CompTIA Security+ (SY0-601) — Question 309

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.)

Answer options

• A. install DLP software to prevent data loss
• B. Use the latest version of software
• C. Install a SIEM device
• D. Implement MDM
• E. Implement a screened subnet for the web server
• F. Install an endpoint security solution
• G. Update the website certificate and revoke the existing ones
• H. Deploy additional network sensors

Correct answer: B, E, F

Explanation

The correct measures include using the latest version of software (B) to ensure vulnerabilities are patched, establishing a screened subnet (E) to isolate the web server from the rest of the network, and installing an endpoint security solution (F) to protect individual devices from threats. The other options, while beneficial in certain contexts, do not directly address the vulnerabilities presented by outdated software and inadequate network segmentation.