A malicious group has been observed using sophisticated methods to capture private data through injection of harmful code. Which measure BEST limits this unauthorized activity across multiple systems?
Applying strict filtering on outbound connections to restrict certain data flows
Implementing real-time host-based scanning with detailed memory analysis to detect suspicious processes
Establishing an annual patch cycle for critical applications
Closing unused firewall ports to reduce system exposure
Real-time host-based scanning with memory analysis helps detect and mitigate threats that operate in-memory, such as fileless malware or injected malicious code. This method actively monitors live system activity, enabling faster isolation of suspicious behavior. Other controls like patching, port filtering, or egress rules provide layered defense but do not address the runtime execution of injected code across systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is fileless malware, and how does it differ from traditional malware?
Open an interactive chat with Bash
How does real-time host-based scanning work to identify malicious activity?
Open an interactive chat with Bash
Why are traditional defenses like patching and port filtering insufficient against injected malicious code?