CompTIA CySA+ (CS0-002) — Question 153

A security analyst working in the SOC recently discovered instances in which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in this situation?

Answer options

• A. Implement an IPS signature for the malware and update the deny list for the associated domains and IPs
• B. Implement an IPS signature for the malware and another signature request to block all the associated domains and IPs
• C. Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains
• D. Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the origin IPs' subnets and second-level domains

Correct answer: A

Explanation

Implementing an IPS signature for the malware and updating the deny list for the associated domains and IPs is effective in quickly mitigating the threat and preventing future infections. Options B, C, and D involve additional complexity or less immediate action, which may not be as effective in addressing the current malware issue as updating the deny list and IPS signature.