CompTIA Security+ (SY0-601) — Question 268

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company’s servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

Answer options

• A. Revoke the code signing certificate used by both programs.
• B. Block all unapproved file hashes from installation
• C. Add the accounting application file hash to the allowed list.
• D. Update the code signing certificate for the approved application.

Correct answer: A

Explanation

Revoking the code signing certificate used by both programs is the most effective way to prevent any further use of the unauthorized application, as it eliminates the trust associated with that certificate. The other options, while potentially beneficial, do not address the root issue of the compromised code signing certificate, allowing the risk to persist even if other measures are taken.