A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
Answer: Encrypt the disk on the storage device.
Encrypting the disk on the drive could work because if the files on the storage drive is encrypted that means the data will be in a format that can't be used by other devices anyway.
The PC is in a corporate environment so they're likely using Active Directory where they can implement a GPO to encrypt removable drives when plugged in to a PC using BitLocker.
Just to note, I don't think "A" is wrong because I'm pretty sure windows has that AutoPlay function where you could automatically run certain files or even install software when something plugged in but I'm pretty sure it's not a default setting sort of thing.
Anyway, this is the last question in the review for me and I'm scheduled to take my test in a few days so good luck to you guys and wish me luck :)
There is no need to complicate it. The question is simple! You are asked to protect the PC from the storage device, not the opposite. Option A is the correct answer!
Good luck man. Though, you've already taken it by this point. Just wanted to say how grateful I am that you leave such detailed posts. You and Stoneface are my heros. Gonna be testing tomorrow, really relying on both of you guys. Thank you for what you've done here.
I'm sorry, but encrypting the device does NOTHING to stop the activation of any malicious code on the device. Note the question states "A new plug and play device was installed..." It's already connected, and the instant it made contact, any malicious code would execute before the encryption could complete.
All encryption does is prevent the data from being read/accessed AFTER REMOVAL.
Per ChatGPT
Encrypting the disk on the storage device helps protect the PC from malicious files by rendering them unreadable and inaccessible to unauthorized individuals or software. Encryption uses a mathematical algorithm to scramble data into an encrypted form, which can only be deciphered with the correct encryption key. This makes it much more difficult for malicious files to execute or compromise the PC, as the encrypted data cannot be read without the proper key. Changing the default setting on the PC or defining firewall rules may offer some protection, but encryption provides a more comprehensive solution for securing the data stored on the device. Plugging the storage device into a UPS does not directly help to protect the PC from malicious files.
ChatGPT4 answered with A, here's what it said about encrypting the drive:
Encrypt the disk on the storage device: Encrypting the disk would protect the confidentiality of the data on the storage device by ensuring that unauthorized individuals cannot access the data. However, it does not protect the PC from malicious files on the device, as encryption guards against unauthorized access to data rather than preventing the execution of malicious code.
That's not at all how this works. You can encrypt a file or folder or partition, internal or external, and still have access to what you encrypted, including a newly inserted USB thumb drive. It's the same key!
A
Change default settings refers to disabling autorun.
What is encryption going to prevent in this scenario? Case in point, enable BitLocker or FileVault on your OS drive and then plug a USB flash drive into the computer.
Can the USB drive communicate with the encrypted OS drive? Yes.
Can they see each other's files? Yes.
So what does this prevent? Nothing.
Encryption would be great if someone were to remove the drive from your computer and try to read the data off of it. But when you're actively using the computer, the drive is UNLOCKED.
I just tried the encryption thing with an executable on my makeshift evil drive. Guess what? The USB drive was encrypted but the executable ran, no problemo! C: is definitely a wrong answer.
Encrypting the disk on the storage device directly targets the data stored on the device, making it inaccessible without proper decryption. Even though the USB is new, it may still contain malicious files that need to be removed before the USB is safe.
Guys, PLEASE FOCUS! the question asks what is the best safeguard to protect the PC from the storage device, not the opposite.
Option A protects the PC. Modifying the default settings on the PC which includes enabling auto-scanning of connected devices before use and preventing unauthorized software execution; can protect from malicious files on storage devices.
Option B is incorrect. Firewalls control network traffic, they don't directly protect against malicious files.
Option C is incorrect! FDE protects data on the storage device from unauthorized use, but we want to protect the PC from malicious files, not the storage device.
Option D is irrelevant, it's related to protection against power outages.
The safeguard that will BEST help protect the PC from malicious files on the storage device is:
C. Encrypt the disk on the storage device.
Encrypting the disk on the storage device ensures that even if malicious files are present on the device, they will be unreadable without the proper decryption key. This adds an additional layer of security to protect the data on the storage device, especially in the event that the device is lost or stolen.
