CompTIA Exam CS0-001 Topic 13 Question 29 Discussion

Actual exam question for CompTIA's CS0-001 exam

Question #: 29
Topic #: 13

Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.

Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

ABlock all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.

BBlock all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.

CBlock all outbound traffic on TCP ports 11000 to 65000 at the border gateway.

DBlock all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

Show Suggested Answer

Suggested Answer: A

by Stephane at May 07, 2022, 09:20 PM

Limited Time Offer

25%

Off

Get Premium CS0-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!