and determine which machines are infected, and whether these devices are patched or unpatched. Infected machines must be isolated from machines that are not yet infected. Step 2: Inoculation Once it is clear which parts of the network the worm has infected, and those parts have been contained, other vulnerable systems must be scanned and patched. Patching the vulnerabilities the worm is using to spread will help contain the attack.
upvoted 1 times
above
1 year, 10 months ago
Step 3: Quarantine In this third step of worm mitigation, infected machines are isolated and then disconnected and removed from the network. If removal is not possible, then the infected machines need to be blocked from connecting to and accessing the network. Step 4: Treat This last step in the worm mitigation process involves remediating from the attack as well as addressing any other necessary patching of machines and systems. Depending on the severity of the attack, infected systems may need to be reinstalled entirely to ensure a thorough cleanup from the event. https://www.cisco.com/c/en/us/products/security/what-is-a-worm.html#~steps-of-a-worm-attack
upvoted 1 times
...
...
sujon_london
1 year, 11 months ago
Selected Answer: B
ChatGPT has no stability changing answer frequently based on situation and fact provide. We should not rely fully on ChatGPT; needs to a bit more research on certain situations
upvoted 1 times
...
Chillbuddy
2 years ago
Selected Answer: B
Implementing network segmentation can effectively contain the spread of the worm by isolating the infected system or segment from the rest of the network. This prevents the worm from propagating to other parts of the network and helps mitigate the impact of the incident. Network segmentation is a proactive approach to prevent lateral movement of malware within the network. While isolating the infected attachment (Option D) can be useful, it might not be as effective in preventing the worm from attempting to spread through other means or vectors beyond the isolated system. Implementing network segmentation provides a broader approach to isolating the affected systems and reducing the potential attack surface for the worm.
upvoted 4 times
...
ApplebeesWaiter1122
2 years ago
Selected Answer: B
Implementing network segmentation through firewalls would be the best option. Skip to 4:35 in Professor Messer's Video: https://www.youtube.com/watch?v=L7cwUYl8gYo
upvoted 8 times
...
Gamsje
2 years, 1 month ago
Selected Answer: B
"prevent further spread" I choose B. Implement network segmentation
upvoted 6 times
Abdul2107
2 years ago
"Furthur spread" is the keyword here. It means, it already may spread, so if you isolate the attachment now (option D), it may not sufficient to spread more, that's why, you need network segmentation,
upvoted 4 times
...
...
sheyshey
2 years, 1 month ago
Selected Answer: D
The best course of action for the analyst to take in this situation would be to isolate the infected attachment (option D). By isolating the infected attachment, the analyst can prevent further spread of the worm within the network.
upvoted 3 times
andresalcedo
2 years ago
The worm has already been executed by the attachment, it is useless to isolate it...
upvoted 5 times
...
oatmealturkey
2 years, 1 month ago
I don't think so, I don't think worms work that way. I believe the given answer is correct. "...once it infects a vulnerable machine, it can “self-replicate” and spread automatically across multiple devices." https://www.cisco.com/c/en/us/products/security/what-is-a-worm.html
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel