CompTIA Security+ (SY0-601) — Question 138

A well-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

Answer options

• A. Configuring signature-based antivirus to update every 30 minutes
• B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion
• C. Implementing application execution in a sandbox for unknown software
• D. Fuzzing new files for vulnerabilities if they are not digitally signed

Correct answer: C

Explanation

The correct answer is C because running unknown software in a sandbox allows for safe execution without risking the entire system, effectively isolating potential threats. Option A is less effective as signature-based antivirus may not detect new custom malware. Option B improves email and USB security, but does not address the execution of unknown software. Option D's fuzzing approach is useful, but it does not prevent malware from executing in the first place.