Question 27:
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email. To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
Answer options:
A. email server that automatically deletes attached executables. B. IDS to match the malware sample. C. proxy to block all connections to <malwaresource>. D. firewall to block connection attempts to dynamic DNS hosts.