A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
To mitigate future Endpoint attacks, hardening the client image before deployment is the most reasonable approach. This involves configuring the system to meet security best practices, removing or disabling unnecessary software or services, and implementing appropriate security controls. By doing so, the attack surface of each endpoint is significantly reduced, making it more difficult for attackers to exploit vulnerabilities. This preventive measure addresses the core security posture of the organization’s endpoints, thus diminishing the likelihood of future attacks.
I'm leaning more towards B than C.
B is correct
B makes more sense
Why wouldn't hardening the client image be more desired? Harden the client image before deployment is the most reasonable approach to mitigating future Endpoint attacks. Hardening the client image involves removing or disabling any unnecessary software or services, configuring the system to meet security best practices, and implementing appropriate security controls. By removing or disabling unnecessary software or services, the attack surface of the system is reduced, making it more difficult for attackers to exploit vulnerabilities in the system.
The most reasonable approach to mitigate future Endpoint attacks would be to harden the client image before deployment. This means ensuring that the endpoint devices are properly configured, patched, and updated to reduce vulnerabilities that can be exploited by attackers. This approach would help to prevent future attacks and improve the overall security posture of the organization. The other options listed can also be helpful in improving security, but hardening the client image is the best first step to take in this scenario.
B it is
I was struggeling between B and C. Because B is general preventive against various misconfiguration and C is a mitigation to specific threads (which may or may not a configuration issue) I choose C. C also covers common vulnerability scanning and so on.
Answer B) B will make the attack surface footprint smaller. Both C and D are essentially the same (one looks for and the other blocks...but in both case you have to know exactly what you are looking for and this will not help at all with ZERO DAY exploits).
could be corrected C, restricting compliance and security policies that reduce the attack surface of endpoints
My heart tells me B
B looks right
screening for harmful exploits of client-side services before implementation (option C) is also an important approach to mitigate future Endpoint attacks. Screening for harmful exploits involves assessing and evaluating client-side services and their potential vulnerabilities before they are implemented in the network. By conducting security assessments and testing for known vulnerabilities or exploits, organizations can identify and address potential risks and weaknesses in client-side services. This proactive approach helps prevent the introduction of vulnerable software or services that could be targeted by attackers. Both options B (hardening the client image) and C (screening for harmful exploits) are important steps to enhance the security of endpoints and mitigate the risk of future attacks. These measures should be implemented in combination to establish a robust defense against Endpoint attacks.
It''s between B and C. I'm going with C because it seems more managerial. Hardening the endpoint seems more technical
Also want to note that although the image is hardened, that doesn't mean it is fully protected from all endpoint attacks. At least after screening, you will know all the possible attacks before deployment. These screen attacks can determine necessary endpoint configurations.IMO
Would go with C. Question is on security and ask REASONABLY, so which option aligns more towards how a security reaction would be? Hardening is part and parcel but will it really stop attacks? Rem TOCTOU concept. Screening action has more biased towards Security aspect although also susceptible to TOCTOU. Try not to over think between the 2.
I chose C as all other options are targeting specific cause of attack. Question does not mention the reason of attack.
I can't even figure out what the question has to do with the answers...