CompTIA CySA+ (CS0-002) — Question 36

Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

Answer options

• A. Deploying HIPS to block malicious ActiveX code
• B. Installing network-based IPS to block malicious ActiveX code
• C. Adjusting the web-browser settings to block ActiveX controls
• D. Configuring a firewall to block traffic on ports that use ActiveX controls

Correct answer: C

Explanation

The correct answer is C because adjusting the web-browser settings to block ActiveX controls directly prevents them from running, thereby mitigating the risk of malicious code. Options A and B focus on detection and blocking after the fact, which isn't as proactive. Option D does not directly address ActiveX controls but rather focuses on traffic management, which may not prevent execution of harmful code already allowed by the browser.