CyberArk Defender – Endpoint Privilege Manager — Question 17

How does CyberArk EPM's Ransomware Protection feature monitor for Ransomware Attacks?

Answer options

• A. It compares known ransomware signatures retrieved from virus databases.
• B. It sandboxes the suspected ransomware and applies heuristics.
• C. It monitors for any unauthorized access to specified files.
• D. It performs a lookup of file signatures against VirusTotal's database.

Correct answer: C

Explanation

The correct answer is C because CyberArk EPM focuses on monitoring unauthorized access to specific files as a means of detecting potential ransomware activities. Options A and D rely on signature-based methods which may not identify new ransomware variants, while option B involves sandboxing, which is not the primary method used by CyberArk EPM for this feature.