CompTIA CASP+ (CAS-004) — Question 350

A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

alert tcp any any -> SHOME_NET 3389 (flow:to_server,established; content:"MS_T120|00|"; fasc_pattern:only)

Which of the following should the analyst recommend to mitigate this type of vulnerability?

Answer options

• A. IPSec rules
• B. OS patching
• C. Two-factor authentication
• D. TCP wrappers

Correct answer: B

Explanation

The correct answer is B, OS patching, as it directly addresses vulnerabilities in the operating system that may be exploited through the identified rule. The other options, while useful for enhancing security, do not specifically mitigate vulnerabilities associated with the software flaws that OS patching would resolve.