CompTIA CySA+ (CS0-002) — Question 91

The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router. The company currently uses the same device mentioned in the threat report. Which of the following configuration changes would BEST improve the organization's security posture?

Answer options

• A. Implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability.
• B. Implement an IDS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability.
• C. Implement an IPS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability.
• D. Implement an IDS rule that contains content for the malware variant and patch the routers to protect against the vulnerability

Correct answer: A

Explanation

The correct answer is A because implementing an IPS rule with content specific to the malware variant allows for proactive blocking of the threat, while patching the routers addresses the vulnerability being exploited. Options B and D involve IDS rules, which are primarily for detection rather than prevention, making them less effective in this scenario. Option C incorrectly focuses on IP addresses rather than the malware's content, which is crucial for effective threat mitigation.