During an incident, an employee's web traffic was redirected to a malicious domain. The workstation was compromised, and the attacker was able to modify sensitive data from the company file server. Which of the following solutions would have BEST prevented the initial compromise from happening? (Choose two.)
To prevent the initial compromise described, two effective solutions would be DNSSEC and a Web Proxy. DNSSEC helps mitigate attacks by ensuring the authenticity and integrity of DNS responses, thus preventing web traffic from being redirected to malicious domains. A Web Proxy acts as an intermediary between the user and the internet, filtering and blocking requests to malicious websites based on predefined security policies. These measures collectively would have been effective in preventing the redirection of web traffic to a malicious domain and thereby avoiding the initial compromise.
At first I would have said BF because FIM could have helped stop the unauthorized modification of the data. However, then I noticed it said "initial compromise" so the data alteration isn't even part of what we are worried about for the answer. So the answer is DNSSEC to protect against hijacked DNS responses, thus sending you to a site that isn't really the site you meant to go to, or a web proxy to check for malicious domains you may visit.
DNSSEC ensures the integrity and authenticity of DNS responses by using digital signatures. It prevents DNS spoofing and cache poisoning attacks, which are commonly used to redirect users to malicious domains A web proxy acts as an intermediary between users and the internet, filtering and blocking access to malicious websites based on predefined policies and threat intelligence.
DNSSEC (A): DNSSEC helps prevent DNS spoofing and redirection attacks by providing authentication and integrity verification for DNS responses. By implementing DNSSEC, the organization can ensure that DNS responses are legitimate and have not been tampered with, thereby reducing the risk of employees' web traffic being redirected to malicious domains. Segmentation (C): Network segmentation involves dividing a network into smaller, isolated segments to restrict the lateral movement of attackers and contain the impact of potential breaches. By segmenting the network and implementing strict access controls, organizations can prevent attackers from easily moving from one part of the network to another. In this scenario, segmenting the network would have prevented the compromise of the workstation from directly impacting the file server, reducing the attacker's ability to modify sensitive data.
A. DNSSEC (Domain Name System Security Extensions) helps prevent DNS spoofing and cache poisoning attacks by ensuring the integrity and authenticity of DNS data. If DNSSEC had been implemented, it would have made it more difficult for the attacker to redirect the employee's web traffic to a malicious domain. C. Segmentation involves dividing a network into separate segments or VLANs and controlling traffic flow between them. Proper network segmentation can help contain and limit the spread of attacks. If the network had been properly segmented, it could have prevented the attacker from easily moving from the compromised workstation to the file server.
hah selected the wrong answer on my comment
The file server part is just fluff. The question states what would have prevented the "initial" compromise specifically. So what 2 options would have prevented the workstation from being compromised due to the traffice being redirected.
Going with DNSSEC and Proxy. If it was a WAF, I'd choose that. However, since a firewall only protects layer 3&4, and a proxy at layer 7, I'm going with proxy.