CompTIA Security+ (SY0-501) — Question 676

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

Answer options

• A. Install a definition-based antivirus.
• B. Implement an IDS/IPS.
• C. Implement a heuristic behavior-detection solution.
• D. Implement CASB to protect the network shares.

Correct answer: B

Explanation

Implementing an IDS/IPS (Intrusion Detection System/Intrusion Prevention System) is critical as it actively monitors network traffic for suspicious activity and can prevent the spread of malware. In contrast, a definition-based antivirus might not recognize new or evolving threats, while heuristic detection may not be as effective against already infiltrated systems. CASB is more focused on cloud security and does not address the immediate malware threat on the local network.