CompTIA CySA+ (CS0-003) — Question 424

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?

Answer options

• A. Increasing training and awareness for all staff
• B. Ensuring that malicious websites cannot be visited
• C. Blocking all scripts downloaded from the internet
• D. Disabling all staff members’ ability to run downloaded applications

Correct answer: A

Explanation

Increasing training and awareness for all staff is the best solution as it empowers employees to recognize and resist social engineering tactics. While blocking websites and scripts can reduce risk, they do not address the human factor involved in these attacks. Disabling the ability to run downloaded applications is overly restrictive and impractical, as it can hinder legitimate work activities.