Exam CISM topic 1 question 557 discussion

My two cents. I like B. Signature based AV is all about detecting what's already been identified and used and...there's a signature to detect it. Just because you have a known threat, doesn't mean you have a signature for it. Good luck.

C is a no brainer.

Another rule for CISM (and CISSP for that matter): When you're presented with two fundamentally correct answers, go for a more comprehensive one (i.e. the one that includes the other). Sincerely, Cpt. Obvious :D

Threats is encompassing compared to just virus. C

C. known threats.

B is in C

Although the answer B us attractive, it is very particular to virus whereas there are different types of malwares like worms, trojans etc which would make the option C more suitable that covers all type of known threats rather than just virus category alone.

google, openai and claude all says C. so this is C.

C. known threats. Signature-based anti-malware controls are designed to detect and block known threats. These controls use a database of signatures or patterns associated with known malware to identify and block malicious files or code. When a file or code matches a signature in the database, the anti-malware software can take appropriate action, such as quarantining or deleting the file. Poorly configured firewall rules (A) and reused virus code (B) are not directly related to the effectiveness of signature-based anti-malware controls. Firewall rules are network-level controls that regulate incoming and outgoing traffic, while reused virus code refers to the practice of using existing malicious code in new malware. However, signature-based anti-malware controls can complement firewall rules and help detect and block malware, including instances of reused virus code.

Option B

threats can be DDOS too. how can AV protect against ddos

C .known threats .

C. known threats.

C. known threats.

Definitely C

Clearly, C.

It's known.