A security engineer is troubleshooting a possible virus infection, which may have spread to
multiple desktop computers within the organization. The company implements enterprise antivirus
software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus
infection. The border firewall logs show suspicious activity from multiple internal hosts trying to
connect to the same external IP address. The security administrator decides to post the firewall
logs to a security mailing list and receives confirmation from other security administrators that the
firewall logs indicate internal hosts are compromised with a new variant of the
Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the
following would have detected the malware infection sooner?
A.
The security administrator should consider deploying a signature-based intrusion detection
system.
B.
The security administrator should consider deploying enterprise forensic analysis tools.
C.
The security administrator should consider installing a cloud augmented security service.
D.
The security administrator should consider establishing an incident response team.