A new variant of malware is spreading on the company network using TCP/443 to contact its command-and-control server. The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance. Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

Questions › Category: CS0-002 › A new variant of malware is spreading on the company network using TCP/443 to contact its command-and-control server. The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance. Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

0 Vote Up Vote Down

Admin Staff asked 6 months ago

A new variant of malware is spreading on the company network using TCP/443 to contact its command-and-control server. The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance. Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

A. Implement a sinkhole with a high entropy level.

B. Disable TCP/53 at the perimeter firewall.

C. Block TCP/443 at the edge router.

D. Configure the DNS forwarders to use recursion.








 

Suggested Answer: A

Community Answer: A



This question is in CS0-002 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities: In which of the following phases is this APT most likely to leave discoverable artifacts?

An email analysis system notifies a security analyst that the following message was quarantined and requires further review. From: CEO@CompTIA.org

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities: In which of the following phases is this APT most likely to leave discoverable artifacts?

An email analysis system notifies a security analyst that the following message was quarantined and requires further review. From: CEO@CompTIA.org

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password