A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?
A.
Implement a UTM instead of a stateful firewall and enable gateway antivirus.
B.
Back up the workstations to facilitate recovery and create a gold image.
C.
Establish a ransomware awareness program and implement secure and verifiable backups.
D.
Virtualize all the endpoints with daily snapshots of the virtual machines.
All of you are wrong. The answer is C. What if the ransomeware is transmitted through a plugged in USB? Can't be A. Many people in the discussions for these questions after 200 are wrong. Don't follow the sheep
An UTM can also include an IPS and endpoint protection, this would cover an USB stick attack and with the IPS prevent the same happening again.
Therefore I vote for A
While all the options may contribute to overall security, option C is the most comprehensive and directly addresses the prevention of ransomware incidents
C is correct. Users are a huge part of ransomeware launches. So User awareness is key. Backups that are verifiable and can actually be restored is the biggest part of recovering from a ransomeware attack.
C is correct. It's the only option that consist of a prevention and a recovery method. Employees can be trained to recognize and avoid potential threats, such as not clicking on suspicious links or attachments. Implementing secure and verifiable backups (preferably those in option B the gold image) also ensures that the company has a way to restore their data in the event of an attack. Option A does nothing for recovery if it fails to protect the systems. Option D is the polar opposite of A, it is great for recover but does nothing for prevention.
C is the best answer. I currently work in a SOC and we talk about ransomware quite often. Training and awareness is always the first thing to do. For example to pick up random USB's laying around and connect them to your computer.
Awareness training and having a good backup is the only way to recover from ransomware...or get yourself some good ole Bitcoin for payment to retrieve the keys (if you are Lucky)..for me, C is best
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheStudiousPeepz
Highly Voted 2 years, 11 months agoabsabs
2 years, 4 months agozhuzhu123
Most Recent 1 year, 7 months ago32d799a
1 year, 7 months ago2Fish
2 years, 3 months agoAaronS1990
2 years, 4 months agocatastrophie
2 years, 5 months agoCyberNoob404
2 years, 5 months agoanap2022
2 years, 8 months agoJimmycyber123
2 years, 8 months agojagoichi
2 years, 8 months agoMortG7
2 years, 8 months agoryanzou
2 years, 8 months agosh4dali
2 years, 9 months agoFastytop
2 years, 9 months agoAdonist
2 years, 10 months agoLaudy
2 years, 10 months agoforklord72
2 years, 8 months agomiabe
2 years, 11 months ago