CompTIA Security+ (SY0-501) — Question 980

A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an old remote vulnerability in the SMB protocol. The worm uses Nmap to identify target hosts within the company. The administrator wants to implement a solution that will eradicate the current worm and any future attacks that may be using zero-day vulnerabilities.
Which of the following would BEST meet the requirements when implemented?

Answer options

• A. Host-based firewall
• B. Enterprise patch management system
• C. Network-based intrusion prevention system
• D. Application blacklisting
• E. File integrity checking

Correct answer: C

Explanation

The correct answer, C, a Network-based intrusion prevention system, is ideal for detecting and blocking malicious traffic, including worms exploiting vulnerabilities. Options A and B do not provide the proactive defense needed against zero-day exploits, while D focuses on preventing the execution of known harmful applications, and E is more about monitoring file changes rather than preventing network-based attacks.