CompTIA SecurityX (CAS-005) — Question 178

A security analyst detects a possible RAT infection on a computer in the internal network. After reviewing the details of the alert, the analyst identifies the initial vector of the attack was an email that was forwarded to multiple recipients in the same organizational unit. Which of the following should the analyst do first to minimize this type of threat in the future?

Answer options

• A. Move from an anti-malware software to an EDR solution.
• B. Perform a penetration test to detect technology gaps on the anti-spam solution.
• C. Configure an IPS solution in the internal network to mitigate infections.
• D. Implement a security awareness program in the organization.

Correct answer: D

Explanation

The correct answer is D, as implementing a security awareness program educates employees about phishing and social engineering tactics, reducing the chances of falling victim to such attacks. Options A, B, and C, while helpful in certain contexts, do not directly address the human factor that often leads to successful RAT infections initiated by malicious emails.