A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
Changing the default settings on the PC, such as disabling autorun, is the best safeguard to protect the PC from malicious files on a newly installed plug-and-play storage device. Disabling autorun prevents any malicious files from automatically executing when the device is connected. This directly addresses the threat posed by malicious files on the storage device, unlike other options that either do not prevent execution of malicious files or are irrelevant to the threat.
Answer: Encrypt the disk on the storage device. Encrypting the disk on the drive could work because if the files on the storage drive is encrypted that means the data will be in a format that can't be used by other devices anyway. The PC is in a corporate environment so they're likely using Active Directory where they can implement a GPO to encrypt removable drives when plugged in to a PC using BitLocker. Just to note, I don't think "A" is wrong because I'm pretty sure windows has that AutoPlay function where you could automatically run certain files or even install software when something plugged in but I'm pretty sure it's not a default setting sort of thing. Anyway, this is the last question in the review for me and I'm scheduled to take my test in a few days so good luck to you guys and wish me luck :)
Good luck man. Though, you've already taken it by this point. Just wanted to say how grateful I am that you leave such detailed posts. You and Stoneface are my heros. Gonna be testing tomorrow, really relying on both of you guys. Thank you for what you've done here.
How did you do?
I'm sorry, but encrypting the device does NOTHING to stop the activation of any malicious code on the device. Note the question states "A new plug and play device was installed..." It's already connected, and the instant it made contact, any malicious code would execute before the encryption could complete. All encryption does is prevent the data from being read/accessed AFTER REMOVAL.
Per ChatGPT Encrypting the disk on the storage device helps protect the PC from malicious files by rendering them unreadable and inaccessible to unauthorized individuals or software. Encryption uses a mathematical algorithm to scramble data into an encrypted form, which can only be deciphered with the correct encryption key. This makes it much more difficult for malicious files to execute or compromise the PC, as the encrypted data cannot be read without the proper key. Changing the default setting on the PC or defining firewall rules may offer some protection, but encryption provides a more comprehensive solution for securing the data stored on the device. Plugging the storage device into a UPS does not directly help to protect the PC from malicious files.
That's not at all how this works. You can encrypt a file or folder or partition, internal or external, and still have access to what you encrypted, including a newly inserted USB thumb drive. It's the same key!
ChatGPT4 answered with A, here's what it said about encrypting the drive: Encrypt the disk on the storage device: Encrypting the disk would protect the confidentiality of the data on the storage device by ensuring that unauthorized individuals cannot access the data. However, it does not protect the PC from malicious files on the device, as encryption guards against unauthorized access to data rather than preventing the execution of malicious code.
There is no need to complicate it. The question is simple! You are asked to protect the PC from the storage device, not the opposite. Option A is the correct answer!
A Change default settings refers to disabling autorun. What is encryption going to prevent in this scenario? Case in point, enable BitLocker or FileVault on your OS drive and then plug a USB flash drive into the computer. Can the USB drive communicate with the encrypted OS drive? Yes. Can they see each other's files? Yes. So what does this prevent? Nothing. Encryption would be great if someone were to remove the drive from your computer and try to read the data off of it. But when you're actively using the computer, the drive is UNLOCKED.
You're right.
I just tried the encryption thing with an executable on my makeshift evil drive. Guess what? The USB drive was encrypted but the executable ran, no problemo! C: is definitely a wrong answer.
Let's not overthink this. We associate encrypting the disk with protecting data. The answer is to change the settings on the PC.
Answer A. Change the default settings on the PC.. Encryption protects data confidentiality but doesn't prevent malware from running if it's already on the device.
Configure the firewall rule set to block execution of files and scripts without user permission.
Guys, PLEASE FOCUS! the question asks what is the best safeguard to protect the PC from the storage device, not the opposite. Option A protects the PC. Modifying the default settings on the PC which includes enabling auto-scanning of connected devices before use and preventing unauthorized software execution; can protect from malicious files on storage devices. Option B is incorrect. Firewalls control network traffic, they don't directly protect against malicious files. Option C is incorrect! FDE protects data on the storage device from unauthorized use, but we want to protect the PC from malicious files, not the storage device. Option D is irrelevant, it's related to protection against power outages.
C only makes sense if you ignore the first half of the question. The device is already installed on the PC. Therefore encryption would only help prevent malware from spreading if it was plugged into subsequent PCs.
Answer: Define the PC firewall rules to limit access. This option will help to block unauthorize or malicious connections from the storage device to the PC or the network. It will also prevent the storage device from accessing sensitive or restricted resources on the PC or the network.
What if it's malicious and doesn't require command and control? There would be no connections. A logic bomb could delete important files at the end of every work day.
I've never seen an endpoint/PC firewall (like Windows Defender) allow you to create rules for drives and I've used several over the years. So B is out, for sure.
Encrypting the disk on the storage device directly targets the data stored on the device, making it inaccessible without proper decryption. Even though the USB is new, it may still contain malicious files that need to be removed before the USB is safe.
The safeguard that will BEST help protect the PC from malicious files on the storage device is: C. Encrypt the disk on the storage device. Encrypting the disk on the storage device ensures that even if malicious files are present on the device, they will be unreadable without the proper decryption key. This adds an additional layer of security to protect the data on the storage device, especially in the event that the device is lost or stolen. Changing the default settings on the PC (option A) and defining firewall rules to limit access (option B) may help improve the overall security posture of the PC, but they do not specifically address the risk of malicious files on the storage device. Plugging the storage device into the UPS (option D) provides power backup but does not directly protect the PC from malicious files on the storage device.
Anyone choosing C has no idea of what they are talking about.
The safeguard that will BEST help to protect the PC from malicious files on the storage device is: C. Encrypt the disk on the storage device. Encrypting the disk on the storage device ensures that even if malicious files are present on the device, they cannot be accessed or executed without the encryption key. This provides an additional layer of security to protect the PC and its data from potential threats posed by malicious files on the storage device. Changing the default settings on the PC (option A), defining firewall rules (option B), and plugging the storage device into the UPS (option D) may offer some level of protection, but they do not directly address the threat of malicious files on the storage device as effectively as encrypting the disk.
For starters: B & D will have no effect: B is only good for NICs and D is ridiculous. C will not prevent malicious files from running. If you encrypt it, you first must plug it in. If the malware exploits autorun, you're infected before you can have a chance to encrypt it. [FAIL] If it's already encrypted by that machine (same key), any malware added to the USB storage devices will become available as will every other file. [FAIL] A: This can be effective depending on which settings are changed. For example, disabling autorun/autoplay for external devices can help prevent the automatic execution of potentially malicious software from a plugged-in storage device. Adjusting settings to enhance security can provide a broad defense against various threats, not just those from external devices. No doubt, the answer is A
C- Encrypt. Why? Because anything malicious will take. The only way to protect the data which is always the goal is to encrypt. Encryption protects data at rest, data in transit, or data in use. Encryption is the process of converting ordinary information (plaintext) into an unintelligible form (ciphertext), making it unreadable. Disabling autorun by changing the default settings just means it wont run automatically. The person who plugged can run it manually.
Definitely A: Change those BIOS settings to disable USB drives! B: only works with NICs C: will have zero effect on plugging in an evil USB device (real life experience) D: is just a silly answer
User i will go with option A, changing default settings such as opening the external media immediately after connecting it to blocking access and any kind of permissions (mainly of execution) for any external media
Answer A. The setting would be set so it prompt the user if the storage device would be allowed access as to immediately gain access. Keyword is plug and play. Encryption only applies when offline.