Exam SY0-601 topic 1 question 267 discussion

On what planet does encrypting an enemy flash drive do anything for your company's security?

The best defense against the scenario described is implementing application execution in a sandbox for unknown software. A sandbox is a controlled environment in which an application can be executed and observed without affecting the rest of the system. This allows the application to be run safely, even if it is unknown or potentially malicious. If the application is found to be malicious, it can be terminated without damaging the rest of the system. Configuring signature-based antivirus to update every 30 minutes can help protect against known malware, but it will not protect against custom malware that has not yet been detected. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion can help protect against unauthorized access to sensitive data, but it will not protect against malware that is installed on a system. Fuzzing new files for vulnerabilities can help identify potential weaknesses in software, but it will not protect against malware that is already installed on a system

Sandbox. Too bad "non-persistent Sandbox VM in the PurpleVLAN" isn't a valid answer. There was (might still be) a Linux Distribution that auto-sandboxed any external device/file/filesystem.

B- because your emails will then be safe and usb drives will get encrypted and become unusable exactly like your pcs getting unusable after your drive/files get encrypted and become unusable, AKA Ransomware attack. Not C because it only works against "unknown software", what about an excel sheet with macros enabled, a pdf file hiding a malicious code etc?

GPT: A

Implementing application execution in a sandbox for unknown software is the best defense against custom malware being delivered via email or USB sticks. A sandbox is a controlled environment that isolates and runs unknown or potentially malicious software in a safe manner. By running potentially dangerous files in a sandbox, the organization can analyze their behavior and actions without risking the actual system's security.

The BEST defense against this scenario would be to implement application execution in a sandbox for unknown software. A sandbox is a security mechanism that separates running programs and restricts their access to system resources. This can help prevent custom malware from causing harm to the organization’s systems.

Ancer C makes total sense. Any unknown application gets sent to a sandbox which is a safe area for investigating malware and the like. On a side note, encrypting mail and usb data does nothing for system protection.

Ok, I get that C is the closest answer to the question. However, this is the worst question I've yet to come across. For starters, why would anyone pick up a USB stick they found in the parking lot, then put it in a work computer and proceed to run whatever code was installed on it. Secondly, if someone was capable of doing something like that, do you think they would have the mindset to only run it in a sandbox environment? The same thing goes for anyone that would execute code by clicking on an email attachment.

answer:c quizlet says it's C Implementing application execution in a sandbox for unknown software

B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion is the best defense against this scenario. S/MIME is an email encryption standard that adds digital signatures to emails, ensuring that only verified parties can read the communications. Additionally, automatically encrypting USB drives upon insertion ensures that any data stored on the drive is secure and inaccessible to unauthorized individuals.

whats the point in encrypting data .. so C

B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion In the described scenario, the best defense is to enforce S/MIME for email and automatically encrypt USB drives upon insertion. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and digital signatures for email. This helps to ensure that the email is encrypted end-to-end, making it more difficult for attackers to intercept and read sensitive information. Automatically encrypting USB drives upon insertion helps to ensure that the data on the drive is protected in case it is lost or stolen. This way, even if the attacker is able to copy the malware to the drive, it will be encrypted and unreadable, reducing the risk of a successful attack.

just dont understand how can it be C sandoboxing . it has nothing to do with USB ?

It's B because why would we encrypt malware? The goal of encryption is to protect data by preventing it from being accessed by unauthorized users. Sandboxing is used to isolate software suspected to be malicious. So it's B

Going with C . Encrypting malware will not protect the system, it'll just protect the malware itself. A sandbox environment will ensure malware does not get into the real system.

Unless I haven't heard of this method, how s/MIME and encrypting usb sticks protects agaianst malware? If it's custom malware, antivirus won;t help. Most probably C, sandbox, but then I am not sure how a sandbox, even though I am nots sure how it works, is this a software on every machine that can be installed and triggeres the snadbox automatically, is it a separate isolated system? Someone with knowledge would be of great help. If it's a separate sysytem it doesn't nake any sense in this question as an answer.