CompTIA Security+ (SY0-601) — Question 557

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

Answer options

• A. Network segmentation
• B. IP-based firewall rules
• C. Mobile device management
• D. Content filler

Correct answer: B

Explanation

Implementing IP-based firewall rules is the best first step as it can immediately block the malware's connection to the command-and-control server, preventing further malicious activity. Network segmentation can help limit the spread of malware but is not as immediate as firewall rules. Mobile device management and content filter are less relevant in this specific scenario focused on stopping communication with external servers.