CompTIA CySA+ (CS0-001) — Question 139

Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization's workstation devices?

Answer options

• A. Remove local administrator privileges.
• B. Configure a BIOS-level password on the device.
• C. Install a secondary virus protection application.
• D. Enforce a system state recovery after each device reboot.

Correct answer: A

Explanation

Removing local administrator privileges is the most effective way to prevent Bootkit infections because it limits the ability of malware to make changes to the system. A BIOS-level password can add a layer of security but does not directly prevent infections, while installing a secondary virus protection application may not be effective against such advanced threats. Enforcing a system state recovery after each reboot does not address the root cause and could lead to data loss.