Exam SY0-501 topic 1 question 922 discussion

Fire Joe and Ann. No more questigons

keywords : protect B will prevent , stop , block if we talking with IPS C answer will just detect will not prevent or protect

Implement a heuristic behavior detection solution.

C--EXAM TIP Heuristic scanning is a method of detecting potentially malicious or “virus-like” behavior by examining what a program or section of code does. Anything that is “suspicious” or potentially “malicious” is closely examined to determine whether or not it is a threat to the system. Using heuristic scanning, an antivirus product attempts to identify new viruses or heavily modified versions of existing viruses before they can damage your system.

C. Implement a heuristic behavior-detection solution. Most Voted heuristic behavior detects unknowns virus

Heuristic analysis is also one of the few methods capable of combating polymorphic viruses -- the term for malicious code that constantly changes and adapts. Heuristic analysis is incorporated into advanced security solutions offered by companies like Kaspersky Labs to detect new threats before they cause harm, without the need for a specific signature.

The question says that the protective measures failed to stop the virus, here, the protective measures were not mentioned and could have been IDS/IPS. Again, the fact that the virus has continuously evaded detection means that there is a detection system in place, perhaps an IDS. This is where a heuristic behavior-detection becomes necessary because it makes use of AI to monitor strange behaviors. I would go for C.

B seems correct because it has IDS and IPS. We are trying to DETECT because the question says it has continued to evade detection. To detect, IDS makes sense.

i feel like this would be B becuase cant you include Heuristic based detection system in an IDS solution. In which case option B would include option C and would be the better answer since it has more options for protection

… and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment …? So it continues to avoid detection (IDS) and the administrator was to protect (IPS). The other argument is if it is avoiding detection then C with a follow-up to prevent it from continuing to happen. IMO answer B sounds stronger, but this seems like it could be a toss-up. Sticking with B because it satisfies both issues, detect and protect.

"The protective measures failed to stop this virus." The question doesn't specify the type of protective measures implemented. Maybe the security measures implemented did not include IDS/IPS. So, I would go with B.

Concurring with SQLinjector - focusing on the keywords "protect the environment" leaves B over C IMO. Wouldn't Inline IPS trump heuristic detection in terms of actually blocking malicious packets from Joe's WS (or other infected workstations) to the SAN?

way not C?