Which of the following should a company deploy to prevent the execution of some types of
malicious code?
A.
Least privilege accounts
B.
Host-based firewalls
C.
Intrusion Detection systems
D.
Application white listing
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
I think of this question numerous times. I am skeptical choice B is not the correct answer.
Choice A – Least privilege accounts basically means non-administrative accounts or simply the standard user accounts. Those accounts would have NO right to run executable file. It is what exactly the question asking “prevent the execution of some types of malicious code.”
Choice B – A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a filter is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it. Log records information about the packet into a log file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required, other potentially compromised application services would be prevented from being exploited across the network.
Note: It helps preventing the malicious code ENTERING to the system. However, it does NOT prevent the execution of some types of malicious code if the user has administrative right.
Choice C is definitely wrong because it is intrusion DETECTION system, not intrusion PREVENTION system.
Choice D – Application white listing provides the similar function as host-based firewall (choice B( in this situation. It helps preventing the malicious code ENTERING to the system. However, it does NOT prevent the execution of some types of malicious code if the user has administrative right.
I read a Microsoft book long time ago. The main difference between admin and standard user account is running executable files. I think A makes more sense. Let me put it this way, if you choose B be the right answer, why choice D is incorrect?
1
0
I think “prevent the execution” is the key phrase here. It draws my attention to A.
0
0
it’s D
https://www.asd.gov.au/publications/protect/application_whitelisting.htm
1
0
It is correct that by using A “Those accounts would have NO right to run executable file. It is what exactly the question asking “prevent the execution of some types of malicious code.”” . But it will not stop people with admin rights running the file. Also there is not filter in place from stopping wrong executables from coming into the system.
I still think is D – as all the executable files would be managed this way, and only the approved ones will be able to be executed.
0
0