Computer Hacking Forensic Investigator (CHFI v10) — Question 397

As a Computer Hacking Forensic Investigator, you are analyzing an intrusion incident in a corporate network. You discovered the traces of a fileless malware attack that utilized a memory exploit. The indicators suggest that the initial payload was delivered via a malicious Word document received through a phishing email. As part of the response and prevention plan, which among the following steps would be the most effective to disrupt the Infection Chain of the detected fileless malware?

Answer options

• A. Disabling the use of all scripting languages, such as JavaScript, in the corporate environment
• B. Patching the vulnerabilities in Flash and Java plugins in all browsers within the corporate network
• C. Implementing a strict policy on macros embedded in Office documents across the organization
• D. Replacing the currently used traditional antivirus solution with the latest signature-based IDS

Correct answer: C

Explanation

The correct answer is C because fileless malware often uses macros in documents to execute its payload, and a strict policy on macros can prevent such exploits. Options A and B address broader security concerns but do not specifically target the method of delivery for this type of malware. Option D, while important for security, does not directly mitigate the risk associated with macro-based malware attacks.