CompTIA Security+ (SY0-601) — Question 373

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Answer options

• A. Host-based firewall
• B. System isolation
• C. Least privilege
• D. Application allow list

Correct answer: D

Explanation

The correct answer is D, as an Application allow list ensures that only approved applications can be installed and run, thereby significantly reducing the risk of malware installation. The other options, while helpful in their own ways, do not specifically limit application installation and execution in the same effective manner as an allow list does.