The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
To quickly locate and remediate a device infected with malware, Information Technology Asset Management (ITAM) is the most effective option. ITAM involves maintaining an up-to-date inventory of all IT assets within an organization, including their locations and configurations. This allows the security team to quickly identify and locate the infected device based on its IP address or hostname, which facilitates timely remediation actions such as isolation and malware removal. Other options like Data Loss Protection, Intrusion Detection, and Vulnerability Scanners are useful for identifying threats and vulnerabilities but are not as effective in pinpointing the physical location of a specific infected device.
Selected D. The detection mechanism has already found out that a device has been infected which means it is too late for a vulnerability scanner. The tool that had detected the malware infection, would have given the hostname/IP address of that device. The question asks about the most effective way to "locate", if we plug in the hostname / IP address in the ITAM system, that would give the actual location (Geographical) location of that device and who to contact in case some boots on the ground is needed. Therefore ITAM is the right answer.
D is correct
In order to locate the asset we need a tool like ITAM
Answer is D. The rest don't make sense.
I do not understand why it is D. I do not hear any IT inventory system can detect the malware and fix it. Although it can easy to detect location of the device, how can it detect which device has the malware. It sounds does not make sense. I would choose C as the IDS can detect the attack of malware and display the source IP of the attack.
C is the answer
How scanning for weaknesses will help you locate and remediate the malware? The answer should Def be "D". If you have an up to date Inventory is should be easy to find the device and fix the issue.
Option D: Information Technology Asset Management (ITAM) can also play a role in enabling the infected device to be quickly located and remediated. ITAM involves tracking and managing the inventory of IT assets within an organization, including devices such as computers, servers, and network devices. By maintaining an up-to-date record of all devices, their locations, and configurations, ITAM can help identify the specific device that is infected with malware. Once the infected device is identified through ITAM, appropriate remediation actions can be taken, such as isolating the device, conducting a thorough scan for malware, applying patches or updates, or even physically removing and replacing the device if necessary. Therefore, both option B (Intrusion detection) and option D (ITAM) can be effective in quickly locating and remedying an infected device. The choice between them may depend on the specific capabilities and implementation of the organization's security infrastructure.
IDS is correct because we don't know which exact host is infected to find it via ITAM, also ITAM is not mentioned in the OSG.
ChatGPT and Copilot give two different answers, as I feel it is a B, Copilot states it is D, and ChatGPT states B
What a terrible question. Asset System? No, you don't.