A company’s Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company’s IT assets need to be protected. Which of the following are the MOST secure options to address these concerns? (Choose three.)
To prevent the company from being the target of ransomware, the most secure options are: Endpoint Detection and Response (EDR), Sandboxing, and Application Control. EDR provides continuous monitoring and real-time response capabilities to detect and mitigate ransomware and other threats at the endpoint level. Sandboxing isolates potentially malicious files and applications in a controlled environment to prevent them from affecting the rest of the system, effectively detecting and blocking ransomware before it can execute. Application control prevents unauthorized applications, including ransomware, from running by allowing only approved applications to execute, thus reducing the risk of ransomware infections substantially.
D. Application control: This restricts what applications are allowed to run on the system, making it harder for unauthorized or malicious software, including ransomware, to execute. H. Strong authentication: This adds an extra layer of security beyond just a password, making it more difficult for attackers to gain access to systems even if they breach initial defenses. B. EDR (Endpoint Detection and Response): This goes beyond traditional antivirus by continuously monitoring endpoints for suspicious activity, allowing for faster detection and response to potential ransomware attacks.
The most secure options to address concerns about ransomware are: B. EDR (Endpoint Detection and Response): EDR provides advanced threat detection and response capabilities, helping to identify and mitigate ransomware attacks in real-time. C. Sandboxing: Sandboxing isolates potentially malicious files and applications in a controlled environment, preventing them from affecting the rest of the system if they are ransomware. D. Application control: Application control prevents unauthorized applications from running, reducing the risk of ransomware being executed on the company's IT assets.
The most secure options to address these concerns are: B. EDR (Endpoint Detection and Response): EDR solutions provide continuous monitoring and real-time response capabilities to detect and mitigate ransomware and other threats at the endpoint level. D. Application control: Application control helps prevent unauthorized applications, including ransomware, from executing on endpoints by allowing only approved applications to run. G. NGFW (Next-Generation Firewall): NGFWs offer advanced threat detection and prevention capabilities, including the ability to identify and block ransomware traffic based on behavior and signatures.
correction B,D,G
B. EDR (Endpoint Detection and Response): EDR solutions provide real-time monitoring and analysis of endpoint activities. They can detect, investigate, and respond to suspicious activities, including ransomware, before it can cause significant damage. D. Application control: Application control ensures that only whitelisted applications can run on the network. This prevents unauthorized or malicious software, including ransomware, from executing, thereby reducing the risk of infection. H. Strong authentication: Strong authentication, such as multi-factor authentication (MFA), prevents unauthorized access to systems and data. This reduces the likelihood of ransomware spreading through compromised credentials.
B. EDR (Endpoint Detection and Response): EDR solutions provide comprehensive visibility and response capabilities for endpoints. They can detect and respond to ransomware attacks in real-time, preventing the spread and mitigating damage. C. Sandboxing: Sandboxing can analyze suspicious files and executables in a controlled environment. This helps in detecting and blocking ransomware before it can execute on the network. D. Application control: Application control can prevent unauthorized applications, including ransomware, from executing. By allowing only whitelisted applications to run, it significantly reduces the risk of ransomware infections.
EDR - you have to have something on the endpoint. EDR > AV Sandboxing - to check executables for zero days, this would be implemented on your NGFW or UTM Application control - this one is actually most secure but most pain to manage. Allow only apps that are approved the other options Antivirus < EDR Host based firewall will prevent less than the options above IDS - HIDS would help but less than the options above NGFW - unless paired with sandboxing might not be able to detect zero days Authentication can be bypassed by priv escalations or exploits
correct answer is B,D,C