CompTIA CySA+ (CS0-002) — Question 351

A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?

Answer options

• A. Blacklist the hash in the next-generation antivirus system.
• B. Manually delete the file from each of the workstations.
• C. Remove administrative rights from all developer workstations.
• D. Block the download of the file via the web proxy.

Correct answer: D

Explanation

The correct answer is D because blocking the download via the web proxy prevents further attempts to obtain the adware-laden file, thus stopping the issue at its source. While blacklisting the hash (A) can help, it won't prevent new downloads. Manually deleting the file (B) is not a scalable solution, and removing administrative rights (C) does not address the immediate threat of downloading the file.