Question

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?

A. Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.

B. Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

C. Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.

D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

----------------------------------------------------------------------------------------------

The help desk informed a cyber security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

Locky.js

xerty.ini

xerty.lib

Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

A. Disable access to the company VPN.

B. Add the URL included in the .js file to the company’s web proxy filter.

C. Set permissions on file shares to read-only.

D. Move the files from the NAS to a cloud-based storage solution.

I need EXPERT answers and explanations for a thumbs up. Thanks

Answer 1

First Question:

Option (B) is the correct answer.

In order to fulfill the requirement of traffic monitoring (both incoming and outgoing), the utilization of network intrusion detection system (NIDS) to monitor the external gateway router interface is required. For certain types of content blocking, this is the optimal option for a firewall installation on the internal interface, where ACLs can be formed for the specific traffic types.

Option (A) is incorrect as IP filtering will not fulfill the requirement of the organization.

Option (C) is incorrect as IDS installation will not fulfill the requirement of the organization.

Option (D) is incorrect as IPS installation will not fulfill the requirement of the organization.

Second Question:

Option (D) is the correct answer.

To prevent data on the company NAS (Network-attached storage) from being encrypted by infected devices the files should be moved from the NAS to a cloud-based storage solution in order to protect the file's integrity and security. Since a ransomware is being installed, so we should protect the files from being modified. Also, no one should open these files.

Option (A) is incorrect as access disabling to company's VPN will not resolve a ransomware problem (the access is already there).

Option (B) is incorrect as adding the URL included in the .js file to the company’s web proxy filter will not resolve the problem (the address can still be recovered).

Option (C) is incorrect as changing the permission is not possible in the given scenario.

Please comment in case of any doubt.
Please upvote if this helps.