ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An information security team manages Windows Server 2019 instances in an Amazon EC2 Auto Scaling group that hosts an internal web application. Recently, incident responders observed repeated outbound command-and-control connections and malicious PowerShell commands executing only in memory; no suspicious binaries were found on disk. To most effectively detect and contain this fileless malware while minimizing ongoing operational effort, which action should the team take?
Use AWS Systems Manager Automation to run nightly full-disk signature-based antivirus scans on every instance.
Install a host-based endpoint detection and response (EDR) agent that applies behavior analytics and memory scanning to detect and quarantine suspicious processes.
Activate Amazon GuardDuty to alert on unusual VPC Flow Log and DNS activity and automatically isolate any flagged instance.
Enable deep packet inspection on the VPC network firewall and block all outbound traffic that is not destined for approved domains.
Fileless malware lives primarily in memory and abuses legitimate tools (such as PowerShell), so traditional signature-based file scans are unlikely to discover it. A host-based endpoint detection and response (EDR) platform or advanced HIDS/HIPS that performs behavior analytics and memory inspection can identify anomalous process behavior and block or quarantine in-memory attacks automatically. Network-layer controls (VPC firewall rules or GuardDuty findings) may limit outbound traffic but do not detect or eradicate the in-memory payload. Regular signature scans focus on files written to disk and will probably miss the threat altogether.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is fileless malware?
Open an interactive chat with Bash
How does endpoint detection and response (EDR) help against fileless malware?
Open an interactive chat with Bash
What is the difference between signature-based and behavior-based detection?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .