A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-and-control servers on the internet and SSL Forward Proxy Decryption is not enabled.
Which component once enabled on a perirneter firewall will allow the identification of existing infected hosts in an environment?
A . Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole
B . File Blocking profiles applied to outbound security policies with action set to alert
C . Vulnerability Protection profiles applied to outbound security policies with action set to block
D . Antivirus profiles applied to outbound security policies with action set to alert
Answer: A
Leave a Reply