ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 235 discussion

Actual exam question from CompTIA's CS0-002
Question #: 235
Topic #: 1
[All CS0-002 Questions]

The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router. The company currently uses the same device mentioned in the threat report. Which of the following configuration changes would BEST improve the organization's security posture?

  • A. Implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability.
  • B. Implement an IDS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability.
  • C. Implement an IPS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability.
  • D. Implement an IDS rule that contains content for the malware variant and patch the routers to protect against the vulnerability
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Comptia_Secret_Service at Dec. 8, 2022, 2:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Comptia_Secret_Service
Highly Voted 2 years, 4 months ago
Selected Answer: A
A is right.
upvoted 5 times
...
AaronS1990
Most Recent 2 years, 1 month ago
Selected Answer: A
A seems the better choice as you'd expect an APT to work around simpy having their IP adresses blocked
upvoted 3 times
2Fish
2 years, 1 month ago
Agreed. implementing an IPS rule that includes content for the malware variant, the organization can prevent malicious traffic from reaching the routers. Additionally, patching the routers to protect against the vulnerability will further reduce the risk of compromise.
upvoted 1 times
...
...
bob12356
2 years, 4 months ago
Selected Answer: C
I'm going with C. To protect against this threat, the organization should implement an IPS rule that contains the IP addresses associated with the APT. This will allow the IPS to detect and block any traffic from these IP addresses, preventing the APT from accessing the network. Additionally, the organization should patch the routers to fix the vulnerability that the APT is exploiting. This will prevent the APT from being able to gain access to the routers even if they manage to bypass the IPS.
upvoted 3 times
forest111
2 years, 4 months ago
what if IPs will change? A is more universal choice
upvoted 4 times
bob12356
2 years, 4 months ago
After reviewing, I agree. Changing this to A
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago