CompTIA Security+ (SY0-601) — Question 505

During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?

Answer options

• A. Conduct an awareness campaign on the usage of removable media.
• B. Issue a user guidance program focused on vishing campaigns.
• C. Implement more complex password management practices.
• D. Establish a procedure on identifying and reporting suspicious messages.

Correct answer: A

Explanation

The correct answer is A because the incident highlights the risks associated with removable media, emphasizing the need for user awareness to prevent similar security breaches. Options B, C, and D do not directly address the specific threat posed by the use of USB drives, making them less relevant in this context.