Exam SY0-701 topic 1 question 65 discussion

Updating the Endpoint Detection and Response (EDR) policies to block the automatic execution of downloaded programs helps to mitigate the risk by preventing malicious software from running even if a user clicks on a phishing link. This technical control directly addresses the potential consequences of a phishing attack by stopping harmful actions from taking place after the initial click, thus reducing the overall impact of the phishing campaign. While raising awareness (option A), implementing email security filters (option B), and creating additional training (option D) are all valuable preventive measures, they do not directly reduce the impact after a phishing link is clicked.

C is the only one that that can actually be controlled by the analyst.. You can train as much as you want but that doesn't mean people listen... Source: all of us here using an exam dump after watching Messers course :)

They are talking about analyst So it'll be EDR

C because Question is about when a user clicks on a link in a phishing message

By implementing advanced email security filters, the organization can significantly reduce the likelihood of phishing emails reaching employees in the first place.

Blocking automatic execution does not block all Phishing emails. Some Phishing emails try to redirect you or get you to contact a bad actor. This action is more focused on malware prevention, not necessarily Phishing attempts.

C. Update the EDR policies to block automatic execution of downloaded programs. While raising awareness, implementing email filters, and providing additional training are important measures, updating Endpoint Detection and Response (EDR) policies to block the automatic execution of downloaded programs directly addresses the issue of reducing the impact when a user clicks on a phishing link. This approach helps prevent malicious software from being executed on the user's system, thus mitigating potential harm. Therefore, the correct answer is: C. Update the EDR policies to block automatic execution of downloaded programs.

I think the best option is B. C. Phishing doesn't always come with executable files. It can redirect users to malicious pages which clones legitimate sites too when clicked on phishing links. D. This is an option too. But no matter how many trainings the organizations give to employees, they still fall for phishing emails

"reduce the impact when a user *clicks* on a link" read carefully, C is the only one that makes sense for someone who has already clicked a link.

We can rule out: - C. Update the EDR policies to block automatic execution of downloaded programs. Given that the phishing link could lead to a serverless execution, which doesn't rely on downloading and executing a program on the user's machine, this answer would not fully address the risk. Or what if the link is a scam? Login details are still entered, so the impact when a user clicks on a link in a phishing message is still there. - A (Posters) and D (Training) focus on awareness and education, which are crucial for reducing click-through rates over time but do not directly prevent or mitigate the technical impact of a user clicking on a phishing link. So B is in my opinion the best answer.

"...wants to reduce the impact when a user clicks on a link in a phishing message..."

Phishing is more of social engineering attack and most times does not involve download or running of malicious applications on the user system. More awareness is what is required to secure users against this kind of attacks

Implementing EDR policy updates directly addresses the risk posed by phishing attacks by stopping malicious code from executing, thereby reducing the potential impact of users clicking on phishing links.

Wants to reduce impact AFTER clinking the link. C is the only one that, B is preventive and happens before the user can even click the email

Options A, B, and D represent proactive measures designed to mitigate the risk of exposure to phishing emails or clicking on their links. However, should a phishing email evade our security measures and be clicked by an employee, it becomes imperative to prevent any downloaded files from executing. Updating Endpoint Detection and Response (EDR) policies to block the automatic execution of downloaded programs would effectively thwart the attack.

If the question is "when the user clicks the link" the only right answer should be C. Everything else would not help after the user already clicked the link.

Personally I would choose D, however even with training users are still clicking on phishing attempts. We would need an EDR policy to add to our security posture, remembering the idea of Security in Depth. We can't rely on one security strategy. I am going with C on this one.