CompTIA Security+ (SY0-501) — Question 568

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and server. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Answer options

• A. Install a NIDS device at the boundary.
• B. Segment the network with firewalls.
• C. Update all antivirus signatures daily.
• D. Implement application blacklisting.

Correct answer: B

Explanation

Segmenting the network with firewalls is the best option because it can limit the spread of malware by restricting communication between different network segments. While installing a NIDS can help detect intrusions, it does not prevent them. Daily updates of antivirus signatures are important, but they may not be sufficient to stop a worm already within the network. Application blacklisting can help control software usage, but it does not directly address the spread of malware across the network.