CompTIA Security+ (SY0-601) — Question 501

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

Answer options

• A. Install a definition-based antivirus.
• B. Implement an IDS/IPS.
• C. Implement a heuristic behavior-detection solution.
• D. Implement CASB to protect the network shares.

Correct answer: C

Explanation

The correct answer is C because heuristic behavior-detection solutions can identify and block malware based on its behavior rather than relying on known definitions, making it effective against new or evolving threats. Options A and B focus on traditional detection methods which may not catch previously unknown malware, while D relates to cloud access security and does not directly address the immediate workstation infection.