CompTIA Security+ (SY0-501) — Question 807

An organization has the following written policies:
✑ Users must request approval for non-standard software installation.
✑ Administrators will perform all software installations.
✑ Software must be installed from a trusted repository.
A recent security audit identified crypto-currency software installed on one user's machine. There are no indications of compromise on this machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?

Answer options

• A. The user's machine was infected with malware; implement the organization's incident response
• B. The user installed the software on the machine; implement technical controls to enforce the written policies
• C. The crypto-currency software was misidentified and is authorized; add the software to the organization's approved list
• D. Administrators downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software.

Correct answer: B

Explanation

The correct answer is B, as it addresses the likely scenario that the user bypassed the established software installation protocols. The other options suggest external factors or misunderstandings rather than the failure to follow the policy, which indicates that stricter technical controls are necessary to ensure compliance.