CBRCOR Exam QuestionsBrowse all questions from this exam
Go to Exam

CBRCOR Exam - Question 98

A threat actor has crafted and sent a spear-phishing email with what appears to be a trustworthy link to the site of a conference that an employee recently attended. The employee clicked the link and was redirected to a malicious site through which the employee downloaded a PDF attachment infected with ransomware. The employee opened the attachment, which exploited vulnerabilities on the desktop. The ransomware is now installed and is calling back to its command and control server. Which security solution is needed at this stage to mitigate the attack?

Show Answer
Correct Answer: C

An endpoint security solution is necessary at this stage to mitigate the attack because the ransomware is already installed on the employee's desktop. Endpoint security tools can detect and block malicious activity, quarantine the ransomware, and prevent it from further encrypting files or communicating with its command and control server. This type of solution is specifically designed to handle threats that have already infiltrated a device, making it the most appropriate choice in this scenario.

Discussion

6 comments
Sign in to comment
DrVoIP
Feb 18, 2023

C - End point Security solution - ChatGPT

jaciro11Option: D
Aug 31, 2022

For me would be EndPoint at this point what can I do when the computer is infected if I want to mitigate I would need to use endpoint security, sure I can kill the command and control with Network security but that dont will mitigate the device infected with the Ransomware itself. For me EndPoint Security Solution

ETSec
Jan 21, 2023

So answer C ;-)

ETSecOption: C
Jan 21, 2023

C. endpoint security solution Once the malware has been downloaded and executed on the endpoint, an endpoint security solution is needed to mitigate the attack. This type of solution can detect and prevent malicious activity on the endpoint, such as the encryption of files by ransomware. It may also be able to contain or remove the malware, and prevent further communication with the command and control server.

bpetro_12
May 20, 2024

keywords are, "mitigate the attack"

TrainingTeamOption: C
Oct 21, 2024

At this stage of a ransomware attack, where the ransomware is installed and calling back to its command and control server, an endpoint security solution is needed to mitigate the attack. Endpoint security solutions can detect and respond to threats at the device level, isolate infected machines, and prevent the spread of ransomware within the network4.

27ea763Option: D
Jan 23, 2025

I would go with Network Security, because the endpoint is already compromised.