CompTIA Security+ (SY0-701) — Question 129

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Answer options

• A. Host-based firewall
• B. System isolation
• C. Least privilege
• D. Application allow list

Correct answer: D

Explanation

The correct answer is D, as an application allow list restricts the execution of only approved applications, significantly reducing the risk of malware installation. Options A and B provide some level of protection but do not specifically prevent the execution of unauthorized applications. Option C, while important for limiting access rights, does not directly address the installation of software.