CompTIA A+ Core 2 (220-1002) — Question 96

A corporate fileshare holds files for multiple departments. Individual users in each department create reports that are meant to be read by the rest of the company.
Recently, a user ran a malicious executable that encrypted all of the documents on the fileshare. The software asked for money to be transferred via cryptocurrency in order to decrypt the files; however, the files were not decrypted after the company paid the ransom. Which of the following would MOST likely minimize the damage to a fileshare in this type of situation?

Answer options

• A. Enable System Restore on the file server and make frequent restore points.
• B. Disable full disk encryption on the file server.
• C. Install a next-generation firewall at the network edge.
• D. Use a host-based intrusion detection system and continuously monitor filesystem changes.
• E. Use granular file permissions on the share and follow the principle of least privilege.

Correct answer: D

Explanation

Using a host-based intrusion detection system (HIDS) to continuously monitor filesystem changes allows for the detection of unauthorized modifications, such as those caused by malware. This proactive approach can help identify and respond to threats in real-time, potentially minimizing damage. The other options either do not directly address the issue of malware detection or recovery, or may not provide adequate protection against such attacks.