Changing the default settings on the PC (option A) and defining firewall rules to limit access (option B) may help improve the overall security posture of the PC, but they do not specifically address the risk of malicious files on the storage device.
Plugging the storage device into the UPS (option D) provides power backup but does not directly protect the PC from malicious files on the storage device.
The safeguard that will BEST help to protect the PC from malicious files on the storage device is:
C. Encrypt the disk on the storage device.
Encrypting the disk on the storage device ensures that even if malicious files are present on the device, they cannot be accessed or executed without the encryption key. This provides an additional layer of security to protect the PC and its data from potential threats posed by malicious files on the storage device. Changing the default settings on the PC (option A), defining firewall rules (option B), and plugging the storage device into the UPS (option D) may offer some level of protection, but they do not directly address the threat of malicious files on the storage device as effectively as encrypting the disk.
For starters: B & D will have no effect: B is only good for NICs and D is ridiculous.
C will not prevent malicious files from running.
If you encrypt it, you first must plug it in. If the malware exploits autorun, you're infected before you can have a chance to encrypt it. [FAIL]
If it's already encrypted by that machine (same key), any malware added to the USB storage devices will become available as will every other file. [FAIL]
A: This can be effective depending on which settings are changed. For example, disabling autorun/autoplay for external devices can help prevent the automatic execution of potentially malicious software from a plugged-in storage device. Adjusting settings to enhance security can provide a broad defense against various threats, not just those from external devices.
No doubt, the answer is A
C only makes sense if you ignore the first half of the question. The device is already installed on the PC. Therefore encryption would only help prevent malware from spreading if it was plugged into subsequent PCs.
C- Encrypt. Why? Because anything malicious will take. The only way to protect the data which is always the goal is to encrypt. Encryption protects data at rest, data in transit, or data in use. Encryption is the process of converting ordinary information (plaintext) into an
unintelligible form (ciphertext), making it unreadable.
Disabling autorun by changing the default settings just means it wont run automatically. The person who plugged can run it manually.
Definitely A: Change those BIOS settings to disable USB drives!
B: only works with NICs
C: will have zero effect on plugging in an evil USB device (real life experience)
D: is just a silly answer
Answer: Define the PC firewall rules to limit access.
This option will help to block unauthorize or malicious connections from the storage device to the PC or the network. It will also prevent the storage device from accessing sensitive or restricted resources on the PC or the network.
I've never seen an endpoint/PC firewall (like Windows Defender) allow you to create rules for drives and I've used several over the years. So B is out, for sure.
What if it's malicious and doesn't require command and control? There would be no connections. A logic bomb could delete important files at the end of every work day.
Answer A. Change the default settings on the PC..
Encryption protects data confidentiality but doesn't prevent malware from running if it's already on the device.
User
i will go with option A, changing default settings such as opening the external media immediately after connecting it to blocking access and any kind of permissions (mainly of execution) for any external media
Answer A. The setting would be set so it prompt the user if the storage device would be allowed access as to immediately gain access. Keyword is plug and play.
Encryption only applies when offline.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rodwave
Highly Voted 2 years, 8 months agoAbdullahMohammad251
1 year, 2 months agoSOK_I
2 years, 8 months agoIT__noob
1 year, 11 months agoVHuckle
2 years, 6 months agoCalvin616
2 years, 5 months agoBD69
1 year, 4 months agoBD69
1 year, 5 months agoJakeBusey
Highly Voted 2 years, 8 months agoBD69
1 year, 5 months agoAbdul2107
1 year, 11 months agoMALEKMALAHI
Most Recent 1 year agoAbdullahMohammad251
1 year, 2 months agoc56e966
1 year, 2 months agoFart2023
1 year, 3 months agoAspiringNerd
1 year, 3 months agoBD69
1 year, 4 months agops1hacker
1 year, 5 months ago_deleteme_
1 year, 5 months agoBD69
1 year, 5 months agoklinkklonk
1 year, 6 months agojohnabayot
1 year, 6 months agoBD69
1 year, 5 months agoklinkklonk
1 year, 6 months agoshaneo007
1 year, 6 months agoTheExile
1 year, 7 months agoTeleco0997
1 year, 8 months agoAgent101257
1 year, 8 months ago