CompTIA Security+ (SY0-701) — Question 52

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Answer options

• A. Place posters around the office to raise awareness of common phishing activities.
• B. Implement email security filters to prevent phishing emails from being delivered.
• C. Update the EDR policies to block automatic execution of downloaded programs.
• D. Create additional training for users to recognize the signs of phishing attempts.

Correct answer: C

Explanation

The correct answer is C because updating EDR policies to block automatic execution of downloaded programs directly mitigates the risk of malware being executed if a user inadvertently clicks on a phishing link. Option A, while helpful for awareness, does not provide immediate technical protection. Option B may help prevent phishing emails from reaching users but does not address the problem after a link is clicked. Option D enhances user training but does not provide a technical solution to reduce impact.