Exam CISM topic 1 question 74 discussion

Application white listing

D. Removing local administrator rights is a proactive security measure that can significantly reduce the risk of unauthorized software installations and is considered a best practice in security hygiene.

D, remove local admin prevent installation of tools. Not C as you can't blacklist what you don't know. Unless is blocked all and use whitelist policy

you can sometimes install a software without admin rights: Installing software without admin rights can have some security implications. First, the software may not be able to make system-wide changes that require admin permissions. Additionally, the software may not be able to access certain system files or settings that are only available to admin users.

sure d

D. Removing local administrator rights is a proactive security measure that can significantly reduce the risk of unauthorized software installations and is considered a best practice in security hygiene.

To best prevent the installation of unauthorized software that contains a Trojan and uploads data to an unknown external party, the organization should implement application blacklisting. Application blacklisting is a security control that involves identifying and blocking specific applications or software from being installed or executed on workstations or devices within the organization's network. It maintains a list of unauthorized or high-risk applications that are prohibited from being installed or run. By implementing application blacklisting, the organization can prevent the installation of unauthorized software by blocking the specific software or applications known to be high-risk or unauthorized. This control helps protect against malicious software, such as Trojans, that can compromise the security of the organization's systems and data.

D. Removing local administrator rights

D first, then C

D. Removing local administrator rights would have BEST prevented the installation of the unauthorized software. This would have limited the ability of the Trojan to install itself on the workstations by limiting the user's ability to install software without proper approval.