Certified Information Security Manager (CISM) — Question 254

An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan, which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?

Answer options

• A. Banning executable file downloads at the Internet firewall
• B. Implementing an intrusion detection system (IDS)
• C. Implementing application blacklisting
• D. Removing local administrator rights

Correct answer: D

Explanation

Removing local administrator rights is the most effective way to prevent unauthorized software installation, as it limits user permissions to install applications. While banning executable downloads and IDS can help, they do not address the root issue of user privileges. Application blacklisting can also be useful, but it may not catch all unauthorized software before it is installed.