You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact command-and-control server.
Which Security Profile, when applied to outbound Security policy rules, detects and prevents this threat from establishing a command-and-control connection?
The Anti-Spyware Profile is designed to detect and prevent communications between infected hosts and command-and-control servers. This profile specifically targets and blocks spyware activities, including attempts by compromised hosts to contact external command-and-control (C2) servers, which is the issue described in the question.
"Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers"
A: Anti-spyware does C2 traffic blocking.
"Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers"
why not antivirus ?
correct
Anti-Spyware Profile
A is correct