CompTIA CySA+ (CS0-002) — Question 34

A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?

Answer options

• A. Implement a UTM instead of a stateful firewall and enable gateway antivirus.
• B. Back up the workstations to facilitate recovery and create a gold image.
• C. Establish a ransomware awareness program and implement secure and verifiable backups.
• D. Virtualize all the endpoints with daily snapshots of the virtual machines.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of educating employees about ransomware threats and ensuring that backups are secure and reliable. While options A, B, and D may enhance security measures, they do not address the root cause of user behavior and awareness that can lead to ransomware infections.