CompTIA CySA+ (CS0-002) — Question 347

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also sees that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

Answer options

• A. IDS signatures
• B. Data loss prevention
• C. Port security
• D. Sinkholing

Correct answer: B

Explanation

The best option to prevent future data exfiltration is Data loss prevention (DLP), as it specifically focuses on monitoring and controlling data transfers. IDS signatures primarily detect intrusions but do not prevent data loss, while port security limits network access but does not address malware threats. Sinkholing can redirect malicious traffic but may not fully protect against data exfiltration.