Exam CS0-002 topic 1 question 82 discussion

I chose D: A - IPS could prevent an intrusion, but this shows that it's going from internal to external. B - IDS does nothing to prevent intrusions, only detects. C - Overkill. You don't want to block ALL http traffic. D - The web proxy can make a more intelligent decision on if a site is malicious or not and can block accordingly. Proxies often can update automatically as well, so they can keep on top of potentially malicious locations.

Blocking all port 80 seems detrimental. There's many other ports too.... I feel you should add an IPS signature modification for the specific IP addresses/domains that the host is trying to beacon to. Any other takes? Am I missing something?

D is correct

D. This is the Best answer here, IPS and IDS are ingress and reactive, not a proactive approach.

Therefore, option D is the correct answer. A web proxy can be used to inspect and filter all web traffic, allowing the security team to block access to known malicious websites and to detect and block attempts to exfiltrate data from the organization. By implementing a web proxy, the organization can prevent similar suspicious activity from occurring in the future, and better protect its sensitive data.

there wasn't mention port 80

I agree with D. IPS - Intrusion (Ingress traffic) IDS - Intrusion (ingress traffic) The direction of this traffic is from an internal IP outbound. So it cannot be either of the above. Blocking port 80 blocks everyone and at all times (not just off hours and weekends)

I chose D It says internal IP to an external website, not external IP. I could just use a web proxy to restrict access

D makes more sense

A- An IPS signature modification for the specific IP addresses.

Im feeling D , you don't want to block only a specific website but all malicious websites , not sure though.

A is the BEST choice.

Blocking Port 80 makes no sense. Adding an IPS signature for that IP makes more sense.