Question

A user workstation was infected with a new malware variant as a result of a drive-by download. The security administrator reviews key controls on the infected workstation and discovers the following:

Antivirus Enabled
AV Engine Current
AV Signatures Auto Update
Update Status Success
Heuristic Scanning Enabled
Scan Type On Access Scanning
Malware Engine Enabled
Auto System Update Enabled
Last System Update Yesterday 2 PM
DLP Agent Disabled
DLP DB Update Poll every 5 mins
Proxy Settings Auto

Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)

A. Install HIPS
B. Enable DLP
C. Install EDR
D. Install HIDS
E. Enable application blacklisting
F. Improve patch management processes

Answer 1

The best measures to prevent a malware re-infection are enabling a Host-based Intrusion Prevention System (HIPS) and installing an Endpoint Detection and Response (EDR) solution, as they provide additional layers of security.

Step-by-step explanation:

The question asks which controls would best prevent a reoccurrence of a workstation infection by malware. In this scenario, the antivirus and malware engines were up to date, suggesting that the malware used a method that these security measures could not prevent.

Enabling Data Loss Prevention (DLP) is a strong measure to prevent sensitive data from being transmitted outside of the network, which can be useful in the case of certain malware types. However, it might not prevent the malware infection itself. Installing a Host-based Intrusion Prevention System (HIPS) could provide another layer of security by monitoring and preventing malicious activity directly on the host.

An Endpoint Detection and Response (EDR) solution typically includes continuous monitoring and response capabilities, which can be instrumental in catching and reacting to malware that exploits zero-day vulnerabilities or operates using methods not recognized by traditional antivirus signatures.