CompTIA CySA+ (CS0-002) — Question 113

Employees of a large financial company are continuously being infected by strands of malware that are not detected by EDR tools. Which of the following is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?

Answer options

• A. MFA on the workstations
• B. Additional host firewall rules
• C. VDI environment
• D. Hard drive encryption
• E. Network access control
• F. Network segmentation

Correct answer: C

Explanation

Implementing a VDI environment allows employees to access a secure virtual desktop that is isolated from the local workstation, reducing the risk of malware spread. The other options, while beneficial, do not provide the same level of isolation and protection from undetected malware when transferring files at client sites.