CompTIA A+ Core 2 (220-1002) — Question 380

A company recently experienced a security incident in which an unauthorized user was able to insert a USB flash drive into a kiosk, launch a non-native OS, and deliver malicious payloads across the network.
Which of the following security measures would have been BEST to prevent the attack from being executed in the first place? (Choose two.)

Answer options

• A. Using a host-based antivirus with real-time scanning
• B. Implementing automatic screen locks after 60 seconds of inactivity
• C. Creating a strong BIOS/UEFI password
• D. Disabling AutoRun for USB devices
• E. Enabling the Secure Boot option
• F. Changing the default administrator credentials

Correct answer: C, D

Explanation

Implementing a strong BIOS/UEFI password (C) would restrict unauthorized access to the kiosk's firmware settings, preventing booting from external devices like USB drives. Disabling AutoRun for USB devices (D) would stop the automatic execution of programs from USB drives, further mitigating the risk of malware execution.