Certified Information Security Manager (CISM) — Question 31

A spear phishing attack was used to trick a user into installing a Trojan onto a workstation. Which of the following would have been MOST effective in preventing this attack from succeeding?

Answer options

• A. Application control
• B. Website blocking
• C. Internet filtering
• D. Network encryption

Correct answer: A

Explanation

Application control would have been the most effective method to prevent the installation of the Trojan by only allowing trusted applications to run, thereby blocking unauthorized software. Website blocking and internet filtering can reduce exposure to malicious sites and content, but they do not directly control what applications can be executed on the workstation. Network encryption is important for securing data in transit but does not prevent the execution of harmful software.